2017-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.5.16 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cert.c, lib/ext/status_request.c: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: avoid usage of function introduced in
	3.6.0 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, m4/hooks.m4: bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-09-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/buffers.c: cmp_hsk_types: fixed check for SSLv2 hello Previously, if SSLv2 hello support was disabled, the check for the
	expected TLS message was incorrect.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/certtool: tests: check fingerprint generation
	with SHA512 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: allow using --fingerprint with sha384 or
	sha512 Resolves #295 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c: signature: on client side, only select a
	non-enabled signature if none match That amends commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4: "On
	client side allow signing with the signature algorithm of our cert That allows to sign for example with DSA-SHA1 as client even if we
	do not allow DSA-SHA1 as signature algorithm for server's
	certificate. This allows to use a deprecated certificate without
	enabling deprecated algorithms globally." Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume.c: tests: enhanced resumption checks with same and
	different SNI Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/db.c, lib/ext/server_name.c, lib/ext/server_name.h: server
	name: refuse to resume a session which server name doesn't match That is, follow the RFC6066 requirement that server: "MUST NOT
	accept the request to resume the session if the server_name
	extension contains a different name." Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-21  Thomas Klute <thomas2.klute@uni-dortmund.de>

	* lib/ext/server_name.c: Ensure the SNI extension is parsed during
	cache-based resumption This patch changes the parse_type of the SNI extension to
	GNUTLS_EXT_MANDATORY to ensure it is parsed during every handshake.  With SNI previously classified as GNUTLS_EXT_APPLICATION, GnuTLS
	servers ignored the SNI extension when resuming a TLS session from
	cache, because "application" level extensions are skipped during
	resumption. As a result, gnutls_server_name_get() always returned
	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when called on the resumed
	session, breaking virtual server systems.  According to RFC 6066, Section 3 the SNI extension must be parsed on
	session resumption if implemented at all:   "A server that implements this extension MUST NOT accept the
	  request to resume the session if the server_name extension
	  contains a different name." This change allows applications using GnuTLS to match SNI data on
	resumed sessions.  Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>

2017-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-repro-20170915.h,
	tests/dtls-repro-20170915.c: tests: added reproducer for DTLS
	infinite loop Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/priority_options.gperf: 
	priority_options.gperf: modified for gperf 3.1 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdhe.c: ecdh: return more appropriate error code on
	empty packet This makes tlsfuzzer's test-x25519 detect the right error code on
	empty message. Previously this issue was masked by our refusal to
	accept 1-byte sized fragments.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/buffers.c: parse_handshake_header: allow 1-byte sized
	fragments Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-09-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main-openssl: tests: added reproducer for
	safe renegotiation failure with openssl Relates #259 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/handshake.c, lib/handshake.h, lib/sslv2_compat.c: handshake:
	check SCSVs prior to resuming a session This ensures that extensions which are also available as SCSVs are
	parsed prior to resuming a session. This resolves an issue with
	openssl sending SCSV instead of an extension for the safe
	renegotiation.  Resolves #259 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-31  Avinash Sonawane <rootkea@gmail.com>

	* src/cli-debug-args.def: cli-debug-args.def: Fix typo Signed-off-by: Avinash Sonawane <rootkea@gmail.com>

2017-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11.sh: tests: check whether generated private
	keys are marked private Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11.sh: tests: added unit test of p11tool with
	--set-pin Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11.sh: tests: check whether generated or
	copied keys are marked as sensitive Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c, src/p11tool-args.def: p11tool: allow obtaining PIN
	from command line on operations Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: explicitly mark generated keys as sensitive Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: disable hardware acceleration on
	aarch64/ilp32 mode Our included assembly code for aarch64 is not suitable for that data
	mode.  Resolves #252 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: _gnutls_recv_server_certificate_status:
	use the same type in subtracted values This ensures that there are no issues with subtracting those values.
	Note that the second is read from an uint24_t and thus it is always
	positive regardless its type.  Relates #245 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/srp_kx.c: _gnutls_proc_srp_client_kx: use same type in
	subtracted values This ensures that there are no issues with subtracting those values.
	Note that the second is read from an uint16_t and thus it is always
	positive regardless its type.  Relates #244 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c, src/certtool-common.h: certtool: eliminated
	unused variable Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: x509: when importing the old FIPS186-4 format
	set the provable flags Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/key_encode.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: x509: never output
	our custom FIPS186-4 format Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/provable-privkey: tests: check whether validation
	parameters are lost on key re-import Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/provable-dsa2048-fips.new.pem,
	tests/cert-tests/data/provable-dsa2048.new.pem,
	tests/cert-tests/data/provable2048.new.pem,
	tests/cert-tests/data/provable3072.new.pem,
	tests/cert-tests/provable-privkey-new: tests: backported provable
	privkey testing with PKCS#8 files Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-args.def: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-08-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: provable private keys are always
	exported in PKCS#8 form That allows the provable parameters to be included.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/prov-seed.c,
	lib/x509/prov-seed.h, lib/x509/x509_int.h: x509: store and read
	provable seed in PKCS#8 form of key Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-08-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/attributes.c,
	lib/x509/attributes.h, lib/x509/crq.c: x509: separated PKIX1
	attributes parsing code for cert request handling This allows other code to utilize it.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509.c: parse_pem_cert_mem: fixed issue resulting to accessing
	past the input data Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-07-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/record.c: record: added sanity checking in the record layer
	version copy Previously we assumed that an active session had always a version
	set, however there have been reports of evolution crashing in that
	particular point. Although, this could have been due to memory
	corruption, be careful and check for invalid input.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: gnutls-serv: allow receiving requests up to 16kb This makes gnutls-serv useful for few tlsfuzzer test cases.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cipher.c: decryption: use the same error code on all cases This eases testing using tlsfuzzer.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-07-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/includes/gnutls/gnutls.h.in: doc:
	updated documentation on client authentication [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: released 3.5.14 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp.c: OCSP: find_signercert: improved DER length
	calculation Previously we were assuming a fixed amount of length bytes which is
	not correct for all possible lengths. Use libtasn1 to decode the
	length field.  Resolves: #223 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: OCSP: check the subject public key identifier
	field to figure issuer Normally when attempting to match the 'Responder Key ID' in an OCSP
	response against the issuer certificate we check (according to
	RFC6960) against the hash of the SPKI field. However, in few
	certificates (see commit: "added ECDSA OCSP response verification"),
	that may not be the case. In that certificate, that value matches
	the Subject Public Key identifier field but not the hash.  To account for these certificates, we enhance the matching to also
	consider the Subject Public Key identifier field.  Relates: #223 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp-tests/Makefile.am,
	tests/ocsp-tests/certs/cert-akamai.com.pem,
	tests/ocsp-tests/ocsp-ecdsa-test: tests: added ECDSA OCSP response
	verification Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .travis.yml: .travis.yml: do not fail on brew install failures brew install seems to fail on several occasions when a newer package
	is available than the installed. Ignore those errors rather than
	failing build.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/gnutls-cli-save-data.sh: tests: added
	check on saving certs and OCSP responses Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: gnutls-cli: save OCSP response at the time certificate
	is saved That ensures that we always save the OCSP response, even when
	certificate verification fails.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: removed unused variables Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp_output.c: ocsp: print response's signature algorithm
	in compact listing Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: be less verbose in OCSP error messages Previously we were reporting "No issuer found" if any certificate in
	a chain could not be verified. That was confusing information and
	not strictly necessary. No longer print that.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: gnutls-cli: improved error message of OCSP
	failure Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs11/pkcs11-mock.c: tests: pkcs11-mock: backported module
	from master Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert.c: gnutls_certificate_verification_status_print: mention
	OCSP in error messages [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/pkcs11/pkcs11-mock-ext.h,
	tests/pkcs11/pkcs11-mock.c,
	tests/pkcs11/pkcs11-privkey-safenet-always-auth.c: tests: added unit
	test for safenet protectserver HSM's PKCS#11 support That is, detect whether the absence of C_Login on a token, will
	result to C_Sign or C_Decrypt to a login using CKU_USER.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
	simplified pkcs11_login() By cleanups, as well as including the reauth flag in the flags
	option.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11: the
	GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
	a login will be forced. This allows operation on the safenet HSMs
	which do not set that flag.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_privkey.c: Handle specially safenet HSMs
	which request explicit authentication These HSMs return CKR_USER_NOT_LOGGED_IN on the first private key
	operation, instead of using CKA_ALWAYS_AUTHENTICATE or similar.
	Detect that state and retry login with CKU_USER.  See discussion in https://github.com/OpenSC/libp11/issues/160 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: ocsp: added sanity check in returned length This addresses:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1492 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-intro-tls.texi: doc: added/modernized text on AEAD ciphers
	[ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: FreeBSD system is no longer
	available; disabling for CI [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_write.c: pkcs11: do not set leading zeros when writing
	integers Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: improved error message when
	public key cannot be figured [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am: tests: corrected typo in makefile Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: released 3.5.13 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: fix DER export with --p7-info Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-tests/Makefile.am,
	tests/cert-tests/data/openssl-invalid-time-format.pem,
	tests/cert-tests/tolerate-invalid-time, tests/strict-der.c: tests:
	added unit test to verify that certificates with non-DER strict time
	fields are accepted Also removed the old strict compliance DER test.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.h: Tolerate DER time encoding errors It seems that openssl generated certificates may contain invalid
	formatted times, and gnutls will no longer parse them. Ignore such
	formatting errors when DER decoding.  We should reconsider this in the future (#207) Resolves #196 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c: GNUTLS_E_INSUFFICIENT_SECURITY: moved to fatal
	errors Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c, lib/minitasn1/element.c,
	lib/minitasn1/errors.c, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c: libtasn1: updated to 4.11 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/scripts/common.sh, tests/slow/Makefile.am,
	tests/slow/test-ciphers-common.sh, tests/slow/{test-hash-large =>
	test-hash-large.sh}: tests: skip x86-specific tests when not in x86 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: warn when building as static library [ci
	skip] Relates #203 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: 
	gnutls_ocsp_status_request_enable_client: documented requirements
	for parameters That is, the fact that extensions and responder_id parameters must
	be allocated, and are assigned to the session.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: ext/status_request: Removed the parsing
	of responder IDs from client extension These values were never used by gnutls, nor were accessible to
	applications, and as such there is not reason to parse them.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: ext/status_request: ensure response IDs
	are properly deinitialized That is, do not attempt to loop through the array if there is no
	array allocated.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-selftests.c: self-tests: limit compatibility API checks
	to vectors with plaintext Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/cipher-override.c: tests: on cipher override do not run
	the compatibility checks That is, because we introduce a cipher using the new AEAD API which
	does not provide compatibility hooks.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c, lib/includes/gnutls/self-test.h: 
	self-tests: introduced flag GNUTLS_SELF_TEST_FLAG_NO_COMPAT This allows skipping the compatibility APIs when running self tests.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
	lib/includes/gnutls/self-test.h: self-tests: all parameter was
	replaced by flags This allows to introduce more options than just check all ciphers.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/aarch64/aes-gcm-aarch64.c: aarch64: fix AES-GCM
	in-place encryption and decryption Resolves #204 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: crypto: self-tests: enhance to include
	compatibility APIs That is, run the compatibility gnutls_cipher_* APIs on self tests
	for AEAD ciphers in addition to the AEAD API.  Relates #204 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphers.c, lib/crypto-api.c, lib/gnutls_int.h: 
	crypto-api: refuse to run gnutls_cipher_init() in full AEAD modes That is, there are AEAD modes like CCM that can only be used through
	the AEAD API. Always refuse calls to gnutls_cipher_init() in these
	modes.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: doc: corrected error in
	gnutls_x509_privkey_sign_data parameters [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-08  Karl Tarbe <karl.tarbe@cyber.ee>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/pkcs7-chain-endcert-key.pem,
	tests/cert-tests/data/pkcs7-chain-root.pem,
	tests/cert-tests/data/pkcs7-chain.pem,
	tests/cert-tests/pkcs7-list-sign: tests: add test for signing with
	certificate list Signing with one certificate, but includes the other certificates
	inside the PKCS#7 structure.  Signed-off-by: Karl Tarbe <karl.tarbe@cyber.ee>

2017-05-04  Karl Tarbe <karl.tarbe@cyber.ee>

	* src/certtool-args.def, src/certtool.c: certtool: allow multiple
	certificates in --p7-sign Signed-off-by: Karl Tarbe <karl.tarbe@cyber.ee>

2017-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c: find_signer: eliminate memory leak Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-14  Andreas Metzler <ametzler@bebt.de>

	* m4/hooks.m4: Fix autoconf progress message concerning heartbeat
	[ci skip]

2017-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: doc: corrected typo [ci skip] Reported by Andreas Metzler.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-callback.c: test: corrected typo preventing the run
	of openpgp test [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, m4/hooks.m4: released 3.5.12 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11x.c: pkcs11_override_cert_exts: do not use
	CKA_X_DISTRUSTED flag when retrieving This flag was introduced in order for reducing the number of
	duplicate stapled extensions returned by p11-kit. Unfortunately that
	fix was bogus and in fact it resulted to p11-kit not returning any
	stapled extensions.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, src/cli-args.c.bak, src/cli-args.h.bak,
	src/cli-debug-args.c.bak, src/danetool-args.c.bak: updated
	auto-generated files Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac: Makefile: files-update directive will
	update the auto-generated files in src/ This simplifies the update of files generated by autogen.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/sni-hostname.sh: tests: added check for
	gnutls-cli's sni-hostname option Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/cli.c: gnutls-cli: introduced --sni-hostname
	option This allows overriding the value set on the TLS server name
	indication extension.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extensions.c, lib/includes/gnutls/gnutls.h.in: gnutls.h:
	introduced flag GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL [ci skip] This flag is expected to be used by applications which handle custom
	extensions that are not currently supported in gnutls, but support
	for them may be added in the future.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/errors.h: errors.h: _gnutls_cert_log will only print on
	non-null certificates Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-28  Nicolas Dufresne <nicolas.dufresne@collabora.com>

	* lib/auth/rsa_psk.c: rsa-psk: Use the correct username datum In rsa-psk we properly request username for the case the application
	uses a callback, but later we use the username cached in the
	credentials structure. This will lead to empty username issues.  Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com>

2017-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/rsa-psk-cb.c: tests: added check for PSK
	client callback in RSA-PSK This check verifies whether gnutls_psk_client_credentials_function
	is operational, and the parameters sent are taken into account by
	the server.  Relates !364 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/{mini-rsa-psk.c => rsa-psk.c}: tests:
	simplified name of mini-rsa-psk check In addition modernize the used APIs and added explicit check on the
	received by the server username value.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/arb-extensions.csr,
	tests/cert-tests/data/arb-extensions.pem,
	tests/cert-tests/templates/arb-extensions.tmpl: tests: utilize the
	email_protection_key template option This ensures that generated certificates and requests will include
	that key purpose when the option is present.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: certtool:
	introduced the email_protection_key option This option was introduced in documentation for certtool without an
	implementation of it. It is a shortcut for option key_purpose_oid =
	1.3.6.1.5.5.7.3.4 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-05-01  Andreas Metzler <ametzler@bebt.de>

	* src/socket.c: gnutls-cli: Use CRLF with --starttls-proto=smtp.  Closes https://gitlab.com/gnutls/gnutls/issues/200

2017-05-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-idna.c: tests: don't use GNUTLS_IDNA_FORCE_2008 in
	str-idna Instead utilize the default flags to allow fallback to IDNA2003.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/hostname-check.c: tests: enhance with checks to verify that
	textual IPs are not matched That verifies that the hostname check verification function will not
	succeed if given textual IPs, and the certificate contains textual
	IPs in DNSname or in the CN fields.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/hostname-verify.c: gnutls_x509_crt_check_hostname2: no
	match dns fields against IPs Previously we were checking textual IP address matching against the
	DNS fields. This match was non-standard and was intended to work
	around few broken servers. However that also led to not evaluating
	and IP constraints for that IP. No longer follow that broken
	behavior.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-idna.c: tests: check against symbols present only in
	IDNA2003 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str-idna.c: gnutls_idna_map: fallback to IDNA2008 transitional
	encoding on failure This aligns with the behavior of firefox, which maps to IDNA2008,
	and fallbacks to IDNA2003 if that fails (e.g., mapping doesn't
	exist).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/locks.c: doc: clarifications on custom
	thread override [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac, m4/hooks.m4: bumped version [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-10  Tim Rühsen <tim.ruehsen@gmx.de>

	* devel/openssl, lib/system/fastopen.c: lib/system/fastopen: Add TCP
	Fast Open for OSX Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

2017-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/state.c: doc: removed incorrect comment Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/dh-session.c: gnutls_dh_get_pubkey: fixed operation under PSK
	authentication Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/dh.c, lib/randomart.c: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/doc.mk, lib/anon_cred.c, lib/openpgp/openpgp.c,
	lib/supplemental.c, lib/x509/crq.c, lib/x509/dn.c,
	libdane/dane-params.c: doc: fixed documentation for various function
	parameters [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/trust-store.c: tests: use gnutls_global_init instead of
	global_init The reason is to force initialization of the PKCS#11 backend, and
	thus support for any PKCS#11 trust store when setup.  This fixes
	running the test suite in Fedora.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: doc: fixed tpmtool and psktool documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509/output: do not print usage entry when
	there is none Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c, src/common.c, src/common.h: certtool:
	improved printing of the key PIN and key ID That is, on private keys use the same format when printing the
	public Key ID and public key PIN, as when printing it in
	certificates.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c, src/certtool.c, src/common.c, src/common.h: 
	certtool: print the key PIN on private and public keys Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509_b64.c: gnutls_pem_base64_encode2: do raw base64 when msg
	is NULL This change is undocumented for now (intended for 3.6.0).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/Makefile.am, tests/dtls/dtls-stress.c: tests:
	dtls-stress: use X.509 certificates instead of openpgp This will allow the test tool to operate even after openpgp
	certificates are deprecated.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-callback.c: tests: do not run tests which require
	openpgp when it is disabled Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: backported and simplified CI setup This makes builds independent by reducing interactions between
	artifacts of builds.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2017-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: released 3.5.11

2017-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/openpgp_compat.c: Added openpgp stub file That allows disabling openpgp authentication and at the same time
	retaining ABI compatibility with versions including openpgp.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/trust-store.c: tests: added basic check
	for system trust store This checks whether the gnutls_certificate_set_x509_system_trust()
	and thus the trust list equivalent function operate as expected and
	return a positive number of certificates. The test is ignored in
	systems where these functions return GNUTLS_E_UNIMPLEMENTED_FEATURE.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-04-04  David Caldwell <david@porkrind.org>

	* configure.ac, lib/Makefile.am, lib/system/certs.c: 
	gnutls_x509_trust_list_add_system_trust: Add macOS keychain support Also don't check for a default_trust_store_file in configure when
	building on macOS (unless explicitly asked to with
	--with-default-trust-store-file=xxx), because otherwise it finds
	/etc/ssl/cert.pem: This file is new (since 10.12.2?), which means
	libraries built on the newest OS version wouldn't work the same way
	on an older versions (and vice versa).  "/etc/ssl/cert.pem" also
	doesn't seem to reflect additions and deletions from the user's or
	system's trusted roots keychain (in my limited testing).  Signed-off-by: David Caldwell <david@porkrind.org>

2017-04-05  David Caldwell <david@porkrind.org>

	* lib/buffers.c, lib/buffers.h, lib/cipher.c, lib/cipher.h,
	lib/dtls-sw.c, lib/dtls.h, lib/gnutls_int.h, lib/num.c, lib/num.h,
	lib/record.c, tests/dtls-sliding-window.c: Rename uint64 to
	gnutls_uint64 to avoid conflict with macOS Signed-off-by: David Caldwell <david@porkrind.org>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: fixed newline skip code in smime-to-p7
	code Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: is_level_acceptable: ensure issuer is not
	dereferenced when null Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: guard the value of tl before
	gnutls_pkcs7_verify This utilizes assert() as it cannot be triggered in practice.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
	lib/x509/pkcs7.c, lib/x509/x509.c, lib/x509/x509_dn.c,
	lib/x509/x509_ext.c, lib/x509/x509_int.h: Avoid using
	ASN1_MAX_NAME_SIZE directly Since ASN1_MAX_NAME_SIZE refers to a single element in the asn1
	tree, it is not suitable to hold the maximum combined name. Instead
	use a local definition of MAX_NAME_SIZE, which is a multiple of the
	ASN1_MAX_NAME_SIZE.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crq.c: gnutls_x509_crq_set_challenge_password: don't
	accept null password Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c, lib/x509/key_encode.c, lib/x509/ocsp.c,
	lib/x509/pkcs7.c, lib/x509/x509_ext.c, lib/x509/x509_write.c: Mark
	with (void) the functions where the returned value is not checked
	intentionally This allows static analysers to properly warn on unchecked return
	values.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str-idna.c: removed duplicate code Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/handshake.c, lib/record.c: handshake/record: mark with
	comments all expected fall-through switches This reduces warnings from static analysers like coverity and makes
	explicit the intention.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutlsxx.cpp: gnutlsxx.cpp: fixed misleading indentation
	issues Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/heartbeat.c: doc: document intended fallthrough Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/utils.c: tests: fixed possible buffer overflow to avoid
	spurious complaints Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system_override.c: gnutls_transport_set_pull_timeout_function:
	doc update [ci skip] Clarified when this function should be set. Based on suggestion by
	Sean Greenslade.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-04-02  Andreas Metzler <ametzler@bebt.de>

	* extra/gnutls_openssl.c: Use NORMAL priority for SSLv23_*_method.  Instead of enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for
	SSLv23_*_methods.  http://bugs.debian.org/857436

2017-03-31  Matt Turner <mattst88@gmail.com>

	* tests/cert-tests/krb5-test: tests: Copy template out of ${srcdir} Otherwise, out of tree builds will fail to copy the template.  Signed-off-by: Matt Turner <mattst88@gmail.com>

2017-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/pkcs12-corner-cases: tests: added checks with
	problematic PKCS#12 files These check whether parsing of unsupported files (e.g., with
	RC2-128), will succeed. This serves as functionality check for
	gnutls_pkcs8_info.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: gnutls_pkcs8_info: do not free oid on
	GNUTLS_E_UNKNOWN_CIPHER_TYPE The documented behavior of the function was to return a valid OID in
	that case.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .travis.yml: .travis.yml: no longer install pkg-config Travis build seem to fail for some reason since pkg-config is
	already installed.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ocsp-tests/Makefile.am: ocsp-test: disable under windows This test was failing because datefudge couldn't run under win32.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ocsp-tests/ocsp-test: Revert "ocsp-test: disable under
	windows" This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc.

2017-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ocsp-tests/ocsp-test: ocsp-test: disable under windows This test was failing because datefudge couldn't run under win32.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: increase time of artifact
	expiration This allows to re-run failed builds on the depending stages during
	that time.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.pc.in: gnutls.pc: Removed P11_KIT_LIBS from
	Libs.private It was already being included in Requires.private. Reported by
	Andreas Metzler.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/gnutls.pc.in: gnutls.pc: don't include zlib
	twice in private libs

2017-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/privkey-verify-broken.c: tests: added
	unit test of gnutls_pubkey_verify_data2 override flags Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cert.c: _gnutls_check_key_cert_match: allow broken sigs That ensures that when loading a certificate pair with SHA1, when
	SHA1 is disabled will not cause the server to fail to load.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pubkey.c, lib/x509/verify.c, lib/x509/x509_int.h: Use a common
	function to decide acceptable signatures That is, ensure that results from all verification functions,
	including gnutls_pubkey_verify_data2(), will be consistent with SHA1
	and other algorithms deprecation.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: check_ocsp_response: utilize the same flags as in
	certificate verification That ensures that overrides like using broken algorithms are
	considered in OCSP validation.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/pkgconfig.sh: tests: added script to
	check pkg-config operation That is, whether the generated gnutls.pc will function for compiling
	and linking.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.pc.in: gnutls.pc: don't pass the libtool vars to
	Libs.private Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/tls-rehandshake-cert-2.c, tests/tls-rehandshake-cert.c: 
	tests: improved tls-rehandshake tests Used common definitions from cert-common.h for certificates, and
	improved error detection in tls-rehandshake-cert-2.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/tls-rehandshake-cert-3.c: tests: check
	whether a rehandshake without a cert works That is, check whether if on initial handshake the server requests a
	certificate, but on the following rehandshake he doesn't, whether
	the client behaves as expected. This tests:
	1f685db853db6e48c77c6dbde0cdf716a7303baa Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/cert-session.c, lib/gnutls_int.h,
	lib/handshake.c, lib/kx.c: handshake: reset cert request state on
	handshake init That addresses a bug which on client side on case of an initial
	handshake with a client certificate, we continue to send this
	certificate even if on rehandshake we were not requested with on.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-17  Martin Storsjo <martin@martin.st>

	* lib/includes/gnutls/openpgp.h: Avoid deprecation warnings when
	including gnutls/abstract.h Since ac3de8f5, when all openpgp functionality was deprecated, a
	library user including gnutls/abstract.h gets warnings about
	deprecated declarations, like this: gnutls/openpgp.h:328:10: warning: ‘gnutls_openpgp_recv_key_func’
	          is deprecated [-Wdeprecated-declarations]
	gnutls_openpgp_recv_key_func func) _GNUTLS_GCC_ATTR_DEPRECATED; This warning is emitted since the
	gnutls_openpgp_set_recv_key_function prototype uses the deprecated
	typedef gnutls_openpgp_recv_key_func.  By omitting the deprecation attribute from this individual typedef,
	we avoid the spurious warnings in calling code which just includes
	gnutls/abstract.h without actually using anything related to
	openpgp.  Signed-off-by: Martin Storsjo <martin@martin.st>

2017-03-15  Martin Storsjo <martin@martin.st>

	* m4/hooks.m4: Fix a typo in a variable name in an m4 script Signed-off-by: Martin Storsjo <martin@martin.st>

2017-03-14  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitlab-ci.yml, configure.ac, gl/m4/valgrind-tests.m4,
	gl/override/m4/valgrind-tests.m4.diff: build: disable valgrind tests
	by default Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-03-13  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/Makefile.am: build: tests: resolve as-needed issue with
	seccomp Incorrect ordering of -lseccomp: <snip> -Wl,--as-needed
	../lib/.libs/libgnutls.so -lseccomp ./.libs/libutils.a
	./.libs/libutils.a(seccomp.o): In function seccomp_init'
	seccomp.c:(.text+0x2b): undefined reference to `seccomp_init' <snip> Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c, lib/privkey.c: gnutls_pkcs11_privkey_init:
	document limitation on created object Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: re-open privkey session handle on
	CKR_SESSION_HANDLE_INVALID When initializing a private key operation, attempt to re-open the
	key if CKR_SESSION_HANDLE_INVALID is received.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs11/pkcs11-privkey-pthread.c: tests:
	introduced check for parallel operation (signatures) in PKCS#11 mode That is, verify that parallel signatures using a single
	gnutls_pkcs11_privkey_t context work.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
	re-open private key session inside a locked section This prevents clashes when the same operation is carried in other
	threads.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: introduced locks to PKCS#11 private
	key structure This allows to run PKCS#11 private key operations such as signing
	and decryption in parallel.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/ax_code_coverage.m4: ax_code_coverage.m4: updated [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-13  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/openpgp-certs: tests: cert-tests: openpgp-certs:
	align test redirection Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-03-13  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/suppressions.valgrind,
	tests/key-tests/suppressions.valgrind,
	tests/ocsp-tests/suppressions.valgrind,
	tests/suite/suppressions.valgrind,
	tests/suite/x509paths/suppressions.valgrind,
	tests/suppressions.valgrind: tests: suppressions.valgrind: supress
	fillin_rpath Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-03-13  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/openpgp-certs/suppressions.valgrind: tests: remove unused
	suppressions.valgrind Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-03-12  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/scripts/common.sh: tests: scripts: suppress which errors Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-11  Alex Gaynor <alex.gaynor@gmail.com>

	* lib/opencdk/keydb.c, tests/cert-tests/openpgp-cert-parser: Do not
	attempt to parse a 32-bit integer if a packet is not 4 bytes.  This addresses:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824 Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

2017-03-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-08  Alex Gaynor <alex.gaynor@gmail.com>

	* lib/opencdk/keydb.c, tests/cert-tests/openpgp-cert-parser: Do not
	attempt to parse a 32-bit integer if a packet is not 4 bytes.      This addresses:       https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737 Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

2017-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: Makefile.am: Added missing file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2017-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: execute initialization stage
	unconditionally This step is required both in tags and commit runs.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/datum.c: _gnutls_set_strdatum: always return an allocated
	string on success That prevents returning NULL to functions which require a string.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-05  Alex Gaynor <alex.gaynor@gmail.com>

	* lib/opencdk/read-packet.c, tests/cert-tests/openpgp-cert-parser: 
	Enforce the max packet length for OpenPGP subpackets as well This addresses:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

2017-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi: doc: corrected typo [ci skip] It was pointed out by morozov@eags.ru.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: added links to GNUTLS-SA-2017-3

2017-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: run tests under a FIPS140 mode
	simulation That is, in FIPS140-2/Fedora/x86_64 build, run tests under a normal
	run (when library is compiled with FIPS140-2 support but not enabled
	on run time), and also run tests under a run-time that simulates
	FIPS140-2 support.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: crypto-self-tests: modified exported
	functions to work under fips140-2 mode Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls1-2-mtu-check.c, tests/key-tests/Makefile.am,
	tests/set_x509_pkcs12_key.c, tests/x509sign-verify2.c: tests: skip
	tests which cannot be run in FIPS140-2 mode This allows the test suite to be run in FIPS140-2 mode.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pk.c: _gnutls_pk_params_copy: copy the provable algorithm used This is affected utilization of generated RSA keys under FIPS140-2
	mode which utilizes provable generation.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/priorities.c: tests: priorities: skip test in FIPS140-2 mode Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/session_ticket.c: gnutls_session_ticket_key_generate:
	fixed operation under FIPS140-2 mode Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/openpgp-cert-parser: tests: added test cases with
	invalid openpgp certs These certificates contain invalid secret key sub-packets.  These
	  trigger invalid memory accesses:
	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
	lib/opencdk/opencdk.h, lib/opencdk/read-packet.c,
	lib/openpgp/openpgp.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c: 
	opencdk: do not parse any secret keys in packet when reading a
	certificate This reduces the attack surface on the parsers, and prevents any
	bugs in the secret key parser to be exploitable by inserting secret
	key sub-packets into an openpgp certificate.  This addresses:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509/output: Cleanup in IDNA name printing That also removes the incorrect mapping to IDNA punycode when the
	input is not printable.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: increased buffer for reading from
	user This allows reading longer than 128-byte fields interactively.  The
	new limit is 512-bytes.  Relates #179 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: store critical extensions even if no
	other extension are present That is, fix a bug which prevented critical extensions to be stored
	if no other free-form extensions were specified.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: gnutls_ocsp_resp_verify_direct,
	gnutls_ocsp_resp_verify: defined flags argument That was defined to be gnutls_certificate_verify_flags, and it
	allows passing verification flags, such as flags to allow broken
	algorithms.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: is_level_acceptable: no longer checks for
	broken algorithms This is done at is_broken_allowed(), and in fact checking them in
	is_level_acceptable() creates a conflict when overrides like flag
	GNUTLS_VERIFY_ALLOW_BROKEN is used.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/verify-tofu.c: 
	gnutls_store_commitment: introduced flag
	GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN This flag allows operation of the function even with broken
	algorithms.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: verify: is_broken_allowed: account for "new"
	flag GNUTLS_VERIFY_ALLOW_BROKEN Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert This triggers an invalid memory access:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/read-packet.c: opencdk: read_attribute: account buffer
	size That ensures that there is no read past the end of buffer.  Resolves the oss-fuzz found bug:
	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: gnutls-cli-debug: fixed protocol to port discovery That is, if --starttls-proto is provided the default port selected
	will be converted to host byte order as expected.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: NEWS: fix typo [ci skip]

2017-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/scripts/Makefile.am,
	tests/scripts/starttls-common.sh, tests/starttls-ftp.sh,
	tests/starttls-lmtp.sh, tests/starttls-nntp.sh,
	tests/starttls-pop3.sh, tests/starttls-sieve.sh,
	tests/starttls-smtp.sh, tests/starttls.sh: tests: split starttls.sh
	into multiple scripts Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/data/aki-cert.pem,
	tests/cert-tests/data/arb-extensions.csr,
	tests/cert-tests/data/bmpstring.pem,
	tests/cert-tests/data/ca-no-pathlen.pem,
	tests/cert-tests/data/complex-cert.pem,
	tests/cert-tests/data/long-oids.pem,
	tests/cert-tests/data/multi-value-dn.pem,
	tests/cert-tests/data/name-constraints-ip2.pem,
	tests/cert-tests/data/no-ca-or-pathlen.pem,
	tests/cert-tests/data/template-tlsfeature.csr,
	tests/cert-tests/data/very-long-dn.pem,
	tests/cert-tests/data/xmpp-othername.pem: tests: updated to include
	the pin-sha256 in output Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dn2.c: tests: updated to take into account the pin-sha256
	oneline output Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509/output: print key PIN on oneline output That is, instead of the public key ID. The key PIN due to HPKP is
	now more widely used than hex-based key IDs.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str.c, lib/str.h, lib/x509/output.c: x509/output: print the
	public key PIN of a certificate That is, print the value used by the HPKP protocol as per RFC7469.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs11/pkcs11-import-with-pin.c: tests:
	pkcs11-import-with-pin: removed invalid conditional macro

2017-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs11/pkcs11-import-with-pin.c: tests:
	added PKCS#11 test for pin input This introduces a test on PIN input to retrieve an object using
	pin-value and pin-source (file).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: ubsan build: fixed artifacts path Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: don't warn when 'uri' is specified
	on template Reported at: https://bugzilla.redhat.com/show_bug.cgi?id=1425884 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: nettle/pk: corrected memcpy of Q in DSA params Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: backported from master branch Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: no longer use -Wframe-larger-than We do not require a specific stack size, and there is legacy code
	which utilizes large stack sizes. As such remove the warnings to
	allow for a warning free compilation.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: avoid calling memcpy will null options Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: corrected error checking in
	write_signer_id Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: make_printable_string: allow operation with
	null input Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: gnutls_int.h: include assert.h Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/openpgp-invalid5.pub,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert That triggers a heap buffer overflow:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/read-packet.c: opencdk/read-packet.c: corrected typo
	in type cast Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/read-packet.c: cdk_pkt_read: enforce packet limits That ensures that there are no overflows in the subsequent
	calculations.  Resolves the oss-fuzz found bug:
	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 Relates: #159 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-02-19  Robert Scheck <robert@fedoraproject.org>

	* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
	src/socket.c, tests/Makefile.am, tests/starttls-lmtp.txt,
	tests/starttls-nntp.txt, tests/starttls-pop3.txt,
	tests/starttls-sieve.txt, tests/starttls.sh: Add LMTP, POP3, NNTP,
	Sieve and PostgreSQL support to gnutls-cli Add LMTP (RFC 2033), POP3 (RFC 2595), NNTP (RFC 4642), Sieve (RFC
	5804) and PostgreSQL support to gnutls-cli ("--starttls-proto").  Signed-off-by: Robert Scheck <robert@fedoraproject.org>

2017-02-17  Rical Jasan <ricaljasan@pacific.net>

	* tests/scripts/common.sh: tests: Improve port-checking
	infrastructure.  The test suite unnecessarily failed on systems without netstat
	because it was assumed to be present.  Instead of simply checking
	for its presence and indicating an unsupported test, however, the ss
	utility can be used as a drop-in replacement.  When
	netstat/net-tools is not present, the ss utility from iproute2 still
	stands a fair chance of existing, and they also have similar enough
	semantics that they can be used interchangeably in the test suite.  The functions in tests/scripts/common.sh that used netstat (wait_for_port, wait_for_free_port) now use new functions,
	check_if_port_in_use and check_if_port_listening, to abstract the
	call to netstat/ss.  The eval'd variable GETPORT also used netstat,
	and has been updated accordingly.  The new port-checking functions use another new function,
	have_port_finder, which takes care of the details of selecting ss (preferred) or netstat, or fails otherwise.  Signed-off-by: Rical Jasan <ricaljasan@pacific.net> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-12  Alon Bar-Lev <alon.barlev@gmail.com>

	* doc/Makefile.am: build: doc: install images also into htmldir images are required also by the html documentation.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2017-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/gnutls.pc.in: gnutls.pc: do not include libidn2
	in Requires.private The libidn2 versions available do not include libidn2.pc, thus the
	inclusion was causing problems when using pkg-config.  Instead we
	include -lidn2 in Libs.private.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c, lib/x509/x509_int.h,
	tests/certs-interesting/cert5.der.err: x509: optimize subject
	alternative name access That reads SAN and IAN early on import, significantly reducing the
	running time of functions which iterate over the alternative names
	of a certificate, e.g., gnutls_x509_crt_check_hostname().  Relates #165 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2017-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: corrected typo

2017-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: doc:
	removed references to OpenPGP functions and enumerations Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls-guile.texi: doc: removed documentation related to
	OpenPGP and guile Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/openpgp.h: openpgp.h: all openpgp
	functionality was marked as deprecated This is to prevent new applications using that functionality.  As
	the OpenPGP certificate for HTTPS (or TLS in general) never got any
	traction, GnuTLS is the only implementation supporting it, and the
	quality of the OpenPGP supporting code is questionable, we deprecate
	that code with the intention to drop it completely when an
	opportunity is given.  Relates #102 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: document the intention of the priority
	string usage [ci skip] This documents the gnutls_set_default_priority() function, and how
	it is intended to be combined with an application that utilizes
	priority strings.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2017-02-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .travis.yml: .travis.yml: list all logs on failure Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert_verify_inv_utf8.c, tests/crq_apis.c, tests/crt_apis.c,
	tests/hostname-check-utf8.c, tests/mini-server-name.c,
	tests/set_key_utf8.c, tests/set_x509_key_utf8.c: tests: enable all
	IDNA tests when compiled with libidn2 Keep IDNA2003-only tests on the ifdef HAVE_LIBIDN.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .travis.yml: .travis.yml: updated instructions for travis builds Removed unbound and other minor fixes.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/extras/hex.h: extras/hex.h: do not use strlen as variable name That is, do not utilize a standard C function name as variable name.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url4: always return an
	initialized pointer When returning success, but no elements,
	gnutls_pkcs11_obj_list_import_url4, could have returned zero number
	of elements with a pointer that was uninitialized.  Ensure that an
	initialized (i.e., null in that case), pointer is always returned.
	Reported by Jeremy Harris.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: use libidn2 on windows builds Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-02-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/pkcs7: Address test suite failure due to timezone
	differences.  Reported by Thorsten Glaser and Andreas Metzler.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/str-idna.c: _idn2_to_unicode_8z8z: do not err on mixed IDNA
	domains That is allow domains of the form 'großes.xn--fa-hia.de'. The
	drawback is that we may not err early on invalid formatted names. We
	however delegate any such decisions to libidn2.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-01-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Updated
	auto-generated files Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str-idna.c: str-idna: improved error handling In addition to detecting input with invalid characters in
	_idn2_to_unicode_8z8z(), we also add support for case insensitive
	punycode header.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/str-idna.c: str-idna: cleanups in IDNA handling Ensure safe operation even with broken libidn2, and make sure that
	we properly allocate memory to caller, even on complex library
	configuration.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/str-idna.c, lib/str-unicode.c: Move IDNA
	functionality to str-idna.c from str-unicode.c Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/str-idna.c: tests: use the exported API for IDNA testing In addition group together the tests which require libidn2 >= 0.14.
	This allows the tests to succeed.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: tools: depend on gnutls_idna_map() instead of using
	directly libidn/libidn2 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/str-unicode.c, lib/str.h, lib/x509/output.c: Exported
	gnutls_idna_map() and gnutls_idna_reverse_map() Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added run with IDNA2003 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/str-idna.c: tests: simplified str-idna This separates the directions that are tested (utf-8 -> punycode and
	vice versa).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: added flag to force IDNA2003 That allows to compile with libidn even if libidn2 is present, and
	can be used to check IDNA2003 support.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-21  Tim Rühsen <tim.ruehsen@gmx.de>

	* INSTALL.md, README.md, configure.ac, lib/Makefile.am,
	lib/str-unicode.c, lib/str.h, src/socket.c, tests/str-idna.c: Add
	support for libidn2 (IDNA 2008 + TR46) Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

2017-01-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/heartbeat.c: heartbeat extension: doc update Document how to calculate the total TLS data transmitted.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-20  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: add Fedora/x86_64/no-tools Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-20  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitignore, configure.ac, gl/m4/valgrind-tests.m4,
	gl/override/m4/valgrind-tests.m4.diff: valgrind: support separate
	builddir for suppressions.valgrind Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-20  Alon Bar-Lev <alon.barlev@gmail.com>

	* configure.ac: configure: remove void statement Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-20  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/key-tests/illegal-rsa: tests: skip tests that requires tools
	if tools are disabled building with --disable-tools should not cause test failure.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7-crypt.c: pkcs7 decryption: addressed memory leak in
	PBES1-DES-CBC-MD5 handling Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: do not disable valgrind tests unless
	explicitly specified ... or unless we are in release build.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11.sh: tests: verify that a written
	certificate will inherit its ID from privkey That is, whether p11tool will do the right thing and figure the
	proper ID to use for a certificate object, if the public key is
	available.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: re-use ID from corresponding objects when
	writing certificates That is when writing a certificate which has a corresponding public
	key, or private key in the token, ensure that we use the same ID for
	the objects. That eases the work of someone writing objects to
	certificates, and does not require him to manually detect the object
	IDs.  Resolves #160 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/dh.c: doc: improved documentation on DH
	parameters [ci skip]

2017-01-05  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/openpgp-certs, tests/danetool.sh,
	tests/fastopen.sh, tests/key-tests/dsa,
	tests/ocsp-tests/ocsp-must-staple-connection,
	tests/ocsp-tests/ocsp-tls-connection, tests/scripts/common.sh,
	tests/starttls.sh, tests/suite/eagain.sh,
	tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl, tests/suite/testdane.sh,
	tests/suite/testpkcs11.sh, tests/suite/testrng.sh,
	tests/suite/testsrn.sh: tests: remove bash usage Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-05  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/suite/chain.sh: tests: suite: chain: support separate
	builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-05  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/crq, tests/cert-tests/krb5-test,
	tests/cert-tests/md5-test, tests/cert-tests/name-constraints,
	tests/cert-tests/othername-test, tests/cert-tests/pkcs1-pad,
	tests/cert-tests/pkcs7, tests/cert-tests/pkcs7-cat,
	tests/cert-tests/pkcs7-constraints,
	tests/cert-tests/pkcs7-constraints2, tests/cert-tests/sha3-test,
	tests/cert-tests/template-exts-test,
	tests/cert-tests/template-test, tests/cert-tests/tlsfeature-test,
	tests/ocsp-tests/ocsp-must-staple-connection,
	tests/ocsp-tests/ocsp-test, tests/ocsp-tests/ocsp-tls-connection,
	tests/rsa-md5-collision/rsa-md5-collision.sh,
	tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: skip tests that
	requires tools if tools are disabled building with --disable-tools should not cause test failure.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2016-12-31  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/aki, tests/cert-tests/certtool,
	tests/cert-tests/certtool-long-cn,
	tests/cert-tests/certtool-long-oids, tests/cert-tests/crl,
	tests/cert-tests/email, tests/cert-tests/openpgp-certs,
	tests/cert-tests/openpgp-selfsigs, tests/cert-tests/pathlen,
	tests/cert-tests/pem-decoding, tests/cert-tests/pkcs12,
	tests/cert-tests/pkcs12-utf8, tests/cert-tests/pkcs7-broken-sigs,
	tests/cert-tests/privkey-import, tests/cert-tests/provable-dh,
	tests/cert-tests/provable-dh-default,
	tests/cert-tests/provable-privkey,
	tests/cert-tests/provable-privkey-dsa2048,
	tests/cert-tests/provable-privkey-gen-default,
	tests/cert-tests/provable-privkey-rsa2048,
	tests/cert-tests/sha2-dsa-test, tests/cert-tests/sha2-test,
	tests/cert-tests/userid, tests/fastopen.sh, tests/key-tests/dsa,
	tests/key-tests/ecdsa, tests/key-tests/key-id,
	tests/key-tests/key-invalid, tests/key-tests/pkcs8,
	tests/key-tests/pkcs8-decode, tests/key-tests/pkcs8-invalid,
	tests/rfc2253-escape-test, tests/starttls.sh, tests/suite/chain.sh,
	tests/suite/crl-test, tests/suite/eagain.sh,
	tests/suite/invalid-cert.sh, tests/suite/pkcs7-cat,
	tests/suite/testdane.sh, tests/suite/testpkcs11.sh,
	tests/suite/testrandom.sh, tests/suite/testsrn.sh: tests: skip tests
	that requires tools if tools are disabled building with --disable-tools should not cause test failure.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-03  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/pkcs12, tests/cert-tests/pkcs12-utf8: tests:
	cert-tests: pkcs12 drop builddir usage sync with other tests Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.c: Disable AVX support when it is
	not supported by the CPU This mostly affects virtual systems. Reported by Frank Chen.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2017-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/cha-cert-auth.texi, doc/cha-functions.texi,
	doc/cha-gtls-app.texi, doc/cha-tokens.texi, doc/gnutls-pgp.eps,
	doc/latex/Makefile.am: doc: removed documentation related to OpenPGP Also added section explaining why OpenPGP is being deprecated.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/read-packet.c: opencdk: improved error code checking
	in the stream reading functions This ammends 49be4f7b82eba2363bb8d4090950dad976a77a3a Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2017-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-tests/Makefile.am: tests: added missing file

2017-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, m4/hooks.m4: bumped version

2017-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2017-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-01-03  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitignore: gitignore: update Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-03  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitignore: gitignore: sort() Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/read-packet.c: opencdk: added error checking in the
	stream reading functions This addresses an out of memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/data/openpgp-invalid4.pub,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert This triggers an out of memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/pubkey.c: opencdk: cdk_pk_get_keyid: fix stack
	overflow Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert This triggers a memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert This triggers a memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/read-packet.c: opencdk: read_attribute: added more
	precise checks when reading stream That addresses heap read overflows found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/openpgp-cert-parser: tests: added test case with
	invalid openpgp cert This triggers a memory error. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/openpgp-cert-parser: tests: openpgp-cert-parser:
	simplified

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12_encr.c: _gnutls_pkcs12_string_to_key: avoid
	division by zero when salt_size = 0 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_ext.c: gnutls_x509_ext_import_policies: fixed memory
	leak on error path Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: added test case with invalid X.509 cert This triggers a memory leak. Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=294 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: added test case with invalid X.509 cert Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=300 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509 output: fixed memory leak in AIA extension
	printing Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c: proc_server_kx: eliminated leak on error
	path Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=272 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am: tests: do not run key-tests under
	leak sanitizer The reason is that we cannot distinguish between a memory leak on
	application failure (which is followed by exit- thus should be
	ignored) and an address sanitizer issue (which should never be
	ignored).  As such we disable leak detection with asan and rely on
	valgrind.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/illegal-rsa: tests: illegal-rsa: don't hide stderr

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: _gnutls_x509_get_signature: fix memory leak on
	error path

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: added test case with invalid X.509
	certificate This certificate causes a memory leak while printing.  Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=280 Relates #156

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: address leak in print_altname - cert
	printing

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: added certificate to reproduce memory
	leak Found by oss-fuzz project:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=299 Relates #156

2017-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: status_request: eliminated leak on error
	path Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2016-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitmodules: submodules: use the github mirror of openssl

2017-01-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/rsa.c: auth rsa: eliminated memory leak on pkcs-1
	formatting attack path Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/valgrind-tests.m4, gl/override/m4/valgrind-tests.m4.diff: 
	valgrind: use different exit code to signify error This allows the test suite to differentiate between valgrind and
	expected errors from tools.

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am: tests: cert-tests: force asan to
	return an error code other than one on failure

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: gnutls_pkcs8_info: addressed memory leak
	on error path

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: pkcs8_info_int: fix memory leak

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/mpi.c: wrap_nettle_mpi_modm: bail on a modulus that is
	zero Relates #156

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am, tests/key-tests/key-invalid: tests:
	added test for invalid private keys Also force asan to return an error code other than one (the normally
	expected for invalid keys).

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am, tests/key-tests/pkcs8-invalid: tests:
	added test case with invalid PKCS#8 data Issue found using oss-fuzz:   https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=363 Relates #156

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c: pkcs7 decrypt: require a valid IV size on
	all ciphers That is, do not accept the IV size present in the structure as valid
	without checking.  Relates #156

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: don't print PKCS#8 information when
	outputting DER data

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: pkcs8: pkcs8_key_info() will correctly
	detect non-encrypted files

2017-01-01  Alex Gaynor <alex.gaynor@gmail.com>

	* lib/opencdk/read-packet.c, tests/cert-tests/data/subpkt-leak.pub,
	tests/cert-tests/openpgp-cert-parser: Corrected a leak in OpenPGP
	sub-packet parsing.  Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

2016-12-30  Alex Gaynor <alex.gaynor@gmail.com>

	* lib/opencdk/read-packet.c, tests/cert-tests/openpgp-cert-parser: 
	Attempt to fix a leak in OpenPGP cert parsing.

2016-12-26  Alex Gaynor <alex.gaynor@gmail.com>

	* lib/opencdk/read-packet.c, tests/cert-tests/Makefile.am,
	tests/cert-tests/data/truncated.pub,
	tests/cert-tests/openpgp-cert-parser: Do not infinite loop if an EOF
	occurs while skipping a PGP packet Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/gnutls.texi: doc: fixed copyright date in gnutls.texi

2017-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/random.c: gnutls_rnd: document the available values of level
	[ci skip] This enables using the function by only checking the man page.

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: tests: enable all the
	ciphersuite in openssl cli for DSS checks

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: tests: don't check against
	3DES if disabled in openssl

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: tests: do not pass the
	-dhparams to openssl 1.1.0; it doesn't work

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/params.dh: tests: simplified DH params format Also switch to RFC7919 DH params.

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-common,
	tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: added common variable
	for DH parameters

2016-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-common: tests: fixed paths in compat tests

2016-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: better termination
	checking in compat tests This ensures that the exit code of all spawned processes is checked.

2016-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: improved error reporting on file error

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: changed buildroot to fedora25

2016-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: properly report unencrypted PKCS#8 keys
	in --p8-info

2016-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/priority.c: configure: introduced
	--with-priority-string option This allows specifying the priority string to be used with
	gnutls_set_default_priority() on configure time.

2016-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auto-verify.c, lib/gnutls_int.h, lib/priority.c: priorities:
	reset the profile flags when appending new flags That is, to avoid causing issues to applications calling
	gnutls_*priority_set() multiple times with different parameters. In
	that case if multiple profiles are used the outcome could be
	undefined. Now, the last call will prevail.

2016-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auto-verify.c: gnutls_session_set_verify_cert: doc update

2016-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/priority.c: Revert "priorities: set the additional verify
	flags instead of appending them" This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2.

2016-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 6c22fa8349384267e7c2ab99edea8bd43420e823 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Mon Dec 19 11:09:41 2016
	+0000

2016-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 82f132aa61edf1e663b005f8305b8e82dd028fab Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Fri Dec 16 16:19:29 2016
	+0000

2016-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 3debe362faa62e5b381b880e3ba23aee07c85f6e Author:
	Alexander Kanavin <alex.kanavin@gmail.com> Date:   Wed Dec 14
	17:42:45 2016 +0200

2016-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c: _gnutls_pkcs_raw_decrypt_data: merge all
	errors during decryption to GNUTLS_E_DECRYPTION_FAILED This makes the function's return values simpler to handle.

2016-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac: bumped version and doc update [ci skip]

2016-12-14  Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

	* configure.ac: configure.ac: remove autogen'erated files only if
	necessary Currently autogen'erated files will be removed on each call to
	configure. However this would break the build if one of previous
	make invocations have created corresponding stamp files.  Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2016-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs8-key-decode-encrypted.c,
	tests/pkcs8-key-decode.c: tests: added test for PKCS#8 encrypted key
	decoding This also verifies that the return value when attempting to decrypt
	without a password is GNUTLS_E_DECRYPTION_FAILED.

2016-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: pkcs8: ensure that the correct error
	code is returned on decryption failure

2016-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update [ci skip]

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc: updated to documentation of certtool
	[ci skip] This corrects options which incorrectly mentioned they support URLs.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/verify-high.c,
	lib/x509/verify-high2.c: x509: better documented
	gnutls_trust_list_flags_t

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am: tests: disable ASAN leak checks on suite
	tests These detect memory leaks in the tools in src/ which are not
	critical nor there is serious reason to address.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am: tests: disable ASAN leak checks on
	certificate tests These detect memory leaks in the tools in src/ which are not
	critical nor there is serious reason to address.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/long-session-id.c: tests: enhanced long-session-id test This ensures that no leaks exist during exit (to avoid asan
	failures), and that we test for the specific error code that
	gnutls_handshake() is expected to return.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/handshake.c: handshake: return GNUTLS_E_ILLEGAL_PARAMETER on
	invalid ID size This is a more sensible error code to return on invalid packet.

2016-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq-basic.c: tests: eliminate compilation warning in
	crq-basic [ci skip]

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: do not enable IDN support in
	minimal build

2016-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure.ac: use AC_CONFIG_LINKS to copy
	autogenerated files

2016-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.c.bak, src/certtool-args.h.bak,
	src/cli-args.c.bak, src/cli-args.h.bak, src/cli-debug-args.c.bak,
	src/cli-debug-args.h.bak, src/danetool-args.c.bak,
	src/danetool-args.h.bak, src/ocsptool-args.c.bak,
	src/ocsptool-args.h.bak, src/p11tool-args.c.bak,
	src/p11tool-args.h.bak, src/psktool-args.c.bak,
	src/psktool-args.h.bak, src/serv-args.c.bak, src/serv-args.h.bak,
	src/srptool-args.c.bak, src/srptool-args.h.bak,
	src/systemkey-args.c.bak, src/systemkey-args.h.bak,
	src/tpmtool-args.c.bak, src/tpmtool-args.h.bak: Added autogen
	pre-generated files into repository This allows building gnutls from git in systems without using
	autogen.

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, configure.ac: configure: added option to enable
	maintainer mode That makes normal builds, not regenerate Makefiles or configure,
	allowing for faster CI builds on second stage.

2016-11-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, README.md, devel/README.ci-runners: 
	.gitlab-ci.yml: split the CI run into stages In addition avoid re-generating images for operating systems on
	every build and use pre-built images, which are generated in the
	gnutls-build-images sub-project. That allows for faster and more
	reliable (independent of network) CI runs.

2016-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: use local libopts on x86 This works around autogen failures on x86-64 centos7 CI hosts.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: updated documentation on
	multithreading [ci skip] Resolves #154

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: list gnutls_init_flags_t [ci skip] Suggested by Tyler Burns.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq_apis.c, tests/crt_apis.c: tests: make conditional (to
	HAVE_LIBIDN) any IDN related checks This allows the test suite to successfully complete even when
	compiled without libidn.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str.h: str: do not call gnutls_assert in inline function This allows the build to succeed when compiled without libidn.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rsa-md5-collision/rsa-md5-collision.sh: tests: disable leak
	checks in rsa-md5-collision.sh

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/hostname-check-utf8.c,
	tests/hostname-check.c: tests: split and enhanced UTF-8 name checks
	from hostname-check That is, added checks to ensure that non-ASCII DNS names in
	certificates fail, and that properly encoded IDNA2003 names,
	succeed.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h,
	tests/cert_verify_inv_utf8.c, tests/utils.h: tests: added check with
	failed verification on invalid UTF-8 That is, check whether raw UTF-8 in the certificate will fail
	verification. Raw UTF-8 is prohibited by IETF PKIX (RFC5280) on a
	certificate.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-common.h: tests: updated cert with UTF8 names to
	contain proper IDNA2003 encoded names

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/email-verify.c: 
	gnutls_x509_crt_check_email type changed to unsigned This reflects the documented returned value type (bool), and allows
	the compiler to warn on accidental checks for negative value.

2016-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/email-verify.c, lib/x509/hostname-verify.c: x509: do not
	attempt to ACE encode values stored in certificates The email and hostname values are required to be in ASCII form by
	PKIX.  We instead ignore these names, if their values are outside
	the ASCII printable character set.

2016-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: removed libintl references They are no longer shipped in the build systems.

2016-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-tests/Makefile.am: tests: added missing test in dist

2016-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/starttls.sh: tests: corrected typos in starttls.sh This allows to detect chat in most systems.

2016-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am,
	tests/rsa-md5-collision/colliding-chain-md5-1.pem,
	tests/rsa-md5-collision/colliding-chain-md5-2.pem,
	tests/rsa-md5-collision/rsa-md5-collision.sh: tests: reduced the
	intermediate steps in rsa-md5-collision

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: break after finding the first libtspi It may happen that multiple versions are available on a system, and
	by using the first one we ensure, that we are using the 64-bit
	version on 64-bit system, instead of falling back to the 32-bit.

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/keygen.c: tests: added operational -sign/verify- tests in
	keygen app This will check that a generated key is immediately usable for
	operations.

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: gnutls_x509_privkey_cpy: use
	_gnutls_pk_params_copy This ensures that all fields of parameters are copied. Inspired by
	patch of Dmitry Eremin-Solenikov.

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/keygen.c: tests: enhanced keygen to include check of
	gnutls_x509_privkey_cpy

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/crl_apis.c: tests: added tests for CRL
	generation APIs

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c: x509 crl: document the nextUpdate field
	limitation

2016-12-06  Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

	* src/certtool.c, tests/cert-tests/data/arb-extensions.csr,
	tests/cert-tests/data/template-tlsfeature.csr: Don't trash DER CRQ
	output with text data Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2016-12-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c: x509 crl: Allow generation of CRLs not to
	specify a nextUpdate

2016-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2016-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-overhead.c: tests: updated overhead calculation for new
	code

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/dtls.c: DTLS: more precise overhead calculation That takes into account space available due to padding, and allows
	it to be included for use in the gnutls_get_data_mtu().  Resolves #140

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/dtls1-2-mtu-check.c: tests: added check
	for MTU calculation on DTLS 1.2

2016-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: src: clean all stamp files on 'make clean'

2016-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: search 64-bit paths for libtspi before
	32-bit paths That is, because 64-bit systems may have both 64-bit and 32-bit
	paths while 32-bit systems only the latter.

2016-12-03  James Bottomley <James.Bottomley@HansenPartnership.com>

	* lib/tpm.c: tpm: fix handling of keys requiring authorization There are several problems with the key handling in the tpm code.  The first, and most serious, is that we should make sure we
	understand the authorization requirements of a key *before* using
	it.  The reason for this is that the TPM has a dictionary attack
	defence and is programmed to lock up after a certain number of
	authorization failures (which can be very small).  If we try first
	without authorization, we may lock up the TPM.  The fix for this is
	to check whether authorization is required and supply it before
	using the key.  Secondly, if the key does require authorization but no password is
	supplied we should return immediately, since we know the TPM will
	give us an authorization error anyway.  Thirdly, we should unconditionally read the policy of the key rather
	than checking if a policy exists: Policies are tied to key objects,
	so if there is an old policy in s->tpm_key_policy, but we're
	creating a new key, the key it belonged to will be closed, meaning
	the policy will be invalid.  Fix this by always setting the policy
	each time we get a new key object.  Signed-off-by: James Bottomley
	<James.Bottomley@HansenPartnership.com>

2016-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/privkey.c, lib/tpm.c: In
	import_tpm_key_cb() fix the wrong password loop When calling import_tpm_key() once it initializes the key, but a
	second call fails due to the key being already initialized. Ensure
	that failure of import_tpm_key() leaves the key on a clear state.  Reported by James Bottomley <James.Bottomley@HansenPartnership.com>.

2016-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
	src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/basename-lgpl.c,
	src/gl/bind.c, src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
	src/gl/connect.c, src/gl/dirname-lgpl.c, src/gl/dirname.h,
	src/gl/dosname.h, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
	src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
	src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/flexmember.h,
	src/gl/float+.h, src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c,
	src/gl/fseeko.c, src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
	src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
	src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
	src/gl/getpeername.c, src/gl/getprogname.c, src/gl/getprogname.h,
	src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c,
	src/gl/inet_ntop.c, src/gl/inet_pton.c, src/gl/intprops.h,
	src/gl/itold.c, src/gl/limits.in.h, src/gl/listen.c,
	src/gl/lseek.c, src/gl/m4/00gnulib.m4,
	src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4,
	src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
	src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dirname.m4,
	src/gl/m4/double-slash-root.m4, src/gl/m4/dup2.m4,
	src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
	src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
	src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
	src/gl/m4/flexmember.m4, src/gl/m4/float_h.m4, src/gl/m4/fseek.m4,
	src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4, src/gl/m4/ftell.m4,
	src/gl/m4/ftello.m4, src/gl/m4/getaddrinfo.m4,
	src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4,
	src/gl/m4/getprogname.m4, src/gl/m4/gettime.m4,
	src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
	src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
	src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
	src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
	src/gl/m4/limits-h.m4, src/gl/m4/longlong.m4, src/gl/m4/lseek.m4,
	src/gl/m4/malloc.m4, src/gl/m4/malloca.m4, src/gl/m4/math_h.m4,
	src/gl/m4/memchr.m4, src/gl/m4/minmax.m4, src/gl/m4/mktime.m4,
	src/gl/m4/mmap-anon.m4, src/gl/m4/msvc-inval.m4,
	src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4,
	src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4,
	src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4,
	src/gl/m4/printf.m4, src/gl/m4/read-file.m4, src/gl/m4/realloc.m4,
	src/gl/m4/select.m4, src/gl/m4/servent.m4, src/gl/m4/setenv.m4,
	src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4,
	src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4,
	src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4,
	src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4, src/gl/m4/stdbool.m4,
	src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdint_h.m4,
	src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strdup.m4,
	src/gl/m4/strerror.m4, src/gl/m4/strftime.m4,
	src/gl/m4/string_h.m4, src/gl/m4/sys_select_h.m4,
	src/gl/m4/sys_socket_h.m4, src/gl/m4/sys_stat_h.m4,
	src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
	src/gl/m4/sys_uio_h.m4, src/gl/m4/time_h.m4, src/gl/m4/time_r.m4,
	src/gl/m4/time_rz.m4, src/gl/m4/timegm.m4, src/gl/m4/timespec.m4,
	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
	src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
	src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
	src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
	src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
	src/gl/minmax.h, src/gl/mktime-internal.h, src/gl/mktime.c,
	src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
	src/gl/msvc-nothrow.h, src/gl/netdb.in.h, src/gl/netinet_in.in.h,
	src/gl/parse-datetime.h, src/gl/parse-datetime.y,
	src/gl/printf-args.c, src/gl/printf-args.h, src/gl/printf-parse.c,
	src/gl/printf-parse.h, src/gl/progname.c, src/gl/progname.h,
	src/gl/read-file.c, src/gl/read-file.h, src/gl/realloc.c,
	src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c,
	src/gl/sendto.c, src/gl/setenv.c, src/gl/setsockopt.c,
	src/gl/shutdown.c, src/gl/signal.in.h, src/gl/size_max.h,
	src/gl/snprintf.c, src/gl/socket.c, src/gl/sockets.c,
	src/gl/sockets.h, src/gl/stdalign.in.h, src/gl/stdbool.in.h,
	src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdio-impl.h,
	src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strdup.c,
	src/gl/strerror-override.c, src/gl/strerror-override.h,
	src/gl/strerror.c, src/gl/strftime.c, src/gl/strftime.h,
	src/gl/string.in.h, src/gl/stripslash.c, src/gl/sys_select.in.h,
	src/gl/sys_socket.c, src/gl/sys_socket.in.h, src/gl/sys_stat.in.h,
	src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/sys_uio.in.h,
	src/gl/time-internal.h, src/gl/time.in.h, src/gl/time_r.c,
	src/gl/time_rz.c, src/gl/timegm.c, src/gl/timespec.h,
	src/gl/unistd.c, src/gl/unistd.in.h, src/gl/unsetenv.c,
	src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h,
	src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c,
	src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c,
	src/gl/xsize.h: src gl: updated

2016-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* GNUmakefile, build-aux/gendocs.sh, build-aux/pmccabe2html,
	build-aux/snippet/arg-nonnull.h, build-aux/snippet/c++defs.h,
	build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
	build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am,
	gl/alloca.in.h, gl/getdelim.c, gl/iconv_open-aix.h,
	gl/iconv_open-hpux.h, gl/iconv_open-irix.h, gl/iconv_open-osf.h,
	gl/iconv_open-solaris.h, gl/intprops.h, gl/limits.in.h,
	gl/m4/extensions.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/iconv.m4, gl/m4/limits-h.m4, gl/m4/manywarnings.m4,
	gl/m4/printf.m4, gl/m4/secure_getenv.m4, gl/m4/stdbool.m4,
	gl/m4/stdint.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
	gl/m4/sys_types_h.m4, gl/m4/wchar_h.m4, gl/secure_getenv.c,
	gl/stdint.in.h, gl/stdlib.in.h, gl/string.in.h, gl/strverscmp.c,
	gl/sys_socket.in.h, gl/sys_time.in.h, gl/tests/Makefile.am,
	gl/tests/init.sh, gl/tests/test-iconv.c, gl/tests/test-init.sh,
	gl/tests/test-intprops.c, gl/tests/test-limits-h.c,
	gl/tests/test-stdint.c, gl/tests/test-strverscmp.c,
	gl/vasnprintf.c, gl/verify.h, gl/wchar.in.h, lib/Makefile.am,
	lib/gnutls.pc.in, maint.mk: gl: removed iconv module It is no longer used by the library.

2016-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure.ac: detect trousers library on debian

2016-12-03  Andreas Metzler <ametzler@bebt.de>

	* configure.ac: Prevent unwanted linkage to -lhogweed Specify action-if-found for AC_CHECK_LIB when checking for !SuiteB
	curves to keep autoconf from adding -lhogweed to LIBS. This caused
	linkage of e.g. openssl wrapper and C++ library to -lhogweed. The
	issue only shows up if --disable-libdane is specified, since the
	dane autoconf test resets LIBS.

2016-12-02  James Bottomley <James.Bottomley@HansenPartnership.com>

	* configure.ac: Fix inability to find libtspi (trousers) on openSUSE For distro reasons, the path on openSUSE is /lib[64]/libtspi.so.1
	which the current code doesn't find.  Fix this by having it search
	all viable system library locations (/lib /lib64 /usr/lib and
	/usr/lib/lib64) Signed-off-by: James Bottomley
	<James.Bottomley@HansenPartnership.com>

2016-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: fixed output of pubkey

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c, lib/x509/x509_write.c: doc: document the
	fact that certificates and CRLs are unusable after generation They must be exported and re-imported if intended to be used for
	signing or verification.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c, lib/x509/x509_write.c: doc: no longer list
	SHA1 as a safe choice in X.509 signing

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: prevent-null termination of buffers
	allocated with fread_file() We do not know whether their allocated size allows for that
	additional null, and we do not need the null termination.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: gnutls_x509_crl_verify: always return zero on
	success Also document that in previous versions a positive number could be
	returned on success. Reported by Adrien Beraud.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-usage-ecdhe-rsa.c, tests/key-usage-rsa.c: tests:
	corrected space-tab issue

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/tls-sig.c: Improved messages and violation handling in
	signature key usage checks This will now tolerate violations in server certificate, if
	%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS is set.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/cert.c, lib/x509.c, lib/x509.h: Removed
	redundant certificate key usage checks.  There were redundant checks when a certificate was obtained, as well
	as prior to performing operations with certificates/pubkeys.  Kept
	the checks prior to operations.

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/publickey.c, lib/cert.c,
	lib/handshake.c: _gnutls_map_pk_get_pk -> _gnutls_map_kx_get_pk

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/state.c: gnutls_kx_get: allow calling the function during
	handshake Previous this function would return garbage during handshake,
	because parameters were not considered established, however there
	are valid uses of this function during it. For that reason this
	function is modified to return a correct value even during handshake
	(after a hello is being exchanged).

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: _gnutls_check_key_usage: check for invalid key
	exchange algorithm Reported by Dmitry Eremin-Solenikov.

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/key-usage-ecdhe-rsa.c,
	tests/{key-usage.c => key-usage-rsa.c}: tests: added checks on
	signature key usage violations

2016-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added docker tag on mingw builds That ensures that these builds are done on the gitlab.com runners
	which run as privileged containers (and thus have access to mount).

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: privkey: set the key parameters algorithm
	prior to returning success

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/key_decode.c: When decoding a public key ensure that
	algorithm is written in the params struct Reported by Dmitry Eremin-Solenikov.

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk: cfg.mk: disable checks for public submodule updates in CI

2016-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: do not require update to
	/proc/sys/fs/binfmt_misc to succeed In some CI systems, it is not possible to write to this filesystem,
	and they already have the wine executable registered. In the case we
	cannot write proceed to running the check and hope for the best.

2016-11-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rsa-md5-collision/rsa-md5-collision.sh: tests: use datefudge
	in rsa-md5-collision check This makes sure that any failure detected is not because of expired
	certificates, but because of MD5 being disabled.

2016-11-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, src/Makefile.am: tools: use stamp files to allow
	parallel build of autogen files Autogen seems to output on the creates files gradually, something
	that makes 'make' believe that the command is complete prior to the
	output file being fully populated. The current approach uses stamp
	files to ensure that no incomplete files are used for compilation.

2016-11-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* guile/tests/priorities.scm: guile: do not use +COMP-DEFLATE in
	priorities test This allows the test to work even in the cases where gnutls is
	compiled without zlib support.

2016-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml, cfg.mk: moved all syntax check exceptions in
	cfg.mk

2016-11-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added zlib dependency

2016-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: fixed artifacts paths for Debian
	build

2016-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-unicode.c: tests: str-unicode: check whether exceptions
	are tolerated on decryption

2016-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-unicode.c: tests: added exception and join control
	characters in str-unicode

2016-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/unistring/Makefile.am,
	lib/unistring/m4/gnulib-cache.m4, lib/unistring/m4/gnulib-comp.m4,
	lib/unistring/unictype/pr_join_control.c,
	lib/unistring/unictype/pr_join_control.h: unistring: added
	property-join-control

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/unistring/Makefile.am,
	lib/unistring/m4/gnulib-cache.m4, lib/unistring/m4/gnulib-comp.m4,
	lib/unistring/unictype/pr_default_ignorable_code_point.c,
	lib/unistring/unictype/pr_default_ignorable_code_point.h,
	lib/unistring/unictype/pr_not_a_character.c,
	lib/unistring/unictype/pr_not_a_character.h: unistring: added
	default_ignorable_code_point and not_a_character tests

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/unistring/Makefile.am,
	lib/unistring/m4/gnulib-cache.m4, lib/unistring/m4/gnulib-comp.m4,
	lib/unistring/uninorm/compat-decomposition.c,
	lib/unistring/uninorm/decomposition.c,
	lib/unistring/uninorm/nfkc.c, lib/unistring/uninorm/nfkd.c: 
	unistring: added NFKC normalization

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/unistring/unicase/special-casing-table.h,
	lib/unistring/unictype/categ_C.c, lib/unistring/unictype/categ_C.h,
	lib/unistring/unictype/categ_Cc.c,
	lib/unistring/unictype/categ_Cc.h,
	lib/unistring/unictype/categ_Cf.c,
	lib/unistring/unictype/categ_Cf.h,
	lib/unistring/unictype/categ_Cn.c,
	lib/unistring/unictype/categ_Cn.h,
	lib/unistring/unictype/categ_Co.c,
	lib/unistring/unictype/categ_Co.h,
	lib/unistring/unictype/categ_Cs.c,
	lib/unistring/unictype/categ_Cs.h,
	lib/unistring/unictype/categ_L.c, lib/unistring/unictype/categ_L.h,
	lib/unistring/unictype/categ_LC.c,
	lib/unistring/unictype/categ_LC.h,
	lib/unistring/unictype/categ_Ll.c,
	lib/unistring/unictype/categ_Ll.h,
	lib/unistring/unictype/categ_Lm.c,
	lib/unistring/unictype/categ_Lm.h,
	lib/unistring/unictype/categ_Lo.c,
	lib/unistring/unictype/categ_Lo.h,
	lib/unistring/unictype/categ_Lt.c,
	lib/unistring/unictype/categ_Lt.h,
	lib/unistring/unictype/categ_Lu.c,
	lib/unistring/unictype/categ_Lu.h,
	lib/unistring/unictype/categ_M.c, lib/unistring/unictype/categ_M.h,
	lib/unistring/unictype/categ_Mc.c,
	lib/unistring/unictype/categ_Mc.h,
	lib/unistring/unictype/categ_Me.c,
	lib/unistring/unictype/categ_Me.h,
	lib/unistring/unictype/categ_Mn.c,
	lib/unistring/unictype/categ_Mn.h,
	lib/unistring/unictype/categ_N.c, lib/unistring/unictype/categ_N.h,
	lib/unistring/unictype/categ_Nd.c,
	lib/unistring/unictype/categ_Nd.h,
	lib/unistring/unictype/categ_Nl.c,
	lib/unistring/unictype/categ_Nl.h,
	lib/unistring/unictype/categ_No.c,
	lib/unistring/unictype/categ_No.h,
	lib/unistring/unictype/categ_P.c, lib/unistring/unictype/categ_P.h,
	lib/unistring/unictype/categ_Pc.c,
	lib/unistring/unictype/categ_Pc.h,
	lib/unistring/unictype/categ_Pd.c,
	lib/unistring/unictype/categ_Pd.h,
	lib/unistring/unictype/categ_Pe.c,
	lib/unistring/unictype/categ_Pe.h,
	lib/unistring/unictype/categ_Pf.c,
	lib/unistring/unictype/categ_Pf.h,
	lib/unistring/unictype/categ_Pi.c,
	lib/unistring/unictype/categ_Pi.h,
	lib/unistring/unictype/categ_Po.c,
	lib/unistring/unictype/categ_Po.h,
	lib/unistring/unictype/categ_Ps.c,
	lib/unistring/unictype/categ_Ps.h,
	lib/unistring/unictype/categ_S.c, lib/unistring/unictype/categ_S.h,
	lib/unistring/unictype/categ_Sc.c,
	lib/unistring/unictype/categ_Sc.h,
	lib/unistring/unictype/categ_Sk.c,
	lib/unistring/unictype/categ_Sk.h,
	lib/unistring/unictype/categ_Sm.c,
	lib/unistring/unictype/categ_Sm.h,
	lib/unistring/unictype/categ_So.c,
	lib/unistring/unictype/categ_So.h,
	lib/unistring/unictype/categ_Z.c, lib/unistring/unictype/categ_Z.h,
	lib/unistring/unictype/categ_Zl.c,
	lib/unistring/unictype/categ_Zl.h,
	lib/unistring/unictype/categ_Zp.c,
	lib/unistring/unictype/categ_Zp.h,
	lib/unistring/unictype/categ_and.c,
	lib/unistring/unictype/categ_and_not.c,
	lib/unistring/unictype/categ_byname.c,
	lib/unistring/unictype/categ_byname.gperf,
	lib/unistring/unictype/categ_longname.c,
	lib/unistring/unictype/categ_name.c,
	lib/unistring/unictype/categ_none.c,
	lib/unistring/unictype/categ_of.c,
	lib/unistring/unictype/categ_of.h,
	lib/unistring/unictype/categ_or.c: unistring: included all possible
	categories for simplicity and extensibility

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-unicode.c: tests: enhanced str-unicode with more char
	sets

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c, lib/includes/gnutls/gnutls.h.in, lib/str-unicode.c: 
	gnutls_utf8_password_normalize: perform more strict check on input
	characters That is, ensure that the input characters are in the valid class of
	characters for the PRECIS FreeformClass.

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-unicode.c: tests: fixed str-unicode tests with control
	characters

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str-unicode.c: gnutls_utf8_password_normalize: avoid use of
	strlen()

2016-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs12: tests:
	added pkcs12 file with long password

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/{system/iconv.c => str-iconv.c}: renamed
	system/iconv.c -> str-iconv.c We no longer use the system's functionality for converting between
	charsets (we use libunistring), hence it is no longer suitable for
	the wrappers to stay in system/.

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: when printing ACE DNSnames ensure the
	actual name is also printed

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/str-idna.c: tests: added unit tests of of
	_gnutls_idna_reverse_map

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/str-unicode.c, lib/str.h: introduced
	_gnutls_idna_reverse_map() This function allows mapping ACE formatted domains to UTF-8.

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/output.c: Combined checks for
	printable characters

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crt_apis.c: tests: updated crt_apis to include setting UTF-8
	SAN

2016-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq_apis.c: tests: updated crq_apis to include setting UTF-8
	SAN

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str-unicode.c: gnutls_idna_map: check for printable data prior
	to mapping

2016-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/virt-san.c, lib/x509/x509_ext.c, lib/x509/x509_ext_int.h: 
	gnutls_x509_aia_set: IDNA encode when needed

2016-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c, lib/includes/gnutls/gnutls.h.in, lib/str-unicode.c,
	lib/str.h, lib/x509/crq.c, lib/x509/email-verify.c,
	lib/x509/virt-san.c, lib/x509/virt-san.h, lib/x509/x509_dn.c,
	lib/x509/x509_ext.c, lib/x509/x509_write.c: When writing alternative
	names to certificates ensure we write in ACE format

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/openssl-keyid.p7b.out, tests/cert-tests/pkcs7: 
	tests: added pkcs7 verification with struct generated from openssl
	(with keyid)

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/openssl.p7b.out, tests/cert-tests/pkcs7: 
	tests: added pkcs7 verification with struct generated from openssl

2016-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/credentials/x509/Makefile.am,
	doc/credentials/x509/cert-ecc-sign.pem: doc: added certificate for
	ECC with any purpose

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c, lib/includes/gnutls/gnutls.h.in, lib/x509/pkcs7.c: 
	pkcs7: return GNUTLS_E_PK_SIG_VERIFY_FAILED on hash mismatch In addition introduce a new error code to warn about no embedded
	data.

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-output.c: pkcs7: only print signer's issuer DN when
	DN has contents

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: added recursive discovery of structure's
	signer This uses the PKCS#7 certificate list as a pool of certificates to
	generate a certificate chain that leads to our root CAs.

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: on data verification failure log the
	signer

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/pkcs7-cat-ca.pem, tests/cert-tests/pkcs7-cat: 
	tests: added complex verification example using PKCS#7 That uses multiple intermediate certificates from the PKCS#7
	structure.

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: doc: updated
	gnutls_x509_trust_list_verify_crt2()

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: pass the verification flags down to
	gnutls_x509_trust_list_verify_crt2, in find_signer() This allows for flags like GNUTLS_VERIFY_DISABLE_TIME_CHECKS to
	apply when verifying PKCS#7 structures.

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: corrected iteration over stored
	certificates This allows to use all possibly stored certificates on chain
	discovery, not only the first.

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: added debug logging on verification
	discovery

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.h: errors.h: added _gnutls_reason_log

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.h: errors.h: added _gnutls_cert_log This log function allows to easily log the name of a certificate.

2016-11-24  Andreas Schneider <asn@samba.org>

	* src/certtool.c: certtool: One if check is enough Signed-off-by: Andreas Schneider <asn@samba.org>

2016-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c: corrected log message [ci skip]

2016-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map, lib/str-unicode.c, lib/str.h, tests/str-idna.c: 
	gnutls_idna_map was prefixed with underscore to avoid clashes with
	exported symbols

2016-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2016-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str.c, lib/x509/common.c, lib/x509/output.c: avoid the use of
	c_isascii() and use c_isprint() That latter detects correctly the printable characters we are
	interested in.

2016-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/str-idna.c: tests: added unit tests for
	gnutls_idna_map()

2016-11-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c, lib/libgnutls.map, lib/str-unicode.c,
	lib/str.h, lib/x509.c, lib/x509/Makefile.am,
	lib/x509/email-verify.c, lib/x509/gnutls-idna.h,
	lib/x509/hostname-verify.c, lib/x509/output.c,
	lib/x509/pkcs7-output.c: IDNA code re-organization That introduces the internal function gnutls_idna_map(), which
	utilizes libidn and libunistring to convert hostnames to IDNA ACE
	form.

2016-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/data/aki-cert.pem,
	tests/cert-tests/data/arb-extensions.csr,
	tests/cert-tests/data/bmpstring.pem,
	tests/cert-tests/data/ca-no-pathlen.pem,
	tests/cert-tests/data/complex-cert.pem,
	tests/cert-tests/data/gost-cert.pem,
	tests/cert-tests/data/long-oids.pem,
	tests/cert-tests/data/multi-value-dn.pem,
	tests/cert-tests/data/name-constraints-ip2.pem,
	tests/cert-tests/data/no-ca-or-pathlen.pem,
	tests/cert-tests/data/template-tlsfeature.csr,
	tests/cert-tests/data/very-long-dn.pem,
	tests/cert-tests/data/xmpp-othername.pem, tests/dn2.c: tests:
	updated outputs to reflect new fingerprint/keyid formats

2016-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/aki, tests/cert-tests/pathlen: tests: made tmp
	files unique

2016-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Align the printing of a certificate's
	fingerprint with the key ID printing

2016-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c, src/certtool-common.c: Print a key's or
	certificate's key ID with SHA256 in addition to SHA1

2016-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: address compiler warnings

2016-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-bib.texi, doc/cha-gtls-app.texi, doc/latex/gnutls.bib: 
	doc: document the RFC7613 normalization of passwords [ci skip]

2016-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, lib/unistring/Makefile.am,
	lib/unistring/array-mergesort.h, lib/unistring/limits.in.h,
	lib/unistring/m4/gnulib-cache.m4, lib/unistring/m4/gnulib-comp.m4,
	lib/unistring/stdbool.in.h, lib/unistring/stdint.in.h,
	lib/unistring/sys_types.in.h, lib/unistring/unictype.in.h,
	lib/unistring/unictype/bitmap.h, lib/unistring/unictype/categ_C.c,
	lib/unistring/unictype/categ_C.h,
	lib/unistring/unictype/categ_Cc.c,
	lib/unistring/unictype/categ_Cc.h,
	lib/unistring/unictype/categ_Cf.c,
	lib/unistring/unictype/categ_Cf.h,
	lib/unistring/unictype/categ_Cn.c,
	lib/unistring/unictype/categ_Cn.h,
	lib/unistring/unictype/categ_Co.c,
	lib/unistring/unictype/categ_Co.h,
	lib/unistring/unictype/categ_Cs.c,
	lib/unistring/unictype/categ_Cs.h,
	lib/unistring/unictype/categ_L.c, lib/unistring/unictype/categ_L.h,
	lib/unistring/unictype/categ_LC.c,
	lib/unistring/unictype/categ_LC.h,
	lib/unistring/unictype/categ_Ll.c,
	lib/unistring/unictype/categ_Ll.h,
	lib/unistring/unictype/categ_Lm.c,
	lib/unistring/unictype/categ_Lm.h,
	lib/unistring/unictype/categ_Lo.c,
	lib/unistring/unictype/categ_Lo.h,
	lib/unistring/unictype/categ_Lt.c,
	lib/unistring/unictype/categ_Lt.h,
	lib/unistring/unictype/categ_Lu.c,
	lib/unistring/unictype/categ_Lu.h,
	lib/unistring/unictype/categ_M.c, lib/unistring/unictype/categ_M.h,
	lib/unistring/unictype/categ_Mc.c,
	lib/unistring/unictype/categ_Mc.h,
	lib/unistring/unictype/categ_Me.c,
	lib/unistring/unictype/categ_Me.h,
	lib/unistring/unictype/categ_Mn.c,
	lib/unistring/unictype/categ_Mn.h,
	lib/unistring/unictype/categ_N.c, lib/unistring/unictype/categ_N.h,
	lib/unistring/unictype/categ_Nd.c,
	lib/unistring/unictype/categ_Nd.h,
	lib/unistring/unictype/categ_Nl.c,
	lib/unistring/unictype/categ_Nl.h,
	lib/unistring/unictype/categ_No.c,
	lib/unistring/unictype/categ_No.h,
	lib/unistring/unictype/categ_P.c, lib/unistring/unictype/categ_P.h,
	lib/unistring/unictype/categ_Pc.c,
	lib/unistring/unictype/categ_Pc.h,
	lib/unistring/unictype/categ_Pd.c,
	lib/unistring/unictype/categ_Pd.h,
	lib/unistring/unictype/categ_Pe.c,
	lib/unistring/unictype/categ_Pe.h,
	lib/unistring/unictype/categ_Pf.c,
	lib/unistring/unictype/categ_Pf.h,
	lib/unistring/unictype/categ_Pi.c,
	lib/unistring/unictype/categ_Pi.h,
	lib/unistring/unictype/categ_Po.c,
	lib/unistring/unictype/categ_Po.h,
	lib/unistring/unictype/categ_Ps.c,
	lib/unistring/unictype/categ_Ps.h,
	lib/unistring/unictype/categ_S.c, lib/unistring/unictype/categ_S.h,
	lib/unistring/unictype/categ_Sc.c,
	lib/unistring/unictype/categ_Sc.h,
	lib/unistring/unictype/categ_Sk.c,
	lib/unistring/unictype/categ_Sk.h,
	lib/unistring/unictype/categ_Sm.c,
	lib/unistring/unictype/categ_Sm.h,
	lib/unistring/unictype/categ_So.c,
	lib/unistring/unictype/categ_So.h,
	lib/unistring/unictype/categ_Z.c, lib/unistring/unictype/categ_Z.h,
	lib/unistring/unictype/categ_Zl.c,
	lib/unistring/unictype/categ_Zl.h,
	lib/unistring/unictype/categ_Zp.c,
	lib/unistring/unictype/categ_Zp.h,
	lib/unistring/unictype/categ_Zs.c,
	lib/unistring/unictype/categ_and.c,
	lib/unistring/unictype/categ_and_not.c,
	lib/unistring/unictype/categ_byname.c,
	lib/unistring/unictype/categ_byname.gperf,
	lib/unistring/unictype/categ_longname.c,
	lib/unistring/unictype/categ_name.c,
	lib/unistring/unictype/categ_none.c,
	lib/unistring/unictype/categ_of.c,
	lib/unistring/unictype/categ_of.h,
	lib/unistring/unictype/categ_or.c,
	lib/unistring/unictype/categ_test.c,
	lib/unistring/unictype/combiningclass.c,
	lib/unistring/uninorm.in.h,
	lib/unistring/uninorm/canonical-decomposition.c,
	lib/unistring/uninorm/composition-table.gperf,
	lib/unistring/uninorm/composition.c,
	lib/unistring/uninorm/decompose-internal.c,
	lib/unistring/uninorm/decompose-internal.h,
	lib/unistring/uninorm/decomposition-table.c,
	lib/unistring/uninorm/decomposition-table.h,
	lib/unistring/uninorm/nfc.c, lib/unistring/uninorm/nfd.c,
	lib/unistring/uninorm/normalize-internal.h,
	lib/unistring/uninorm/u-normalize-internal.h,
	lib/unistring/uninorm/u16-normalize.c,
	lib/unistring/uninorm/u32-normalize.c,
	lib/unistring/uninorm/u8-normalize.c, lib/unistring/unistr.in.h,
	lib/unistring/unistr/u-cpy.h, lib/unistring/unistr/u16-cpy.c,
	lib/unistring/unistr/u16-mbtouc-unsafe-aux.c,
	lib/unistring/unistr/u16-mbtouc-unsafe.c,
	lib/unistring/unistr/u16-mbtoucr.c,
	lib/unistring/unistr/u16-to-u8.c,
	lib/unistring/unistr/u16-uctomb-aux.c,
	lib/unistring/unistr/u16-uctomb.c, lib/unistring/unistr/u32-cpy.c,
	lib/unistring/unistr/u32-mbtouc-unsafe.c,
	lib/unistring/unistr/u32-to-u8.c,
	lib/unistring/unistr/u32-uctomb.c, lib/unistring/unistr/u8-check.c,
	lib/unistring/unistr/u8-cpy.c,
	lib/unistring/unistr/u8-mbtouc-unsafe-aux.c,
	lib/unistring/unistr/u8-mbtouc-unsafe.c,
	lib/unistring/unistr/u8-mbtoucr.c,
	lib/unistring/unistr/u8-to-u16.c, lib/unistring/unistr/u8-to-u32.c,
	lib/unistring/unistr/u8-uctomb-aux.c,
	lib/unistring/unistr/u8-uctomb.c, lib/unistring/unitypes.in.h: 
	unistring: include only the required categories In addition fix the license text of the included library.

2016-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c: server_name: log server name sent

2016-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509/output: improve log message on embedded
	null

2016-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* build-aux/snippet/unused-parameter.h: build-aux: added
	unused-parameter.h

2016-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: explicitly specify
	--with-included-unistring when needed

2016-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: hooks.m4: corrected typo

2016-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: ignore syntax-check issues caused
	by included unistring

2016-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2016-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/str-unicode.c, lib/str.h, lib/system/iconv.c,
	tests/conv-utf8.c, tests/str-unicode.c: unconditionally include
	unistring code That simplifies internationalization support, at the cost of
	including a version of libunistring, which is used on systems which
	do not ship it.

2016-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am, cfg.mk, configure.ac, lib/Makefile.am,
	lib/unistring/Makefile.am, lib/unistring/array-mergesort.h,
	lib/unistring/limits.in.h, lib/unistring/m4/00gnulib.m4,
	lib/unistring/m4/absolute-header.m4,
	lib/unistring/m4/gnulib-cache.m4,
	lib/unistring/m4/gnulib-common.m4, lib/unistring/m4/gnulib-comp.m4,
	lib/unistring/m4/gnulib-tool.m4, lib/unistring/m4/include_next.m4,
	lib/unistring/m4/inline.m4, lib/unistring/m4/libunistring-base.m4,
	lib/unistring/m4/limits-h.m4, lib/unistring/m4/longlong.m4,
	lib/unistring/m4/multiarch.m4, lib/unistring/m4/off_t.m4,
	lib/unistring/m4/ssize_t.m4, lib/unistring/m4/stdbool.m4,
	lib/unistring/m4/stdint.m4, lib/unistring/m4/sys_types_h.m4,
	lib/unistring/stdbool.in.h, lib/unistring/stdint.in.h,
	lib/unistring/sys_types.in.h, lib/unistring/unictype.in.h,
	lib/unistring/unictype/bitmap.h, lib/unistring/unictype/categ_C.c,
	lib/unistring/unictype/categ_C.h,
	lib/unistring/unictype/categ_Cc.c,
	lib/unistring/unictype/categ_Cc.h,
	lib/unistring/unictype/categ_Cf.c,
	lib/unistring/unictype/categ_Cf.h,
	lib/unistring/unictype/categ_Cn.c,
	lib/unistring/unictype/categ_Cn.h,
	lib/unistring/unictype/categ_Co.c,
	lib/unistring/unictype/categ_Co.h,
	lib/unistring/unictype/categ_Cs.c,
	lib/unistring/unictype/categ_Cs.h,
	lib/unistring/unictype/categ_L.c, lib/unistring/unictype/categ_L.h,
	lib/unistring/unictype/categ_LC.c,
	lib/unistring/unictype/categ_LC.h,
	lib/unistring/unictype/categ_Ll.c,
	lib/unistring/unictype/categ_Ll.h,
	lib/unistring/unictype/categ_Lm.c,
	lib/unistring/unictype/categ_Lm.h,
	lib/unistring/unictype/categ_Lo.c,
	lib/unistring/unictype/categ_Lo.h,
	lib/unistring/unictype/categ_Lt.c,
	lib/unistring/unictype/categ_Lt.h,
	lib/unistring/unictype/categ_Lu.c,
	lib/unistring/unictype/categ_Lu.h,
	lib/unistring/unictype/categ_M.c, lib/unistring/unictype/categ_M.h,
	lib/unistring/unictype/categ_Mc.c,
	lib/unistring/unictype/categ_Mc.h,
	lib/unistring/unictype/categ_Me.c,
	lib/unistring/unictype/categ_Me.h,
	lib/unistring/unictype/categ_Mn.c,
	lib/unistring/unictype/categ_Mn.h,
	lib/unistring/unictype/categ_N.c, lib/unistring/unictype/categ_N.h,
	lib/unistring/unictype/categ_Nd.c,
	lib/unistring/unictype/categ_Nd.h,
	lib/unistring/unictype/categ_Nl.c,
	lib/unistring/unictype/categ_Nl.h,
	lib/unistring/unictype/categ_No.c,
	lib/unistring/unictype/categ_No.h,
	lib/unistring/unictype/categ_P.c, lib/unistring/unictype/categ_P.h,
	lib/unistring/unictype/categ_Pc.c,
	lib/unistring/unictype/categ_Pc.h,
	lib/unistring/unictype/categ_Pd.c,
	lib/unistring/unictype/categ_Pd.h,
	lib/unistring/unictype/categ_Pe.c,
	lib/unistring/unictype/categ_Pe.h,
	lib/unistring/unictype/categ_Pf.c,
	lib/unistring/unictype/categ_Pf.h,
	lib/unistring/unictype/categ_Pi.c,
	lib/unistring/unictype/categ_Pi.h,
	lib/unistring/unictype/categ_Po.c,
	lib/unistring/unictype/categ_Po.h,
	lib/unistring/unictype/categ_Ps.c,
	lib/unistring/unictype/categ_Ps.h,
	lib/unistring/unictype/categ_S.c, lib/unistring/unictype/categ_S.h,
	lib/unistring/unictype/categ_Sc.c,
	lib/unistring/unictype/categ_Sc.h,
	lib/unistring/unictype/categ_Sk.c,
	lib/unistring/unictype/categ_Sk.h,
	lib/unistring/unictype/categ_Sm.c,
	lib/unistring/unictype/categ_Sm.h,
	lib/unistring/unictype/categ_So.c,
	lib/unistring/unictype/categ_So.h,
	lib/unistring/unictype/categ_Z.c, lib/unistring/unictype/categ_Z.h,
	lib/unistring/unictype/categ_Zl.c,
	lib/unistring/unictype/categ_Zl.h,
	lib/unistring/unictype/categ_Zp.c,
	lib/unistring/unictype/categ_Zp.h,
	lib/unistring/unictype/categ_Zs.c,
	lib/unistring/unictype/categ_Zs.h,
	lib/unistring/unictype/categ_and.c,
	lib/unistring/unictype/categ_and_not.c,
	lib/unistring/unictype/categ_byname.c,
	lib/unistring/unictype/categ_byname.gperf,
	lib/unistring/unictype/categ_longname.c,
	lib/unistring/unictype/categ_name.c,
	lib/unistring/unictype/categ_none.c,
	lib/unistring/unictype/categ_of.c,
	lib/unistring/unictype/categ_of.h,
	lib/unistring/unictype/categ_or.c,
	lib/unistring/unictype/categ_test.c,
	lib/unistring/unictype/combiningclass.c,
	lib/unistring/unictype/combiningclass.h,
	lib/unistring/uninorm.in.h,
	lib/unistring/uninorm/canonical-decomposition.c,
	lib/unistring/uninorm/composition-table.gperf,
	lib/unistring/uninorm/composition-table.h,
	lib/unistring/uninorm/composition.c,
	lib/unistring/uninorm/decompose-internal.c,
	lib/unistring/uninorm/decompose-internal.h,
	lib/unistring/uninorm/decomposition-table.c,
	lib/unistring/uninorm/decomposition-table.h,
	lib/unistring/uninorm/decomposition-table1.h,
	lib/unistring/uninorm/decomposition-table2.h,
	lib/unistring/uninorm/nfc.c, lib/unistring/uninorm/nfd.c,
	lib/unistring/uninorm/normalize-internal.h,
	lib/unistring/uninorm/u-normalize-internal.h,
	lib/unistring/uninorm/u16-normalize.c,
	lib/unistring/uninorm/u32-normalize.c,
	lib/unistring/uninorm/u8-normalize.c, lib/unistring/unistr.in.h,
	lib/unistring/unistr/u-cpy.h, lib/unistring/unistr/u16-cpy.c,
	lib/unistring/unistr/u16-mbtouc-unsafe-aux.c,
	lib/unistring/unistr/u16-mbtouc-unsafe.c,
	lib/unistring/unistr/u16-mbtoucr.c,
	lib/unistring/unistr/u16-to-u8.c,
	lib/unistring/unistr/u16-uctomb-aux.c,
	lib/unistring/unistr/u16-uctomb.c, lib/unistring/unistr/u32-cpy.c,
	lib/unistring/unistr/u32-mbtouc-unsafe.c,
	lib/unistring/unistr/u32-to-u8.c,
	lib/unistring/unistr/u32-uctomb.c, lib/unistring/unistr/u8-check.c,
	lib/unistring/unistr/u8-cpy.c,
	lib/unistring/unistr/u8-mbtouc-unsafe-aux.c,
	lib/unistring/unistr/u8-mbtouc-unsafe.c,
	lib/unistring/unistr/u8-mbtoucr.c,
	lib/unistring/unistr/u8-to-u16.c, lib/unistring/unistr/u8-to-u32.c,
	lib/unistring/unistr/u8-uctomb-aux.c,
	lib/unistring/unistr/u8-uctomb.c, lib/unistring/unitypes.in.h: lib:
	added unistring sub-library

2016-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files for gnutls_utf8_password_normalize()

2016-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/str-unicode.c: tests: enhanced str-unicode with
	GNUTLS_UTF8_IGNORE_ERRS flag That is, enhanced to check the tolerable variant of
	gnutls_utf8_password_normalize()

2016-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added build without libunistring

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, README.md: doc: mention the RFC7613 normalization and the
	libunistring dependency

2016-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in, lib/srp.c, lib/str-unicode.c,
	lib/str.h, lib/tpm.c, lib/x509/crq.c, lib/x509/pkcs7-crypt.c,
	lib/x509/privkey_openssl.c: tolerate non-valid UTF8 passwords when
	decrypting

2016-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crl-basic.c, tests/name-constraints-ip.c: tests: addressed
	compiler warnings

2016-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system/iconv.c: _gnutls_utf8_to_ucs2: normalize to NFC UTF16
	output

2016-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_openssl.c: openssl_hash_password: normalize the
	password prior to use

2016-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/tpm.c: TPM: normalize the password prior to use

2016-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/srp.c: _gnutls_calc_srp_sha: normalize the password prior to
	use

2016-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crq.c: gnutls_x509_crq_set_challenge_password: normalize
	the password prior to use

2016-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c, lib/includes/gnutls/gnutls.h.in, lib/str-unicode.c,
	lib/str.h, lib/x509/pkcs7-crypt.c: PKCS#7/8: normalize the password
	according to rfc7613

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls.pc.in: gnutls.pc: use the LT version of the lib
	variables

2016-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/gnutls.pc.in, lib/system/iconv.c: Use
	libunistring when present instead of iconv() That allows us to rely to a single provider for unicode
	functionality.

2016-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/str-unicode.c: tests: added unit tests
	for gnutls_utf8_password_normalize()

2016-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/str-unicode.c, lib/str.h: Added function for
	UTF-8 normalization based on RFC7613 This introduces gnutls_utf8_password_normalize() and a dependency on
	libunistring.

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am, tests/key-tests/pkcs8-invalid: tests:
	added test suite with PKCS#8 files that have invalid encryption

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c: PKCS#5,7 decryption: verify the
	correctness of padding That is, for block ciphers (i.e., cbc), verify that all the padding
	bytes match the expected contents according to RFC2898.  Relates #148

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c: PKCS#5,7 decryption: added sanity check on
	padding size Relates #148

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c: PKCS#5,7 decryption: fail without leak on
	unknown MAC

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c: PKCS#5,7 decryption: fail early on invalid
	block sizes

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c, lib/x509/privkey_pkcs8_pbes1.c,
	lib/x509/x509_int.h: PKCS#5,7 decryption: enforce limits in the
	support parameter sizes This allows to detect invalid parameters early rather than later.
	Relates #148

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files for new functions

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-output.c: pkcs7 output: use the new functions for
	DN output

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dn.c, tests/x509-dn-decode.c: tests: account for the strict
	RFC4514 compliance reversal Test the new functions only for the strict RFC4514 compliance to
	output strings, and test the old functions for the legacy format.

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp_output.c, lib/x509/output.c: x509 output: use the
	new functions for DN output

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str.c: cleanups in _gnutls_buffer_to_datum()

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: use the new APIs for DN extraction

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/dn.c: _gnutls_x509_get_dn: when no data ensure we return
	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE This aligns with the previous (prior to RFC4514 improvements)
	behavior of the function.

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/ocsp.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/ocsp.c, lib/x509/x509.c, lib/x509/x509_dn.c,
	lib/x509/x509_int.h: Introduced new functions to allow multiple DN
	parsing modes The old DN parsing functions are changed to return the original
	non-fully compliant with RFC4514 string format, while the new ones
	return the compliant string by default. This allows applications
	which relied on the previous format to continue functioning without
	changes.

2016-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: include root dir log files in all
	builds

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/gnulib-cache.m4: gl: removed invalid module name

2016-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool-common.c, src/socket.c, src/socket.h: tools: added
	explicit socket flag to skip TLS initialization This allows proper error recovery when SOCKET_FLAG_RAW is specified
	and initialize_session() fails.

2016-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug:
	terminate sessions which cannot be re-used

2016-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: sockets: only use gnutls_bye on a valid socket
	session

2016-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: p11tool: --initialize will no longer reset user PIN That is because it only resetted the user PIN and not the admin PIN,
	while at the same time it had problems to cope with the case where
	the URL changed between token initialization and PIN setting (which
	is the case if --label is provided to --initialize).

2016-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: added options to initialize a user and admin's PIN

2016-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/verify-tofu.c: gnutls_store_pubkey: document the default hosts
	format

2016-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR
	prior to returning success This will prevent verification to succeed if the system is in error
	state.

2016-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c, lib/x509/privkey.c: fips140-2: moved PCT-test in
	wrap_nettle_generate_keys This allows it to run in any potential scenario, i.e., any call of
	_gnutls_pk_generate_keys().

2016-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: use included libtasn1 in CI
	systems which do not have 4.9

2016-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: bumped the version of the minimum required libtasn1 We now require the latest version that supports OIDs with elements
	that are longer than 32-bits.

2016-07-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/certtool-long-oids,
	tests/cert-tests/data/long-oids.pem: tests: added check for the
	decoding of certificates with long OIDs That is, OIDs which have an element which exceeds 2^32.

2016-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: symbol-check: do not compare against symbols not
	exported by us

2016-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/priorities.c: tests: updated known ciphersuites test for
	CHACHA20-POLY1305 in the SECURE set

2016-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/priority.c: priorities: added CHACHA20-POLY1305 to SECURE set

2016-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.5.6

2016-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped versions

2016-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* symbols.last: symbols.last: updated auto-generated file

2016-10-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/rng-no-onload.c: tests: added test to
	ensure that gnutls_rnd() is not called during initialization

2016-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.h, lib/fips.c: doc: explicitly state that rng
	self_test mustn't require rng initialization

2016-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/psk_passwd.c, lib/auth/rsa.c, lib/auth/rsa_psk.c,
	lib/auth/srp_passwd.c, lib/cipher.c, lib/crypto-api.c,
	lib/ext/heartbeat.c, lib/ext/session_ticket.c, lib/handshake.c,
	lib/mpi.c, lib/nettle/pk.c, lib/opencdk/misc.c,
	lib/pkcs11_secret.c, lib/random.h, lib/srp.c, lib/tpm.c,
	lib/x509/pkcs12.c, lib/x509/pkcs7-crypt.c: deprecated _gnutls_rnd()
	in favor of exported gnutls_rnd()

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/global.c, lib/locks.h, lib/nettle/rnd-fips.c,
	lib/nettle/rnd.c, lib/random.c, lib/random.h: rng: split
	initialization in preinit and init This makes gnutls to initialize its random generator on the first
	call to gnutls_rnd(). That prevents blocking due to getrandom() on a
	constructor; that change allows to use gnutls-linked applications
	even in early boot in systems where getrandom() blocks waiting for
	entropy.

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c,
	lib/random.h: _gnutls_rnd_check: call _rnd_system_entropy_check
	directly

2016-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/gnutls-idna.c: x509: removed unused IDNA file

2016-11-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-11-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/handshake.c: handshake: log advertized version

2016-11-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h: algorithms.h: removed exported prototype from
	internal header

2016-11-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc update

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/multi-value-dn.pem,
	tests/cert-tests/pem-decoding: tests: added decoding of multi-value
	DN

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_dn.c: x509_dn: forbid non-supported escaped chars on
	DN encoding

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509-dn-decode.c: tests: enhanced RFC4514 with arbitrary
	escaped strings

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_dn.c: x509_dn: allow arbitrary escaped strings In addition fail encoding on unescaped '+'. We do not support it for
	DN encoding.

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/data/aki-cert.pem,
	tests/cert-tests/data/arb-extensions.csr,
	tests/cert-tests/data/bmpstring.pem,
	tests/cert-tests/data/complex-cert.pem,
	tests/cert-tests/data/gost-cert.pem,
	tests/cert-tests/data/name-constraints-ip2.pem,
	tests/cert-tests/data/no-ca-or-pathlen.pem,
	tests/cert-tests/data/template-tlsfeature.csr,
	tests/cert-tests/data/very-long-dn.pem,
	tests/cert-tests/data/xmpp-othername.pem,
	tests/cert-tests/templates/template-dn.tmpl,
	tests/cert-tests/templates/template-krb5name.tmpl,
	tests/cert-tests/templates/template-nc.tmpl,
	tests/cert-tests/templates/template-othername-xmpp.tmpl,
	tests/cert-tests/templates/template-othername.tmpl,
	tests/cert-tests/templates/template-unique.tmpl, tests/crq_apis.c,
	tests/crt_apis.c, tests/dn.c, tests/dn2.c, tests/ocsp.c,
	tests/rfc2253-escape-test, tests/suite/crl/long.pem,
	tests/suite/data/test1.cat.out, tests/x509-dn-decode.c: tests:
	modified to account for backwards-encoded DN (according to RFC4514)

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am, tests/key-tests/README: tests:
	removed old README file The description in the file had no relevance to the existing tests.

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_dn.c: gnutls_x509_crt_set_*dn,
	gnutls_x509_dn_set_str: honor the reverse property of RFC4514 When converting an RFC4514 string to a DN ensure that the elements
	are encoded in reverse order, as required by the RFC.  Resolves #111

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/dn.c: Encode string DNs backwards according to RFC4514 This makes the output string from functions such as
	gnutls_x509_crt_get*dn() to comply with RFC4514 requirements in DN
	element order.  Relates #111

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab/issue_templates/Bug.md: Updated issue templates [ci skip]

2016-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab/issue_templates/Bug.md,
	.gitlab/issue_templates/Feature.md: Added issue templates [ci skip]

2016-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2016-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am, lib/nettle/{rnd-getentropy.c =>
	sysrng-getentropy.c}, lib/nettle/{rnd-linux.c => sysrng-linux.c},
	lib/nettle/{rnd-windows.c => sysrng-windows.c}, tests/rng-sigint.c: 
	nettle: renamed system random generator-related files for clarity

2016-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/rng-pthread.c: tests: introduced checks
	for gnutls_rnd() in multi-threaded scenario

2016-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rng-fork.c: tests: introduced sanity checks in rng-fork

2016-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c: drbg-aes-self-test: corrected
	free call

2016-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/status-request-ext.c: tests: check for
	gnutls 3.3.x compatibility That is, check whether the status request extension is not sent by
	the server, if the server does not hold a status response. We
	require that behavior to be backwards compatible with gnutls 3.3.x.

2016-10-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c, lib/gnutls_int.h, lib/handshake.c,
	lib/includes/gnutls/gnutls.h.in: Reverted the behavior of sending a
	status request extension even without a response That is, we no longer reply to a client's hello with a status
	request, with a status request extension. Although that behavior
	which was introduced in 6b76e0c899b1ff08df9bd9b41588f771f050be89 is
	legal, it creates incompatibility issues with gnutls 3.3.x branch.
	That is because versions prior 3.3.26 translates the presence of the
	extension as a guarrantee that the status response data will be
	sent. Even though, that is false assumption we replicate the
	previous behavior to allow such clients to connect to a gnutls 3.5.x
	server.  Relates !66

2016-10-27  Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

	* tests/suite/Makefile.am: tests: do not enable testpkcs11.sh twice Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2016-10-22  Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

	* tests/starttls.sh: starttls: search for chat in sbin if it is not
	present in PATH Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2016-10-21  Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

	* src/libopts/m4/libopts.m4: Fix autoconf warnings in libopts.m4 Without this patch Autoconf will spam console with the following
	kind of messages: configure.ac:650: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call
	detected in body ../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is
	expanded from...  ../../lib/autoconf/general.m4:2740: _AC_RUN_IFELSE
	is expanded from...  ../../lib/m4sugar/m4sh.m4:639: AS_IF is
	expanded from...  ../../lib/autoconf/general.m4:2759: AC_RUN_IFELSE
	is expanded from...  ../../lib/m4sugar/m4sh.m4:639: AS_IF is
	expanded from...  ../../lib/autoconf/general.m4:2042: AC_CACHE_VAL
	is expanded from...  src/libopts/m4/libopts.m4:386:
	LIBOPTS_RUN_FOPEN_TEXT is expanded from...
	src/libopts/m4/libopts.m4:425: INVOKE_LIBOPTS_MACROS is expanded
	from...  src/libopts/m4/libopts.m4:560: AM_COND_IF is expanded
	from...  src/libopts/m4/libopts.m4:581: LIBOPTS_CHECK is expanded
	from...  configure.ac:650: the top level Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2016-10-22  Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

	* cfg.mk: cfg.mk: fix m4 files removal Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/long-session-id.c: tests: better check for
	gnutls_ecc_curve_get result

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/alert.c, lib/ext/signature.c: Terminate handshake if only
	unknown or disabled signatures are advertized by the peer That is, do not attempt to proceed assuming that the peer supports
	SHA-1.

2016-10-22  Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

	* tests/Makefile.am, tests/slow/Makefile.am,
	tests/slow/cipher-override2.c, tests/suite/Makefile.am: Fix
	compilation of tests if nettle is not installed in standard path Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

2016-10-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c: gnutls-cli-debug: corrected TLS1.2 detection

2016-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/examples/ex-serv-x509.c,
	lib/ext/status_request.c, lib/includes/gnutls/gnutls.h.in,
	lib/x509.c, tests/Makefile.am, tests/set_key.c,
	tests/set_x509_key.c, tests/set_x509_key_file.c,
	tests/set_x509_key_file_legacy.c,
	tests/set_x509_key_file_ocsp_multi.c,
	tests/set_x509_key_file_ocsp_multi2.c, tests/set_x509_key_utf8.c: 
	modified the gnutls_certificate_set_key* change While the change was fully backwards compatible for applications
	that were adding a single certificate, and applications that were
	checking for negative errors codes, many applications do not. As
	this may cause incompatibility issues with software properly
	utilizing the previously documented API, the change is reverted, and
	applications need to explicitly enable a flag
	(GNUTLS_CERTIFICATE_API_V2) in the credentials structure for the
	set_key functions to return an index.

2016-10-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane.sh: tests: removed nohats.ca from testdane The host seems to be unreliable.

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .travis.yml: .travis.yml: use as many jobs as CPUs in OSX

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .travis.yml: .travis.yml: do not run the public submodule checks
	of maint.mk These seem to be problematic to detect modification and are
	preventing the CI from operating.

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .travis.yml: .travis.yml: simplified the submodule checkout The default submodule initialization in travis caused the MacOSX
	builds to fail.

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/atfork.c, lib/pubkey.c: Added casts to prevent compiler
	warnings

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/session.c: corrected typo

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README.md: corrected link to travius build

2016-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .travis.yml, README.md, cfg.mk, m4/gettext.m4, m4/nls.m4,
	m4/po.m4, m4/progtest.m4: .travis.yml: added support for compiling
	in macosx

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/session-tickets-missing.c,
	tests/session-tickets-ok.c: tests: added checks for the new
	GNUTLS_NO_TICKETS flag

2016-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/state.c: gnutls_init: added
	GNUTLS_NO_TICKETS flags These flags allow the callers to disable the automatically enabled
	session tickets. This could be done only with GNUTLS_NO_EXTENSIONS
	which also disabled other useful extensions.

2016-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs11/pkcs11-privkey-export.c: tests:
	added pkcs11-privkey-export This checks whether the public parts of RSA private and public keys
	can be properly extracted from a PKCS#11 module.

2016-10-19  Jakub Jelen <jjelen@redhat.com>

	* tests/pkcs11/pkcs11-mock.c: Expose CKA_PUBLIC_EXPONENT and
	CKA_MODULUS for private keys too

2016-10-19  Jakub Jelen <jjelen@redhat.com>

	* tests/pkcs11/pkcs11-mock.c: tests/pkcs11: Return also CKA_CLASS

2016-10-18  Jakub Jelen <jjelen@redhat.com>

	* tests/pkcs11/pkcs11-mock.c: tests/pkcs11: Expose SUBJECT for
	certificates, PUBLIC_EXPONENT and MODULUS for public keys to widen
	compatibility

2016-10-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/x509/pkcs7.c, lib/x509/x509.c: doc update [ci skip]

2016-10-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2016-10-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/x509/pkcs7.c: doc update

2016-10-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: allow setting key purposes for non-CA
	certificates That is, allow setting code signing, or time stamping key purpose in
	certificates that are not marked as CA. The previous restriction
	served no purpose.

2016-10-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: introduce key purpose checks in p7
	direct verification

2016-10-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509.c: 
	x509: introduced gnutls_x509_crt_check_key_purpose()

2016-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c, lib/includes/gnutls/gnutls.h.in, lib/x509/pkcs7.c,
	lib/x509/x509.c, lib/x509/x509_int.h: gnutls_x509_crt_verify_data2:
	introduce constraints checks on the provided certificate That is check the provided certificate for validity in time and key
	usage.

2016-10-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/code-signing-ca.pem,
	tests/cert-tests/data/code-signing-cert.pem,
	tests/cert-tests/pkcs7, tests/cert-tests/pkcs7-constraints,
	tests/cert-tests/pkcs7-constraints2, tests/pkcs7-gen.c,
	tests/suite/pkcs7-cat: tests: introduced verification constraints
	checks for PKCS#7 structures That is, key purpose checks and more elaborate time checks.

2016-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/credentials/gnutls-http-serv, src/serv.c: gnutls-serv: use the
	included known DH parameters by default

2016-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: certtool: manpage update

2016-10-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/scripts/getfuncs-map.pl: getfuncs-map.pl: ignore the ffdhe
	exported parameters That is ignore the new variables exported which are not functions,
	and thus cannot be detected by getfuncs-map.pl.

2016-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2016-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/crl-test: tests: crl-test: use a unique temp file

2016-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/prime-check.c: tests: added
	sanity check for included primes

2016-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-gtls-app.texi,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-dtls.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-x509.c,
	doc/latex/gnutls.bib: doc: discuss the set_known_dh_params and use
	it in the examples

2016-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/set_known_dh_params_psk.c,
	tests/utils-adv.c, tests/utils.h: tests: check
	gnutls_psk_set_server_known_dh_params

2016-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/set_known_dh_params_anon.c,
	tests/utils-adv.c, tests/utils.h: tests: check
	gnutls_anon_set_server_known_dh_params

2016-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/set_known_dh_params_x509.c: tests: check
	gnutls_certificate_set_known_dh_params

2016-10-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/anon_cred.c, lib/auth/anon.h, lib/auth/cert.h,
	lib/auth/psk.h, lib/cert.c, lib/dh-primes.c, lib/dh.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/psk.c: DH:
	introduced gnutls_*_set_known_dh_params() That is, the functions gnutls_certificate_set_known_dh_params(),
	gnutls_anon_set_server_known_dh_params(),
	gnutls_psk_set_server_known_dh_params().  These functions allow to
	statically set the DH parameters, based on the RFC7919 FFDHE
	parameters. This can simplify server configuration by allowing DH
	without loading parameters from file.  Relates #37

2016-10-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: --get-dh-params will output the
	FFDHE primes instead of the SRP primes

2016-10-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/dh-primes.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: DH: export the
	FFDHE Diffie-Hellman values

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: use fedora's mingw-cmocka packages

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs7-cat-parse.c: tests: added check for
	PKCS#7 catalog file parsing and data extracting

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/data/full.p7b.out,
	tests/cert-tests/data/single-ca.p7b.out,
	tests/suite/data/test1.cat.out, tests/suite/data/test2.cat.out: 
	tests: updated pkcs7 text outputs to account for certtool update

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: --p7-info will include the PKCS#7
	encoded data in PEM format

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/data/test2.cat.out: tests: replaced large test2.cat
	with a smaller file

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: improve text on missing options
	for cert generation

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: Revert "certtool: improve text on missing options
	for cert generation" This reverts commit 7daed1fd0602bce7495d252f1a9b638fc41e38d3.

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/handshake.c, lib/state.c: handshake: set a
	maximum number of warning messages that can be received per
	handshake That is to avoid DoS due to the assymetry of cost of sending an
	alert vs the cost of processing.

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/record.c: record: disallow parsing of alert messages prior to
	session start

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/naked-alerts.c: tests: added check to
	verify that the server will bail out after receiving only alerts

2016-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/multi-alerts.c: tests: added check to
	verify that the server will bail out after many alerts

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: improve text on missing options for cert
	generation

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: tools: removed redudant messages on PIN re-use

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: avoid asking the security officer PIN twice
	on initialization

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: improved messages on token initialization

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: corrected check of PIN existance in token
	initialization

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-serv-x509.c: doc: set a default handshake timeout
	on example server

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: serv: set a timeout value in handshake

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/dtls-etm.c: tests: added check for
	Encrypt-then-MAC under DTLS

2016-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/{mini-etm.c => tls-etm.c}: tests:
	cleanups in tls-etm.c

2016-10-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs7.h, lib/x509/pkcs7.c: 
	gnutls_pkcs7_get_embedded_data: added GNUTLS_PKCS7_EDATA_GET_RAW
	flag This flag allows the export of the stored embedded data with any
	wrapping encoding included. This in particular, it allows to read
	the data from the microsoft catalog PKCS#7 structures, which store
	as embedded data elements of a SEQUENCE, but only authenticate the
	inner parts without the bytes forming the SEQUENCE header.

2016-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: automatically disable non-suiteb curves That is, if the installed nettle doesn't provide the
	nettle_secp_192r1 symbol.

2016-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-10-11  Colin Walters <walters@verbum.org>

	* lib/priority.c: priorities: Do read crypto policy files with mtime
	of zero In a default Fedora Atomic Host installation,
	`/etc/crypto-policies/backends/gnutls.config` is a symlink to the
	default in `/usr/share/`.  On an OSTree-managed system, files in
	`/usr` have an mtime of zero (to help deduplication).  The simple fix here is to still try to read the first time, even if
	the file has an mtime of zero.

2016-10-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-10-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: corrected use of
	gnutls_pkcs7_get_embedded_data()

2016-10-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkix.asn, lib/pkix_asn1_tab.c: pkix.asn: simplified ASN.1
	description by eliminating pkcs-7-ContentType

2016-10-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2016-10-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: print the enacapsulated content OID on
	verification

2016-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/data/ca.pem,
	tests/suite/data/test1.cat.out, tests/suite/data/test2.cat.out,
	tests/suite/pkcs7-cat: tests: added checks for the decoding of
	various PKCS#7 structures

2016-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-output.c, lib/x509/pkcs7.c, lib/x509/pkcs7_int.h: 
	pkcs7: print the eContent type in output functions if it does not
	match the defaults

2016-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/pkcs7.c, lib/x509/x509_int.h: pkcs7:
	allow unknown and legacy signature data OIDs to be imported This allows to decode very old PKCS#7 structures where the content
	is not an octet string. In addition, it introduces
	gnutls_pkcs7_get_embedded_data_oid() to obtain the OID of the
	signature data.

2016-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: --p7-info can be
	combined with --p7-show-data to display embedded data

2016-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am: lib: link with LTLIBDL instead of LIBDL It fixes compilation issues on some systems.

2016-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.5.5

2016-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: doc: mention gnutls_session_ext_register
	and its supplemental data equivalent

2016-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2016-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extensions.c: TLS extensions: only cache the extension IDs
	from exts that the server supports That avoids imposing any artificial limits on the number of
	extensions that a server can handle.  Resolves #136

2016-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/tls-session-ext-register.c: tests: check the registration of
	multiple extensions

2016-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: added gnutls_datum_t and giovec_t to
	indexes Resolves #137

2016-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-output.c: pkcs7: removed any limits in hex encoding
	of attributes

2016-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: lift any limits in print_raw()

2016-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: added safety net when generating a
	certificate request That is, do not allow specifying --generate-request --load-pubkey
	without specifying --load-privkey. Previously if --load-pubkey would
	have been used, it would have been ignored, causing confusion to the
	users.

2016-10-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: Makefile.am: improved the files-update output

2016-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system/iconv.c: _gnutls_utf8_to_ucs2: force NFC normalization
	form in windows

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/tls-session-supplemental.c,
	tests/{mini-supplementaldata.c => tls-supplemental.c}: tests: added
	checks for gnutls_session_supplemental_register

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/state.c, lib/supplemental.c: Added
	session-specific supplemental data handling This allows a caller to add supplemental data handling which will
	only be made available for a specific session.

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/{mini-extension.c =>
	tls-ext-register.c}, tests/tls-session-ext-register.c: tests: added
	checks for gnutls_session_ext_register

2016-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extensions.c, lib/extensions.h, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/state.c: 
	Added session-specific TLS extensions This allows a caller to add extensions which will be made available
	for a specific session.

2016-10-05  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: guile: Implement session record ports using the
	Guile 2.2 API.  This allows the Guile bindings to be built and used with Guile >=
	2.1.4, which introduced a new port API.  * guile/src/core.c (USING_GUILE_BEFORE_2_2): New macro.  (session_record_port_type) [!USING_GUILE_BEFORE_2_2]: New
	definition.  (read_from_session_record_port, write_to_session_record_port) (make_session_record_port) [!USING_GUILE_BEFORE_2_2]: New functions.
	Conditionalize the other same-named functions on
	USING_GUILE_BEFORE_2_2.  (scm_init_gnutls_session_record_port_type): Use
	'read_from_session_record_port' when !USING_GUILE_BEFORE_2_2.

2016-10-05  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/session-record-port.scm: guile: Test
	'set-session-transport-fd!'.  * guile/tests/session-record-port.scm: Use
	'set-session-transport-fd!' on the server side.

2016-10-05  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls/build/tests.scm: guile: Guile 2.x
	'uniform-vector-read!' replacement returns 0 upon EOF.  This problem was never hit in practice because our tests always got
	the non-EOF case.  * guile/modules/gnutls/build/tests.scm (uniform-vector-read!)
	[guile-2]: Return 0 upon EOF.

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* extra/Makefile.am, lib/Makefile.am: win32: install the .def files
	in libdir instead of bindir Suggested by Eli Zaretskii.

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: include arpa/inet.h unconditionally That is because we use inet_pton() which is either provided by the
	OS, or by gnulib.

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark.c: gnutls-cli: fix compilation warning in win32

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* extra/Makefile.am, m4/hooks.m4: Fixed the version in
	libgnutls-openssl.def file Previously the version set in that file would have been
	(incorrectly) equal to the version of the main library.

2016-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/certuniqueid.c, tests/mini-dtls-mtu.c: tests: avoid using
	%zd for formatted output It is not supported by windows.

2016-10-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_key_utf8.c, tests/set_x509_key_utf8.c: tests: skip tests
	which depend on libidn functionality if build without libidn

2016-10-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: fixed compilation of
	pkcs11-privkey-always-auth

2016-10-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system/keys-win.c: Fix build of system/keys-win.c with older
	mingw Patch by Eli Zaretskii <eliz@gnu>

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/provable-dh, tests/cert-tests/provable-privkey,
	tests/cert-tests/provable-privkey-dsa2048,
	tests/cert-tests/provable-privkey-rsa2048: tests: introduced further
	parallelization in provable* tests This runs independent verification steps in parallel, improving
	running time significantly.

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am: tests: provable-dh-default check is
	too slow and is only run when the complete suite is requested

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/provable-privkey,
	tests/cert-tests/provable-privkey-dsa2048,
	tests/cert-tests/provable-privkey-gen-default,
	tests/cert-tests/provable-privkey-rsa2048: tests: split
	provable-privkey into multiple checks This allows the tests to be run in parallel.

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/provable-dh,
	tests/cert-tests/provable-dh-default: tests: provable-dh was split
	into two programs This allows the test to be run more efficiently when run in
	parallel.

2016-09-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, configure.ac: .gitlab-ci.yml: do not run the full
	test suite on valgrind test This allows the CI test to run on reasonable time.

2016-09-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2016-09-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl: devel/openssl: updated to 1.1.0 release

2016-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/aarch64/Makefile.am,
	lib/accelerated/aarch64/aarch64-common.c,
	lib/accelerated/aarch64/aes-aarch64.h,
	lib/accelerated/aarch64/aes-ccm-aarch64.c: aarch64: added optimized
	AES-CCM mode

2016-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, devel/perlasm/ghash-aarch64.pl,
	devel/perlasm/ghash-aarch64.pl.license,
	lib/accelerated/aarch64/Makefile.am,
	lib/accelerated/aarch64/aarch64-common.c,
	lib/accelerated/aarch64/aes-gcm-aarch64.c,
	lib/accelerated/aarch64/elf/ghash-aarch64.s: Imported Andy
	Polyakov's implementation of AES-GCM in aarch64

2016-09-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, devel/perlasm/aes-aarch64.pl,
	devel/perlasm/aes-aarch64.pl.license,
	lib/accelerated/aarch64/Makefile.am,
	lib/accelerated/aarch64/aarch64-common.c,
	lib/accelerated/aarch64/aes-aarch64.h,
	lib/accelerated/aarch64/aes-cbc-aarch64.c,
	lib/accelerated/aarch64/aes-gcm-aarch64.c,
	lib/accelerated/aarch64/elf/aes-aarch64.s: Imported Andy Polyakov's
	implementation of AES in aarch64

2016-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/aarch64/Makefile.am,
	lib/accelerated/aarch64/aarch64-common.c,
	lib/accelerated/aarch64/hmac-sha-aarch64.c,
	lib/accelerated/aarch64/sha-aarch64.h: Added HMAC-SHA* optimizations
	for aarch64

2016-09-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, configure.ac, devel/perlasm/arm-xlate.pl,
	devel/perlasm/sha1-armv8.pl, devel/perlasm/sha1-armv8.pl.license,
	devel/perlasm/sha256-armv8.pl,
	devel/perlasm/sha256-armv8.pl.license,
	devel/perlasm/sha512-armv8.pl,
	devel/perlasm/sha512-armv8.pl.license, lib/accelerated/Makefile.am,
	lib/accelerated/aarch64/Makefile.am,
	lib/accelerated/aarch64/README,
	lib/accelerated/aarch64/aarch64-common.c,
	lib/accelerated/aarch64/aarch64-common.h,
	lib/accelerated/aarch64/elf/sha1-armv8.s,
	lib/accelerated/aarch64/elf/sha256-armv8.s,
	lib/accelerated/aarch64/elf/sha512-armv8.s,
	lib/accelerated/aarch64/sha-aarch64.c,
	lib/accelerated/aarch64/sha-aarch64.h,
	lib/accelerated/accelerated.c: Imported Andy Polyakov's
	implementations for SHA* in aarch64

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c, lib/ext/server_name.h: fix zero-termination
	in _gnutls_server_name_set_raw() for large server names

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/handshake-checks.c: _gnutls_check_id_for_change: added check
	for NULL username This is not required, but may prevent from issues if
	code-reorganizations which may set a NULL username, occur.

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/openpgp/output.c, lib/x509/output.c: gnutls_*_crt_print:
	better error checking

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, tests/Makefile.am, tests/pkcs11/pkcs11-mock-ext.h,
	tests/pkcs11/pkcs11-mock.c,
	tests/pkcs11/pkcs11-privkey-always-auth.c: tests: added test for
	CKA_ALWAYS_AUTHENTICATE handling in PKCS#11 This checks whether GnuTLS properly calls login prior to any sign
	operations when the object is marked as CKA_ALWAYS_AUTHENTICATE.

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: improved debugging output in pkcs11_login

2016-10-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: removed unused
	variable

2016-09-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c, src/ocsptool.c: tools: clarify errors when
	reading files Previously certtool and ocsptool would report: ``` $ certtool
	--generate-request --load-privkey=foo --outfile=bar Generating a
	PKCS #10 certificate request...  reading --load-privkey: foo ``` And that doesn't make apparent what the issue was. Modified to
	print: ``` error reading --load-privkey: foo ``` Report and initial patch by Thibault Nélis.  Resolves !97

2016-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def: p11tool: doc update [ci skip]

2016-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ip-in-cidr.h, lib/x509/ip.c, lib/x509/name_constraints.c: 
	Removed C99 constructions in for-loops These constructions although valid for C99 they are being rejected
	by various compilers. Get rid of them.

2016-09-27  Daiki Ueno <dueno@redhat.com>

	* src/certtool.c: certtool: print correct size of EC keys Previously certtool complained about key size if --curve is given:  $ certtool --generate-privkey --ecc --curve secp256r1 --outfile
	 key.pem Generating a -2147483646 bit EC/ECDSA private key...   Note that ECDSA keys with size less than 256 are not widely
	 supported.

2016-09-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: documented the p11-kit relevancy of
	distrust and stapled

2016-09-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_write.c, lib/pkcs11x.c: pkcs11: forbid PKCS#11 extensions
	to be used in other than trust modules That is, only use the CKA_X_DISTRUSTED and the extension override in
	p11-kit trust modules, to avoid conflicts with potentially other
	PKCS#11 extensions.

2016-09-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: enabled valgrind tests build

2016-09-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/handshake-large-packet.c: tests: allow
	handshake-large-packet to run under valgrind That is, initialize the allocated buffers with a known value.

2016-09-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c: p11tool: introduced the
	--mark-distrusted and --distrusted options This allows to mark objects as distrusted, as well as list all
	distrusted certificates (blacklisted) for a p11-kit trust module as:
	p11tool --list-all-certs --distrusted

2016-09-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c: 
	pkcs11: introduced flag GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED This allows to mark objects as distrusted, as well as to be able to
	list distrusted objects.

2016-09-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11x.c: pkcs11: only staple extensions from a
	trust module when they are from a non-distrusted certificate That is, make sure that the API for stapling extensions is only used
	for non-distrusted (blacklisted) certificates. The reason is to
	avoid duplicate extension entries from the p11-kit trust database.
	These come from blacklisted certificates, and we have no reason to
	support stapled extensions with blacklisted certificates.

2016-09-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c: p11tool: allow to export a
	certificate with its stapled extensions

2016-09-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ecc.c: gnutls_oid_to_ecc_curve: fix null pointer
	dereference This addresses issue where an unknown curve would cause a null
	pointer dereference. This was introduced with the addition of
	X25519. Reported by Theofilos Petsios.

2016-09-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: Only send the status request extension
	on cert authentication That is, do not both asking for it, or replying to it, if we are not
	using any certificates.

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/scripts/gdoc: gdoc: improved the detection and display of
	escaped characters (@%) This allows to properly display strings like %COMPAT and @SYSTEM in
	the manual and the manpages.

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/priority.c: doc: gnutls_priority_init: fixed %COMPAT [ci skip]

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: corrected debian build's
	dependency

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/signature.c, lib/ext/signature.h, lib/tls-sig.c: On client
	side allow signing with the signature algorithm of our cert That allows to sign for example with DSA-SHA1 as client even if we
	do not allow DSA-SHA1 as signature algorithm for server's
	certificate. This allows to use a deprecated certificate without
	enabling deprecated algorithms globally.

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/signature.c: _gnutls_session_get_sign_algo: always return
	GNUTLS_SIGN_UNKNOWN on failure

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h, tests/server_ecdsa_key.c,
	tests/utils-adv.c, tests/utils.h: tests: added check for server-side
	ECDSA keys These tests check whether a server ECDSA key will be rejected by the
	client in case the client has no ECDSA signature algorithms
	available.

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h, tests/client_dsa_key.c,
	tests/utils-adv.c, tests/utils.h: tests: added check for client-side
	DSA key This checks whether a client can use and send a DSA key, even if DSA
	is not enabled (which should prohibit the server from providing a
	DSA certificate).

2016-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: do not require a
	certificate to generate a PKCS#12 file That is, allow generating PKCS#12 files with private keys only as
	well.

2016-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added debian build

2016-09-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README.md: depend on softhsm2 and net-tools on debian

2016-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-server-name.c: tests: mini-server-name: skip invalid
	UTF-8 check if compiled without libidn This allows the test suite to run in systems without libidn.
	Reported by Thomas Klausner.

2016-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-server-name.c, tests/mini-session-verify-function.c,
	tests/utils.h, tests/x509-dn-decode.c: tests: added the macros
	test_fail() and test_success() These macros allow test programs which run multiple checks, to
	report the name of the check failed. Modified mini-server-name and
	x509-dn-decode to use the macro.

2016-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: cfg.mk: removed invalid rule in web target

2016-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/handshake.c: added debugging message when session fails due to
	handshake hash buffer

2016-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/handshake-large-packet.c: tests: check
	whether large packets are allowed on the handshake

2016-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extensions.c: Do not allow sending overflowed extensions field That is, restrict the extensions to a 2^16 total size.

2016-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-extension.c: tests: minor improvements in
	mini-extension This will improve recovery from error conditions.

2016-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/handshake.c: Increased the maximum size
	allowed for handshake messages to 128kb This would allow the library to cope with larger packets, as well as
	TLS 1.3 hellos. Suggested by Hubert Kario.

2016-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/cert-common.h, tests/insecure_key.c,
	tests/utils-adv.c, tests/utils.h: tests: added check for insecure
	key That is, a check which verified whether a connection to a server
	with a very small key will fail the certificate verification check.

2016-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/errors.c, lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c,
	tests/rsa-illegal-import.c: Introduced separate error codes for
	invalid private and public keys This allows functions like decryption and verification to report the
	specific issue they encountered on public key error.  The new codes
	are GNUTLS_E_PK_INVALID_PUBKEY and GNUTLS_E_PK_INVALID_PRIVKEY

2016-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: no longer require gnutls-devel This package is no longer needed to run abi-check.

2016-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: Makefile: abi-check no longer require gnutls headers
	to be installed This addresses the issue of requiring gnutls-devel in the CI system
	to run abi-check.

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/manpages/Makefile.am: doc: remove the conditional self_test
	functions Also prevent them by re-entering the documented functions list by
	restricting the header files that contribute functions to the known
	list defined by $(HEADER_FILES).

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am, doc/Makefile.am, doc/manpages/Makefile.am: 
	Makefile.am: introduced 'make files-update' rule This rule updates the makefiles in doc/ and the kept symbol list.
	This allows for easier automation of the symbol change 'make dist'
	breakages.

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/manpages/Makefile.am: manpages: delete comparison temp file

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: Makefile.am: symbol changes were made more elaborate During make dist, the makefile will report the appropriate symbol
	change message with instructions and fail.

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	doc and symbol files for
	gnutls_certificate_set_ocsp_status_request_function2

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: Makefile.am: print the symbols.last diff on make dist This allows to manually verify the contents before overriding the
	old file.

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: doc: allow creation of gnutls.epub without
	running epub-fix

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: use nproc as argument to 'make -j' That way, we use as many make processes, as the number of CPUs in
	the CI system.

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added build which runs 'make dist' This tests whether the manpages, info, html, pdf and epub manual are
	properly generated, and whether any new functions were included into
	makefiles.

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/epub.texi: doc: fixed the epub documentation generation

2016-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/status_request.c: 
	gnutls_certificate_set_ocsp_status_request_file: mention version it
	was enhanced

2016-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc: corrected typo

2016-09-12  Alex Monk <krenair@gmail.com>

	* doc/cha-gtls-app.texi: Add ECDHE-* to the priority string docs for
	key exchange algorithms GNUTLS_KX_ECDHE_PSK was added in 2.99.3 (released 2011-06-18) The
	other two were added in 2.99.2 (released 2011-05-26) Signed-off-by: Alex Monk <krenair@gmail.com>

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added check for position dependent
	code

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: Makefile.am: added check for position dependent code This check will verify that the generated library doesn't contain
	position dependent code. It depends on elf utilities.

2016-09-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86.s: openssl asm: reverted to
	AESNI-x86 code to gnutls 3.4.x code The newer code was creating position dependent code.

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h, tests/set_key_utf8.c,
	tests/set_x509_key_utf8.c, tests/utils-adv.c: tests: added checks to
	verify server understanding of UTF8 hostnames This verifies whether a server can understand and serve requests
	which contain UTF-8 server names.

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_key.c: tests: set_key: fixed the time override

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_key.c: tests: set_key: enabled failure_mode test Also eliminated memory leaks related to it.

2016-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509.c: Added IDNA support in server side Any server names provided to server side by the
	gnutls_certificate_set_* functions, are converted to IDNA format for
	comparison with client provided values.

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: restrict the freebsd builds to
	local branches only

2016-09-11  Alex Monk <krenair@gmail.com>

	* doc/cha-gtls-app.texi: Add SIGN-ECDSA-SHA* to the priority strings
	docs There were added in version 2.99.2, 2011-05-26 Signed-off-by: Alex Monk <krenair@gmail.com>

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: gnutls_certificate_set_*key: ensure proper cleanup on
	key mismatch failures That is, ensure that we keep no local references that are shared
	with the caller, and that we properly free all initialized values.

2016-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_key.c, tests/set_x509_key.c: tests: check key mismatch
	on gnutls_certificate_set_*key That is, check whether these functions can successfully recover from
	such condition, without leaks or double freeing.

2016-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/set_x509_key_file_ocsp_multi2.c: tests:
	added unit testing for
	gnutls_certificate_set_ocsp_status_request_function2

2016-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/set_key.c, tests/set_x509_key.c: tests:
	added unit tests for gnutls_certificate_set_x509_key() In addition these tests verify that the expected index is returned
	and that can be used with gnutls_certificate_get_crt_raw()
	afterwards.

2016-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_x509_key.c: tests: enhanced set_x509_key tests to
	include index verification That is, verify that correct indexes are returned, and these can be
	used with gnutls_certificate_get_crt_raw() afterwards.

2016-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_x509_key_file.c, tests/utils.c, tests/utils.h: tests:
	enhanced set_x509_key_file tests to include index verification That is, verify that correct indexes are returned, and these can be
	used with gnutls_certificate_get_crt_raw() afterwards.

2016-09-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/set_x509_key_file_ocsp_multi.c,
	tests/utils-adv.c: tests: more checks for functionality of
	gnutls_certificate_set_ocsp_status_request_file This introduces checks for the cases where
	gnutls_certificate_set_ocsp_status_request_file() is called with
	multiple indexes, to set an OCSP response for different
	certificates. The tests then verify whether the expected OCSP
	response is received.

2016-09-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/auth/cert.h, lib/cert.c,
	lib/ext/status_request.c, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/x509.c: 
	Added gnutls_certificate_set_ocsp_status_request_function2 That introduces a new function to allow setting an OCSP status
	request handling function per certificate. Furthermore it repurposes
	the flag parameters to an index option on
	gnutls_certificate_set_ocsp_status_request_file.  The changes above allow setting a different OCSP status response
	file per certificate, and a different function. The indexes they
	rely on to associate with existing certs are the indexes returned by
	the gnutls_certificate_set_key() and friends functions.

2016-09-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cert.c, lib/x509.c: All the key and chain set functions return
	an index When setting key and certificate material to a
	gnutls_certificate_credentials_t structure, the corresponding set
	functions will return an index.  That index could be used later
	either on the get functions, or when setting corresponding data
	(e.g., an OCSP response).

2016-09-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: doc: clarifications in
	gnutls_certificate_set_ocsp_status_request_function()

2016-09-11  Andreas Metzler <ametzler@bebt.de>

	* lib/x509/x509_write.c, src/ocsptool-args.def: Typo fixes found by
	lintian.  incosistent, ommited

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added code-coverage output to
	clang build

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: the code-coverage command will
	always succeed This works around random failures while calculating the code
	coverage.

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: moved commonly installed packages
	into the before_script field

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added syntax check build

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: cfg.mk: revived 'make release'

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/Makefile.am, doc/examples/ex-pkcs11-list.c,
	doc/gnutls.texi, lib/Makefile.am, lib/algorithms/ciphers.c,
	lib/algorithms/ciphersuites.c, lib/algorithms/ecc.c,
	lib/algorithms/kx.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/publickey.c,
	lib/algorithms/secparams.c, lib/auth/cert.c, lib/auth/dh_common.c,
	lib/auth/ecdhe.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
	lib/auth/srp_passwd.c, lib/auto-verify.c, lib/buffers.c,
	lib/buffers.h, lib/cipher.c, lib/cipher_int.c, lib/compress.c,
	lib/crypto-api.c, lib/crypto-backend.c, lib/datum.h, lib/dtls-sw.c,
	lib/dtls.c, lib/dtls.h, lib/ecc.c, lib/errors.c, lib/ext/dumbfw.c,
	lib/ext/srp.h, lib/ext/status_request.c, lib/extras/hex.c,
	lib/fips.c, lib/gnutls.asn, lib/gnutls_int.h, lib/handshake.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/crypto.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
	lib/mem.h, lib/minitasn1/decoding.c, lib/minitasn1/element.c,
	lib/minitasn1/libtasn1.h, lib/mpi.c, lib/nettle/cipher.c,
	lib/nettle/int/drbg-aes-self-test.c, lib/nettle/pk.c,
	lib/opencdk/armor.c, lib/opencdk/stream.c, lib/openpgp/openpgp.c,
	lib/pcert.c, lib/pk.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c, lib/pkcs11x.c, lib/prf.c, lib/privkey.c,
	lib/record.c, lib/session_pack.c, lib/str.c, lib/str.h,
	lib/supplemental.c, lib/system-keys.h, lib/system/inet_ntop.c,
	lib/system/keys-dummy.c, lib/system/keys-win.c, lib/verify-tofu.c,
	lib/x509.c, lib/x509.h, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/email-verify.c,
	lib/x509/extensions.c, lib/x509/hostname-verify.c, lib/x509/krb5.c,
	lib/x509/name_constraints.c, lib/x509/ocsp.c, lib/x509/output.c,
	lib/x509/pkcs12.c, lib/x509/pkcs7-attrs.c, lib/x509/pkcs7-crypt.c,
	lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/time.c, lib/x509/tls_features.c, lib/x509/verify-high.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_ext.c,
	lib/x509/x509_write.c, m4/hooks.m4, src/certtool-cfg.c,
	src/certtool.c, src/cli.c, src/danetool.c, src/list.h,
	src/ocsptool-common.c, src/ocsptool.c, src/pkcs11.c, src/serv.c,
	src/tests.c, tests/auto-verify.c, tests/cert-key-exchange.c,
	tests/cert-tests/Makefile.am, tests/certificate_set_x509_crl.c,
	tests/chainverify.c, tests/common-cert-key-exchange.c,
	tests/conv-utf8.c, tests/crl-basic.c, tests/crlverify.c,
	tests/crq-basic.c, tests/crq_key_id.c,
	tests/custom-urls-override.c, tests/custom-urls.c, tests/dane.c,
	tests/dtls-handshake-versions.c, tests/dtls-max-record.c,
	tests/dtls-rehandshake-anon.c, tests/dtls-rehandshake-cert-2.c,
	tests/dtls-rehandshake-cert-3.c, tests/dtls-rehandshake-cert.c,
	tests/dtls-sliding-window.c, tests/dtls/dtls-stress.c,
	tests/eagain-common.h, tests/fallback-scsv.c,
	tests/handshake-false-start.c, tests/handshake-versions.c,
	tests/hostname-check.c, tests/key-material-dtls.c,
	tests/key-usage.c, tests/mini-cert-status.c,
	tests/mini-chain-unsorted.c, tests/mini-dtls-heartbeat.c,
	tests/mini-dtls-large.c, tests/mini-dtls-lowmtu.c,
	tests/mini-dtls-mtu.c, tests/mini-eagain-dtls.c,
	tests/mini-eagain.c, tests/mini-emsgsize-dtls.c, tests/mini-etm.c,
	tests/mini-extension.c, tests/mini-global-load.c,
	tests/mini-key-material.c, tests/mini-record.c,
	tests/mini-rsa-psk.c, tests/mini-session-verify-function.c,
	tests/mini-supplementaldata.c, tests/mini-x509-2.c,
	tests/mini-x509-callbacks-intr.c, tests/mini-x509-callbacks.c,
	tests/mini-x509-cas.c, tests/mini-x509-default-prio.c,
	tests/mini-x509-dual.c, tests/mini-x509.c,
	tests/name-constraints-ip.c, tests/ocsp-tests/Makefile.am,
	tests/ocsp.c, tests/openpgp-auth.c, tests/openpgp-auth2.c,
	tests/openpgpself.c, tests/pgps2kgnu.c, tests/pkcs12_s2k.c,
	tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
	tests/pkcs8-key-decode.c, tests/prf.c,
	tests/rehandshake-ext-secret.c,
	tests/rehandshake-switch-cert-allow.c,
	tests/rehandshake-switch-cert-client-allow.c,
	tests/rehandshake-switch-cert-client.c,
	tests/rehandshake-switch-cert.c, tests/rehandshake-switch-psk-id.c,
	tests/rehandshake-switch-srp-id.c, tests/resume-dtls.c,
	tests/resume-with-false-start.c, tests/resume.c,
	tests/rsa-encrypt-decrypt.c, tests/send-client-cert.c,
	tests/session-export-funcs.c, tests/simple.c,
	tests/slow/cipher-override.c, tests/slow/cipher-override2.c,
	tests/srp.c, tests/test-chains.h, tests/tls-max-record.c,
	tests/tls-rehandshake-cert-2.c, tests/tls-rehandshake-cert.c,
	tests/tlsfeature-crt.c, tests/tlsfeature-ext.c, tests/utils-adv.c,
	tests/utils.c, tests/version-checks.c, tests/windows/cng-windows.c,
	tests/windows/crypt32.c, tests/x509-extensions.c,
	tests/x509cert-tl.c, tests/x509cert.c, tests/x509dn.c,
	tests/x509sign-verify.c, tests/x509sign-verify2.c: several spacing
	fixes to keep syntax-check happy

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testrandom.sh: avoid the usage of '-a' and '-o' bash
	options This keeps syntax-check happy.

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/str.c, src/certtool-cfg.c: avoid the usage of strncpy

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: removed signal.h from files that wasn't used at

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* CONTRIBUTING.md, doc/cha-gtls-app.texi, guile/src/core.c,
	libdane/dane.c: doc update

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ip.c: gnutls_x509_cidr_to_rfc5280: removed double
	semi-colon

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c, lib/system/certs.c, lib/system/fastopen.c,
	lib/system/sockets.c, lib/system/threads.c, lib/x509/pkcs12_encr.c,
	lib/x509/pkcs7-output.c, lib/x509/time.c, lib/x509/x509_ext.c: 
	removed c-ctype.h from files that wasn't used at

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure.ac: quote parameters when needed

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/hex.c, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c,
	tests/pkcs11/pkcs11-import-url-privkey.c,
	tests/pkcs11/pkcs11-pubkey-import-ecdsa.c,
	tests/pkcs11/pkcs11-pubkey-import-rsa.c: removed assert.h from files
	that wasn't used at

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/POTFILES.in: POTFILES: added libdane files

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool-args.def, tests/suite/testpkcs11.sh: doc update

2016-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c, tests/pkcs11/pkcs11-mock.c: tests/tools:
	avoid non-null check before free()

2016-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex: latex manual: added backwards compatibility
	options

2016-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: windows DLL builds now include all
	required dependencies Also improved naming conventions for builds

2016-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system/inet_ntop.c: inet_ntop4: casted signed/unsigned
	comparison

2016-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.h: system.h: undefine macros before defining them

2016-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: _gnutls_fbase64_decode: use memsub macro instead
	of casts

2016-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: use gnutls_set_default_priority if no
	priorities are given

2016-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv-args.def: gnutls-serv: removed '...' from documentation That caused caused problems in generated manpage.

2016-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: better document the random generator
	variant used

2016-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.5.4

2016-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: corrected wrong operation in
	minimal build

2016-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2016-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/ip.c: doc update

2016-09-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, m4/hooks.m4: bumped versions

2016-09-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs12-utf8: tests:
	do not run pkcs12-utf8 under windows This test required to pass UTF8 data under command line, and that
	doesn't seem to work under windows.

2016-09-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system/iconv.c: _gnutls_ucs2_to_utf8: corrected use of
	WideCharToMultiByte in windows

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/conv-utf8.c: tests: added debugging info in conv-utf8

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/name-constraints-ip.c: tests: don't build
	cmocka tests with libutils - they conflict

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: keep config.log in windows builds

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: corrected typo for libidn
	installation in windows64

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: install our internal cmocka for
	windows

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/conv-utf8.c: tests: added unit tests of
	_gnutls_utf8_to_ucs2 and _gnutls_ucs2_to_utf8

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: libgnutls.map: export _gnutls_utf8_to_ucs2 and
	_gnutls_ucs2_to_utf8 for testing

2016-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12_encr.c: pkcs12: enhanced to allow encrypting using
	UCS2 passwords That is use _gnutls_utf8_to_ucs2() to convert the provided password
	to UCS2.

2016-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system/iconv.c: _gnutls_ucs2_to_utf8: fixed null termination
	check in windows code

2016-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.h, lib/system/iconv.c: Added _gnutls_utf8_to_ucs2() This function allows to convert between UTF8 to UCS2 big-endian.

2016-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs12-utf8: tests:
	added tests for PKCS#12 decoding with UTF8 passwords

2016-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-crypt.c: pkcs7 encryption: corrected memory leaks

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: Makefile: local-code-coverage-output always succeeds

2016-09-02  Martin Ukrop <mukrop@redhat.com>

	* lib/x509/name_constraints.c, tests/name-constraints-ip.c: x509:
	Adjust IP name constraints behavior - Modified IPv4/IPv6 interaction in name constraints -- IPv4 and
	IPv6 no have empty intersection (previously: were treated
	independently).  - Current behavior is more conservative -- in case of IPv4
	constraint cert, subcerts will not be able to have IPv6 addresses.  - Tests updated accordingly.  - Behavior now matches NSS.

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11.sh: tests: added checks to verify behavior
	in writing pkcs11 objects That is, verify that private keys are marked as private by default,
	and public objects are marked as non-private by default.

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: eliminated memory leak in --list options

2016-09-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c: p11tool: do not mark written
	objects as private by default That is, when --mark-private or --no-mark-private are not specified,
	set non-private for public objects and private for private ones.

2016-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c: minitasn1:
	updated to latest git version

2016-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pk.c: _gnutls_encode_ber_rs_raw: simplified That is, use a single allocation for temporary data.

2016-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: use fedora24 with address
	sanitizer The fix in fbb9618b25b77c65e24a6ce224d53bc9a0b81457 addresses the
	problems with asan in fedora24.

2016-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/slow/Makefile.am: tests: use LSAN_OPTIONS
	instead of ASAN_OPTIONS New versions of address sanitizer do not parse this file otherwise.

2016-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs11/softhsm.h: tests: corrected detection of 64-bit
	systems in softhsm.h

2016-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs11/pkcs11-ec-privkey-test.c: tests:
	added check for PKCS#11 signature validity That is, tests whether our generated DSASignatureValue with PKCS#11
	contains r, s values that are non-negative, i.e., are zero padded
	when necessary. This utilizes _gnutls_decode_ber_rs_raw().

2016-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/pk.c, lib/pk.h: Introduced helper function
	_gnutls_decode_ber_rs_raw()

2016-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pk.c: _gnutls_encode_ber_rs_raw: zero-pad values when
	necessary This addresses issue when encoding values obtained via PKCS#11 which
	may not be necessarily padded.  Resolves #122

2016-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: tests: template-test: use uniform
	way to detect 32-bit systems

2016-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, tests/pkcs11/softhsm.h: .gitlab-ci.yml: use the
	gitlab.com shared runners This removes the need to administer custom runners (except for the
	FreeBSD runner which cannot run under Linux), makes the testing on
	other platforms such as Debian simpler, and allows merge requests to
	pass through the CI.

2016-08-30  David Woodhouse <David.Woodhouse@intel.com>

	* lib/dtls-sw.c, lib/gnutls_int.h, tests/dtls-sliding-window.c,
	tests/mini-dtls-record.c: Import DTLS sliding window validation from
	OpenConnect ESP code In this implementation, the end of the sliding window is always
	advanced to the latest received packet, and we accept up to 64
	packets before that one. We no longer refuse to accept packets
	because they are *too* far ahead of what we've already seen.  Some of the test cases are fixed up accordingly.  This matches the code in OpenConnect esp-seqno.c at commit 314ac65.

2016-08-31  Jussi Kukkonen <jussi.kukkonen@intel.com>

	* src/Makefile.am: tools: Use correct include dir with minitasn This allows compiling certtool without libtasn headers.

2016-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-windows.c: nettle: removed unused variable in
	windows rng

2016-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: don't run danetool.sh when not compiled
	with dane support

2016-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-record.c: tests: mini-dtls-record: modified
	expected order to account for new SW behavior

2016-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/dtls-sw.c: dtls: ensure that the DTLS window doesn't get
	stalled That is ensure that it is forwarded at least one place if more than
	16 packets have been received since the first one.

2016-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls-sliding-window.c: tests: enhance the DTLS window unit
	test to account for lost packets This adds tests for cases where many lost packets are encountered,
	such as 50% of the packets received, as well as 3 consequent packets
	being lost.

2016-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README.md: added coverage report [ci skip]

2016-08-28  David Woodhouse <dwmw2@infradead.org>

	* lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: set the key value
	to null on failure

2016-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ocsp.c: tests: added basic operational check of
	gnutls_ocsp_resp_get_single()

2016-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp.c: gnutls_ocsp_resp_get_single: reorganized function
	to eliminate memory leaks Simplified and optimized the function operation, by removing
	unecessary memory allocations, as well as eliminate memory leaks on
	certain error cases.

2016-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp.c: ocsp: corrected the comparison of the serial size
	in OCSP response Previously the OCSP certificate check wouldn't verify the serial
	length and could succeed in cases it shouldn't.  Reported by Stefan Buehler.

2016-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/ocsptool-common.c, src/socket.c: tools: eliminated
	memory leaks in deinitialization

2016-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/cli.c, src/danetool.c,
	src/ocsptool-common.c, src/socket.c, src/socket.h: tools: allow
	socket_bye() to be used for non-polite terminations

2016-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp-tests/Makefile.am,
	tests/ocsp-tests/suppressions.valgrind: tests: added
	suppressions.valgrind in ocsp-tests

2016-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am,
	tests/key-tests/data/pkcs8-pbes1-des-md5.pem,
	tests/key-tests/pkcs8-decode: tests: added check for the decoding of
	pbes1-des-md5 key

2016-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs7-crypt.c, lib/x509/pkcs7_int.h,
	lib/x509/privkey_pkcs8.c, lib/x509/privkey_pkcs8_pbes1.c,
	lib/x509/x509_int.h: pkcs8: cleaned up PKCS#8 decoding from common
	code with PKCS#7

2016-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/Makefile.am, lib/x509/privkey_pkcs8.c,
	lib/x509/privkey_pkcs8_pbes1.c, lib/x509/x509_int.h: pkcs8: added
	support for decryption with PBES1-DES-CBC-MD5 While this is a legacy (and insecure) cipher combination it is the
	default output of openssl up until the 1.0.2 version. We introduce
	this option to allow decrypting private keys from these versions of
	openssl.

2016-08-25  raspa0 <raspa0@protonmail.com>

	* src/pkcs11.c: fix memleak in pkcs11_get_random

2016-08-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c, src/ocsptool.c: ocsptool: reduce memory
	leaks on execution

2016-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp-tests/Makefile.am,
	tests/ocsp-tests/ocsp-must-staple-connection,
	tests/ocsp-tests/ocsp-tls-connection: tests: enable
	ocsp-must-staple-connection check

2016-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/global.c: doc: be more explicit about the usage of
	gnutls_global_init/deinit [ci skip]

2016-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/pkcs8-decode: tests: don't use piped tee in
	pkcs8-decode It would prevent error codes from being detected in the tests.

2016-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: ocsptool: corrected bug in session establishment

2016-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp-tests/ocsp-tls-connection: tests: ocsp-tls-connection:
	no longer check for netcat; it was not needed

2016-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am,
	tests/key-tests/data/pkcs8-pbes2-sha256.pem,
	tests/key-tests/pkcs8-decode: tests: added decoding of key with
	pbes2 and SHA256 PRF

2016-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/algorithms.h, lib/algorithms/mac.c, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: 
	Added support for decrypting PKCS#8 files which use HMAC-SHA256 as
	PRF This improves compatibility with new openssl versions.

2016-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_openssl.c: Ported openssl format fix from
	openconnect Patch by David Woodhouse

2016-08-24  raspa0 <raspa0@protonmail.com>

	* src/pkcs11.c: src/pkcs11.c: fix mech_list out-of-bounds check

2016-08-15  Philippe Proulx <eeppeliteloop@gmail.com>

	* lib/record.c: gnutls_record_recv(): doc: push -> pull Signed-off-by: Philippe Proulx <eeppeliteloop@gmail.com>

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-linux.c: rnd-linux: added check for SYS_getrandom
	being defined This allows to compile the getrandom() code in old Linux systems
	which do not have the system call defined.

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/Makefile.am: libdane: include minitasn1 headers

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: do not exit if fast open is not supported

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: gnutls-cli: added bufferring in starttls read of
	packets

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/starttls-ftp.txt, tests/starttls.sh: 
	tests: added basic test of STARTTLS over FTP for gnutls-cli

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md, tests/Makefile.am, tests/starttls-smtp.txt,
	tests/starttls.sh: tests: added basic starttls functionality testing
	on gnutls-cli

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: gnutls-cli: exit with error code 2 on starttls
	errors

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/fastopen.sh: tests: fixed fastopen.sh to operate from cmd

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/socket.c, src/socket.h: gnutls-cli: fixed the
	behavior when --starttls or --starttls-proto is given The change of moving the handshake process as part of the socket
	establishment broke the starttls functionality in gnutls-cli. This
	change fixes that functionality.  Reported by Andreas Metzler.

2016-08-19  SUMIT AGGARWAL <aggarwal.s@samsung.com>

	* src/benchmark-cipher.c, src/srptool.c: Fix HANDLE_LEAK and memory
	leak issues.

2016-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/socket.c: gnutls-cli: print 'Handshake was
	completed' The change of moving the handshake process as part of the socket
	establishment, prevented the text 'Handshake was completed' from
	being printed as part of a successful handshake. That message was
	used by applications like gnus which use gnutls-cli. This patch
	reverts that change and prints that message on successful
	handshakes.

2016-08-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, tests/Makefile.am, tests/cert-tests/Makefile.am,
	tests/{openpgp-certs => cert-tests/data}/ca-public.gpg,
	tests/{openpgp-certs => cert-tests/data}/ca-secret.gpg,
	tests/{openpgp-certs =>
	cert-tests/data}/srv-public-127.0.0.1-signed.gpg,
	tests/{openpgp-certs => cert-tests/data}/srv-public-all-signed.gpg,
	tests/{openpgp-certs =>
	cert-tests/data}/srv-public-localhost-signed.gpg,
	tests/{openpgp-certs => cert-tests/data}/srv-public.gpg,
	tests/{openpgp-certs => cert-tests/data}/srv-secret.gpg,
	tests/{openpgp-certs/testcerts => cert-tests/openpgp-certs},
	tests/{openpgp-certs/testselfsigs => cert-tests/openpgp-selfsigs},
	tests/openpgp-certs/Makefile.am: tests: openpgp-certs tests were
	moved to cert-tests

2016-08-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: gnutls_key_generate: fail if the state of the
	library is invalid Suggested by Stephan Mueller.

2016-08-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-hello-verify.c: tests: mini-dtls-hello-verify:
	ignore SIGPIPE to avoid unexpected crashes Resolves: #119

2016-08-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/safe_renegotiation.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_safe_renegotiation_status: changed return type to unsigned

2016-08-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-08-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/long-session-id.c, tests/pkcs11/pkcs11-combo.c,
	tests/pkcs12_simple.c: tests: removed unused variables from tests

2016-08-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-06-23  Martin Ukrop <mukrop@redhat.com>

	* .gitignore, tests/Makefile.am, tests/name-constraints-ip.c,
	tests/test-chains.h: tests: Add tests for X509 IP constraints - Add dedicated test file name-constraints-ip for IP tests.  - Test the following:   * Generation and saving of valid name constraints.    * Trying to save invalid IP constraints.    * Reading the saved constraints.    * constraints_check() calls for both IPv4 and IPv6.    * IP constraints intersection (simple, empty, mediocre,
	  complicated).  * IPv4/IPv6 constraints interaction and various corner cases.  - IPs/CIDRs are printed in logs in case of failure.  - Add 2 new chain tests (positive, negative).  - Add generated test executable to ignored files.  Signed-off-by: Martin Ukrop <mukrop@redhat.com>

2016-06-29  Martin Ukrop <mukrop@redhat.com>

	* lib/x509/ip.c, lib/x509/name_constraints.c: x509: Add support for
	IP constraints - IP constraints are now checked against the subject alternative   name field.  - Implemented IP name constraints merging.  - Added IP constraints validity checking during loading and getting   the name constraints object from the user.  - Add a convenience function name_constraints_node_new that
	  allocates a name constraints node and sets its fields. Use this new
	  function where applicable.  - Add documentation for is_nc_empty,
	  _gnutls_name_constraints_node_free,
	_gnutls_name_constraints_intersect.  - Small improvements elsewhere (polishing).  Signed-off-by: Martin Ukrop <mukrop@redhat.com>

2016-08-03  Martin Ukrop <mukrop@redhat.com>

	* .gitignore, tests/Makefile.am, tests/{ip-in-cidr.c => ip-utils.c}: 
	tests: Add more IP conversion unit tests - Renamed ip-in-cidr test to ip-utils.  - Added built binary to .gitignore.  - Added new tests for gnutls_x509_cidr_to_rfc5280.  Signed-off-by: Martin Ukrop <mukrop@redhat.com>

2016-08-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ip-in-cidr.c: tests: added unit test for
	ip_in_cidr function

2016-06-29  Martin Ukrop <mukrop@redhat.com>

	* lib/errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/Makefile.am, lib/x509/ip-in-cidr.h, lib/x509/ip.c,
	lib/x509/ip.h, lib/x509/name_constraints.c, lib/x509/output.c,
	src/certtool-cfg.c: x509: Separate out IP handling functions - Moved IP/CIDR to string conversion functions into separate   header and export privately for the use in tests.  - Placed ip_in_cidr() into separate header for easy testing - Add publicly available function to convert text CIDR to RFC5280   format for the use in name constraints extension.  - certtool: Use GnuTLS exported CIDR functions instead of local
	ones.  - Export mask_to_prefix, mask_ip for internal GnuTLS use.  - Introduce new error value (malformed cidr) and add to description   functions in errors.c.  Signed-off-by: Martin Ukrop <mukrop@redhat.com>

2016-06-23  Martin Ukrop <mukrop@redhat.com>

	* tests/name-constraints.c, tests/test-chains.h: tests: Add corner
	case tests for name constraints, improve doc - Added corner case test suite for DNS name constraints.  - Documentation update in chain tests.  Signed-off-by: Martin Ukrop <mukrop@redhat.com>

2016-07-08  Martin Ukrop <mukrop@redhat.com>

	* .gitignore: Add more ignored files * .tmp and .swp for text editor files * Makefile.user created by Qt Creator * gl/tests/ctype.h as it is generated from ctype.h.in Signed-off-by: Martin Ukrop <mukrop@redhat.com>

2016-08-08  Stefan Sørensen <stefan.sorensen@spectralink.com>

	* tests/cert-common.h, tests/keylog-env.c,
	tests/send-client-cert.c, tests/set_x509_key.c,
	tests/set_x509_key_file_der.c, tests/set_x509_key_file_ocsp.c,
	tests/set_x509_key_mem.c, tests/x509-cert-callback-legacy.c,
	tests/x509-cert-callback.c, tests/x509cert.c: Change ca3 and related
	certificate to include an intermediate CA in the chain.  Also update a bunch of test-cases to support chains with an
	intermediate CA.  Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

2016-08-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-common.h, tests/x509cert.c: Revert "tests: check
	gnutls_certificate_get_x509_crt with more than one certificates" This reverts commit f7d884720b128ef86f6b9dc9fc498be89faf1732.

2016-08-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/srp.c: tests: do not run srp test when no SRP support is
	compiled in

2016-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/alpn-server-prec.c, tests/client-fastopen.c,
	tests/custom-urls-override.c, tests/custom-urls.c,
	tests/dtls-client-with-seccomp.c, tests/dtls-rehandshake-anon.c,
	tests/dtls-rehandshake-cert-2.c, tests/dtls-rehandshake-cert-3.c,
	tests/dtls-rehandshake-cert.c, tests/dtls-with-seccomp.c,
	tests/fallback-scsv.c, tests/key-material-dtls.c,
	tests/key-material-set-dtls.c, tests/long-session-id.c,
	tests/mini-alpn.c, tests/mini-cert-status.c,
	tests/mini-chain-unsorted.c, tests/mini-dtls-discard.c,
	tests/mini-dtls-fork.c, tests/mini-dtls-heartbeat.c,
	tests/mini-dtls-hello-verify-48.c, tests/mini-dtls-hello-verify.c,
	tests/mini-dtls-large.c, tests/mini-dtls-lowmtu.c,
	tests/mini-dtls-mtu.c, tests/mini-dtls-pthread.c,
	tests/mini-dtls-record-asym.c, tests/mini-dtls-record.c,
	tests/mini-dtls-srtp.c, tests/mini-dtls0-9.c, tests/mini-etm.c,
	tests/mini-handshake-timeout.c, tests/mini-key-material.c,
	tests/mini-loss-time.c, tests/mini-overhead.c,
	tests/mini-record-2.c, tests/mini-record-failure.c,
	tests/mini-record-range.c, tests/mini-record-retvals.c,
	tests/mini-record.c, tests/mini-server-name.c,
	tests/mini-termination.c, tests/mini-tls-nonblock.c,
	tests/no-signal.c, tests/openpgp-auth.c, tests/openpgp-auth2.c,
	tests/openpgp-callback.c, tests/prf.c, tests/resume-dtls.c,
	tests/resume.c, tests/sign-md5-rep.c, tests/srp.c,
	tests/status-request-missing.c, tests/status-request-ok.c,
	tests/status-request.c, tests/tls-client-with-seccomp.c,
	tests/tls-rehandshake-cert-2.c, tests/tls-with-seccomp.c,
	tests/tlsext-decoding.c, tests/utils.h, tests/x509dn.c: tests: moved
	child status error checking code in utils.h

2016-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/Makefile.am, doc/latex/macros.tex: latex: updated
	sources for new functions

2016-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2016-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.5.3

2016-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/socket.h, lib/system/fastopen.c, src/cli.c,
	tests/client-fastopen.c: gnutls_transport_set_fastopen: added flags
	options This will allow minor modifications to the semantics of the function
	in the future, without introducing a new API.

2016-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-08-08  Stefan Sørensen <stefan.sorensen@spectralink.com>

	* lib/x509/pkcs12.c: Fix gnutls_pkcs12_simple_parse to always
	extract the complete chain gnutls_pkcs12_simple_parse was only collecting extra certificates
	that was possible elements of the certificate chain when the
	extra_certs argument was not NULL. Fix by allways collecting all the
	certificates, any unneeded certificates are released before
	returning if extra_certs is NULL anyway.  Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

2016-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-common.h, tests/x509cert.c: tests: check
	gnutls_certificate_get_x509_crt with more than one certificates This would detect the issue in the "Fix invalid pointer operation in
	gnutls_certificate_get_x509_crt"

2016-08-08  Stefan Sørensen <stefan.sorensen@spectralink.com>

	* tests/x509cert.c, tests/x509dn.c, tests/x509self.c: tests: Use
	common ca3 test certificates in x509cert, x509dn and x509self tests.  Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

2016-08-08  Stefan Sørensen <stefan.sorensen@spectralink.com>

	* tests/cert-common.h: tests: Remove zero-termination of
	gnutls_datum encapsulated certificates This allows for memcmp comparison with certificates after
	processing.  Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

2016-08-08  Stefan Sørensen <stefan.sorensen@spectralink.com>

	* lib/x509.c: Fix invalid pointer operation in
	gnutls_certificate_get_x509_crt The access to the allocated crt_list variable was missing a pointer
	dereference, leading to memory corruption for any certificate list
	with more than one element.  Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>

2016-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/key-tests/Makefile.am,
	tests/key-tests/data/key-illegal.pem,
	tests/key-tests/data/p8key-illegal.pem,
	tests/key-tests/illegal-rsa, tests/rsa-illegal-import.c: tests:
	added check for errors when importing illegal RSA keys

2016-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: x509: call the fixup
	functions after loading private keys That way we can better report errors which relate to illegal
	parameters being detected.

2016-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: nettle: use rsa_*_key_prepare on key import Previously we calculated the size of the key directly, but by using
	the rsa_*_key_prepare we benefit from any checks that may be
	introduced in the future. Specifically any checks for invalid public
	keys (e.g., keys that may crash the underlying gmp functions).  This patch avoids calling rsa_private_key_prepare every time we
	construct a nettle private key struct, because this function
	requires a bigint multiplication. We call that function once on
	private key import.

2016-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-tests/Makefile.am: tests: added missing backslash in
	key-tests Makefile

2016-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: Revert "nettle: use rsa_*_key_prepare" This reverts commit c801a15bca9ea8f3f7abd4be48bebd36c54eeba2.

2016-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: moved all compatibility
	defines outside the enum

2016-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: prepared for release 3.5.3

2016-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c, tests/mini-record-failure.c,
	tests/mini-record-retvals.c: tests: use gnutls_record_set_timeout
	instead of kill child processes That way we avoid issues like #118 which are caused by killing the
	child process, and we also avoid deadlocks by making sure that recv
	will terminate after a long delay.

2016-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record.c: tests: mini-record modify in a way to be more
	fail safe That is, do not kill the child, but instead switch the roles of
	child and parent, and add a timeout on recv to avoid infinite
	delays.  Relates: #118

2016-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_int.h, lib/x509/verify-high2.c: pkcs11:
	is_object_pkcs11_url -> is_pkcs11_url_object Renamed function for clarity.

2016-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record.c: tests: ignore sigpipe in mini-record

2016-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_fips140_mode_enabled: changed return type to unsigned

2016-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* CONTRIBUTING.md: doc: updated contribution guide with more info on
	test suite [ci skip]

2016-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: 
	gnutls_pkcs11_privkey_status: return type changed to unsigned

2016-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-bib.texi, doc/cha-gtls-app.texi: doc: added section on
	SCTP protocol [ci skip]

2016-08-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/client-fastopen.c: tests: client-fastopen: removed seccomp
	conditional

2016-08-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system/fastopen.c: fastopen: improved error checking at
	connect()

2016-08-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: nettle: use rsa_*_key_prepare Previously we calculated the size of the key directly, but by using
	the rsa_*_key_prepare we benefit from any checks that may be
	introduced in the future. Specifically any checks for invalid public
	keys (e.g., keys that may crash the underlying gmp functions).

2016-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system/fastopen.c: gnutls_transport_set_fastopen: doc update

2016-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-linux.c: getrandom: use SYS_getrandom instead of
	__NR_getrandom These are identical definitions, but according to syscall()
	SYS_getrandom is the expected value.

2016-07-27  Martin Ukrop <mukrop@redhat.com>

	* lib/x509/name_constraints.c: x059: Fix asymmetry in name
	constraints intersection - In _gnutls_name_constraints_intersect, if *_nc had a node of some
	type not present in _nc2, this was preserved. However, if it was
	vice versa (_nc2 having a type not present in *_nc), this node was
	discarded.  - This is now fixed.  - Removed redundant return value check that was accidentally left
	when refactoring from set_datum to explicit NULL setting.  Signed-off-by: Martin Ukrop <mukrop@redhat.com>

2016-07-26  Martin Ukrop <mukrop@redhat.com>

	* tests/test-chains.h: tests: Add and improve chain tests - Add a new chaintest testing the symmetry of merging name
	constraints of different types.  - Rename old name_constraints_but_no_name test to match other name
	constraints tests.  - Improve chain description of older name constraints tests.  Signed-off-by: Martin Ukrop <mukrop@redhat.com>

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: do not generate makefiles in removed dirs

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/set_pkcs12_cred.c: tests: updated paths
	for new location of p12 files

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/suppressions.valgrind: tests: safe
	renegotiation tests are run from top dir

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/{srp/mini-srp.c => srp.c},
	tests/srp/Makefile.am: tests: srp tests moved outside subdir

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-tests/Makefile.am, tests/{sha2 =>
	cert-tests/data}/key-ca-dsa.pem, tests/{sha2 =>
	cert-tests/data}/key-ca.pem, tests/{sha2 =>
	cert-tests/data}/key-dsa.pem, tests/{sha2 =>
	cert-tests/data}/key-subca-dsa.pem, tests/{sha2 =>
	cert-tests/data}/key-subca.pem, tests/{sha2 =>
	cert-tests/data}/key-subsubca.pem, tests/{sha2 =>
	cert-tests/data}/key-user.pem, tests/cert-tests/sha2-dsa-test,
	tests/cert-tests/sha2-test, tests/sha2/Makefile.am,
	tests/sha2/sha2, tests/sha2/sha2-dsa: tests: moved sha2 tests into
	cert-tests/

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ecdsa/Makefile.am, tests/ecdsa/ecdsa,
	tests/key-tests/Makefile.am, tests/{ecdsa =>
	key-tests/data}/bad-key.pem, tests/key-tests/ecdsa: tests: moved
	ecdsa tests to key-tests/

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/dsa/Makefile.am,
	tests/key-tests/Makefile.am, tests/{dsa =>
	key-tests/data}/cert.dsa.1024.pem, tests/{dsa =>
	key-tests/data}/cert.dsa.2048.pem, tests/{dsa =>
	key-tests/data}/cert.dsa.3072.pem, tests/{dsa =>
	key-tests/data}/dsa-pubkey-1018.pem, tests/{dsa =>
	key-tests/data}/dsa.1024.pem, tests/{dsa =>
	key-tests/data}/dsa.2048.pem, tests/{dsa =>
	key-tests/data}/dsa.3072.pem, tests/{dsa/testdsa => key-tests/dsa}: 
	tests: moved dsa tests into key-tests/

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/key-tests/Makefile.am,
	tests/{pkcs8-decode => key-tests/data}/enc2pkcs8.pem,
	tests/{pkcs8-decode => key-tests/data}/encpkcs8.pem,
	tests/{pkcs8-decode => key-tests/data}/openssl-3des.p8,
	tests/{pkcs8-decode => key-tests/data}/openssl-3des.p8.txt,
	tests/{pkcs8-decode => key-tests/data}/openssl-aes128.p8,
	tests/{pkcs8-decode => key-tests/data}/openssl-aes128.p8.txt,
	tests/{pkcs8-decode => key-tests/data}/openssl-aes256.p8,
	tests/{pkcs8-decode => key-tests/data}/openssl-aes256.p8.txt,
	tests/{pkcs8-decode => key-tests/data}/unencpkcs8.pem,
	tests/{pkcs8-decode/pkcs8 => key-tests/pkcs8-decode},
	tests/pkcs8-decode/Makefile.am,
	tests/pkcs8-decode/suppressions.valgrind: tests: moved pkcs8 tests
	to key-tests/

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am, tests/key-tests/{ =>
	data}/ca-gnutls-keyid.pem, tests/key-tests/{ =>
	data}/ca-no-keyid.pem, tests/key-tests/{ =>
	data}/ca-weird-keyid.pem, tests/key-tests/{ =>
	data}/key-ca-1234.p8, tests/key-tests/{ => data}/key-ca-empty.p8,
	tests/key-tests/{ => data}/key-ca-null.p8, tests/key-tests/{ =>
	data}/key-ca.pem, tests/key-tests/{ => data}/key-ecc.p8,
	tests/key-tests/{ => data}/key-ecc.pem, tests/key-tests/{ =>
	data}/key-user.pem, tests/key-tests/{ => data}/openssl-key-ecc.p8,
	tests/key-tests/key-id, tests/key-tests/pkcs8: tests: key-tests:
	moved data files into data/ subdir

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-tests/Makefile.am,
	tests/{pkcs12-decode => cert-tests}/pkcs12,
	tests/pkcs12-decode/Makefile.am,
	tests/pkcs12-decode/suppressions.valgrind: tests: moved pkcs12 tests
	into cert-certs/ subdir

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2016-07-28  Tim Rühsen <tim.ruehsen@gmx.de>

	* configure.ac: Require compiler to support C99

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-07-09  Tim Kosse <tim.kosse@filezilla-project.org>

	* tests/chainverify-unsorted.c: Add test for
	gnutls_x509_crt_list_import2 with flag
	GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED.

2016-07-09  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/x509/crl.c: gnutls_x509_crl_list_import2 was ignoring the
	passed flags if all CTLs in the list fit within the initially
	allocated memory.

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cert-session.c: gnutls_certificate_get_peers may return an
	unsorted list

2016-07-09  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/x509/x509.c: gnutls_x509_crt_list_import2 was ignoring the
	passed flags if all certificates in the list fit within the
	initially allocated memory.

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_ext.c: x509: parse_tlsfeatures: move limit check at
	the point of addition This prevents appending failures when verifying chains on
	certificates which use the maximum allowed number of features.
	Suggested by Tim Kosse.

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/tlsfeature-ext.c: tests: removed irrelevant comment

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/tls_features.c: correct the sign type of integers in
	debug message Suggested by Tim Kosse

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: verify_crt: simplified error setting based on suggestion by Tim Kosse.

2016-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: verify_crt: removed text on parameter no longer
	being present

2016-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/name_constraints.c: x509: avoid using int declaration
	within a for-loop This addresses compilation problem with old compilers, and brings
	consistency as this type of declaration is not used in gnutls' code.

2016-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/global.c: gnutls_global_init/deinit: don't use any locking
	during constructor This ensures that there is no deadlock on unexpected errors, such as
	missing symbols (e.g., on lazy linking). Reported by Ludovic
	Courtès.

2016-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-linux.c: rnd-linux: use better define check for
	linux systems

2016-07-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/prf.c: gnutls_prf: document when its output matches
	gnutls_prf_rfc5705

2016-07-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/session.c: doc: gnutls_session_set_id: added since

2016-07-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: keep the guile logs as artifacts
	on test suite failure

2016-07-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-07-20  David Walker <david.walker@vcatechnology.com>

	* lib/common.mk: Add extra dependency flags This fixes the build when the dependencies are split up during a
	cross-compile Resolves: #113

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/{system-keys-dummy.c =>
	system/keys-dummy.c}, lib/{system-keys-win.c => system/keys-win.c}: 
	moved system-keys-win.c and system-key-dummy.c under system/

2016-07-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/system.c, lib/system.h, lib/system/certs.c,
	lib/system/iconv.c, lib/{ => system}/inet_ntop.c, lib/{ =>
	system}/inet_pton.c, lib/system/sockets.c, lib/system/threads.c,
	lib/{ => system}/vasprintf.c: split system.c to various files under
	system/

2016-07-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/includes/gnutls/gnutls.h.in: gnutls.h: giovec_t
	is a typedef to iovec where that is available

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/nettle/rnd-linux.c, tests/Makefile.am,
	tests/rng-sigint.c: tests: added unit test for linux
	_rnd_get_system_entropy This tests whether the function can operate as expected while being
	interrupted by signals.

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-linux.c: getrandom: loop around getrandom to get
	the requested number of bytes This simplifies and enhanced the previous error handling code.

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/README.ci-runners: README.ci-runners: document asan and
	ubsan tags

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: removed pkcs1-padding from subdirs

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: .gitignore: more tests files to ignore

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure.ac: don't generate makefiles of moved
	tests

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/{pkcs1-padding =>
	cert-tests/data}/pkcs1-pad-broken.pem, tests/{pkcs1-padding =>
	cert-tests/data}/pkcs1-pad-broken2.pem, tests/{pkcs1-padding =>
	cert-tests/data}/pkcs1-pad-broken3.pem, tests/{pkcs1-padding =>
	cert-tests/data}/pkcs1-pad-ok.pem, tests/{pkcs1-padding =>
	cert-tests/data}/pkcs1-pad-ok2.pem, tests/{pkcs1-padding =>
	cert-tests}/pkcs1-pad, tests/pkcs1-padding/Makefile.am: tests:
	pkcs1-pad: moved to cert-tests

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-tests/Makefile.am, tests/{userid =>
	cert-tests/data}/userid.pem, tests/{userid => cert-tests}/userid,
	tests/userid/Makefile.am: tests: userid test moved to cert-tests/

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/rsa-md5-collision/Makefile.am,
	tests/rsa-md5-collision/{rsa-md5-collision => rsa-md5-collision.sh}: 
	tests: rsa-md5-collision: run from top-level

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/record.c: doc: updated documentation for
	gnutls_transport_set_int*

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/cha-bib.texi, doc/cha-functions.texi,
	doc/cha-gtls-app.texi, doc/doc.mk, doc/manpages/Makefile.am: doc:
	added section on reducing round-trips That discusses TCP fast open with gnutls_transport_set_fastopen(),
	and false start.

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/client-fastopen.c: tests: added test of
	gnutls_transport_set_fastopen

2016-07-25  Tim Ruehsen <tim.ruehsen@gmx.de>

	* tests/Makefile.am, tests/fastopen.sh: tests: added test of TCP
	fast open using gnutls-cli and gnutls-serv

2016-07-25  Tim Ruehsen <tim.ruehsen@gmx.de>

	* NEWS: doc update

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/cli-debug.c, src/cli.c, src/common.c,
	src/common.h, src/danetool.c, src/ocsptool-common.c,
	src/ocsptool.c, src/socket.c, src/socket.h: tools: TLS handling has
	been incorporated into socket_open() This is of particular usage to the server IP address loop, since we
	can detect fast open errors and retry handshake to the next IP
	address.

2016-07-25  Tim Ruehsen <tim.ruehsen@gmx.de>

	* src/cli-args.def, src/cli.c, src/socket.c, src/socket.h: 
	gnutls-cli: added example usage of TCP fastopen It is enabled with the new --fastopen option.

2016-07-25  Tim Ruehsen <tim.ruehsen@gmx.de>

	* configure.ac, doc/Makefile.am, doc/manpages/Makefile.am,
	lib/Makefile.am, lib/buffers.c, lib/gnutls_int.h,
	lib/includes/Makefile.am, lib/includes/gnutls/socket.h,
	lib/libgnutls.map, lib/state.c, lib/system.c, lib/system.h,
	lib/system/fastopen.c: Support TCP Fast Open This introduces a new function gnutls_transport_set_fastopen().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
	Signed-off-by: Tim Ruehsen <tim.ruehsen@gmx.de>

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added asan tag for builds which
	require asan

2016-07-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs11/pkcs11-privkey-fork.c, tests/suppressions.valgrind: 
	tests: pkcs11-privkey-fork: added explicit pkcs11 deinitialization Also ignore known leaks for p11-kit.

2016-07-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: mention ubsan in README [ci skip]

2016-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/keylog-env.c, tests/set_x509_key.c,
	tests/set_x509_key_file.c, tests/set_x509_key_file_der.c,
	tests/set_x509_key_file_ocsp.c, tests/set_x509_key_mem.c,
	tests/set_x509_pkcs12_key.c, tests/utils-adv.c, tests/utils.h: 
	tests: added checks for OCSP response file support That is, check the usability of the APIs for setting and using an
	ocsp response. This improves and makes more generic the test suite
	API and test_cli_serv() in particular.

2016-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/dtls.c: dtls: added a null pointer check in record_overhead According to my reading this check is unnecessary as in no case a
	null pointer can be encountered. However gcc6 warns about a null
	pointer derefence and thus adding it, to be safe.

2016-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/hostname-verify.c: 
	gnutls_x509_crt_check_hostname*: use unsigned a return value This is to prevent issues to callers who may check for negative
	error values.

2016-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/session_pack.c, tests/resume-with-false-start.c: introduced:
	GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE This error code is returned when the session resumption parameters
	are requested during a handshake. That is, to increase the clarity
	when requesting these parameters while false start is active and the
	handshake is not complete even if gnutls_handshake() has returned.  Relates #114

2016-07-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/resume-with-false-start.c: tests: added
	check of the return values of resumption data functions during false
	start Relates #114

2016-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/session.c: doc: mention that the session data functions will
	fail prior to handshake completion

2016-07-20  Martin Ukrop <mukrop@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/x509/name_constraints.c: 
	x509: Fix DNS name constraints checking - If the intersection of name constraints of the given type was
	empty, the results allowed all names instead of none.  - Fixed by adding an universal excluded name constraint in case the
	intersection for the particular type is empty.  - Moved the logic of creating a name constraint node copy from
	_gnutls_name_constraints_intersect to
	name_constraints_intersect_nodes (previously
	name_constraints_match), as intersecting IP addresses will require
	further processing (not just taking one of the compared nodes as was
	the implementation till now).  - GNUTLS_SAN_MAX added in order to comfortably iterate over SAN type
	enum.

2016-07-20  Martin Ukrop <mukrop@redhat.com>

	* tests/name-constraints-merge.c, tests/test-chains.h: tests: Add
	DNS name constraints tests - One chaintest with empty permitted intersection.  - Merge testset with 2 permitted constraints with empty intersection
	(intersected list is completely empty).  - Merge testset with 3 permitted constraints, 2 of which have empty
	intersection.  - Merge testset with 2 permitted constraints with empty intersection
	and one constraints of different type that remains (intersected list
	is not empty).  - Enhance failing function with suite number for easier
	comprehension.

2016-07-20  Martin Ukrop <mukrop@redhat.com>

	* tests/name-constraints-merge.c, tests/name-constraints.c: tests:
	Tidy up old X509 name constraints tests - Use convenience functions for error checking and failure
	reporting.  - Drop explicit (de)initialization (prevents some not reed reachable
	memory due to PKCS11 subsystem not being deinitialized in the
	destructor).  - Use variables to count set permitted/excluded constraints instead
	of hard-coded numbers.

2016-07-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cert.c: doc: clarify return codes in verification functions
	[ci skip]

2016-07-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cert.c: gnutls_certificate_verify_peers2: document that
	hostname comparison follows RFC6125

2016-07-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-getentropy.c: rnd-getentropy: better handling of
	error printing with errno

2016-07-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-linux.c: rnd-linux: make getrandom back-end robust
	against EINTR failures

2016-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/state.c: gnutls_init: doc update

2016-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-tls-nonblock.c: tests: verify that GNUTLS_NONBLOCK is
	available as a definition

2016-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: define elements of
	gnutls_init_flags_t That is, define all the elements that were available prior the move
	from #define to enum, to allow code relying on

2016-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: documented the version
	various gnutls_init flags were introduced

2016-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/dn.c, lib/x509/x509.c, lib/x509/x509_dn.c: Moved the
	gnutls_x509_dn API functions to x509_dn.c

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509-dn-decode.c: tests: enhanced DN decoding tests with
	complex encoding

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_dn.c: RFC4514 DN decoding: allow decoding of raw
	('#') items In addition allow escaping prefix or suffix spaces as well as the
	hash.

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509-dn-decode.c: tests: enhanced DN decoding tests with
	encoding This adds unit tests for gnutls_x509_dn_set_str().

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/dn.c,
	lib/x509/x509_dn.c: Added gnutls_x509_dn_set_str() This allows initializing a gnutls_x509_dn_t structure via a DN
	string.

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/utils.c: tests: utils: use vasprintf() where available This allows printing long strings.

2016-07-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/x509-dn-decode.c, tests/{moredn.c =>
	x509-dn.c}: tests: added checks for the RFC4514 decoding via
	gnutls_x509_dn_get_str()

2016-07-19  Tim Rühsen <tim.ruehsen@gmx.de>

	* tests/mini-loss-time.c: Remove redundant if expression from
	tests/mini-loss-time.c

2016-07-19  Tim Rühsen <tim.ruehsen@gmx.de>

	* tests/slow/cipher-openssl-compat.c: Fix
	tests/slow/cipher-openssl-compat.c for OpenSSL 1.1.0

2016-07-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk: cfg.mk: no longer save config.rpath

2016-07-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, build-aux/ar-lib, build-aux/config.rpath,
	build-aux/test-driver, build-aux/ylwrap: removed auto-generated
	files from the repository

2016-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs11/pkcs11-chainverify.c, tests/pkcs11/pkcs11-is-known.c: 
	tests: removed an skipped failures due to bugs in softhsm 2.0.0 These are no longer an issue as the CI has been updated to softhsm
	2.1.0, which addresses them, and they prevented catching the
	GNUTLS-SA-2016-2 regression.

2016-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am, lib/nettle/egd.c, lib/nettle/egd.h,
	lib/nettle/rnd-linux.c: Dropped support for EGD random generator This removes rarely tested code for systems which no longer exist
	and simplifies code for Linux random generator.  Resolves #112

2016-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: prevent a version of getentropy() in a
	linux libc to be used For now, we auto-detect and switch between getrandom() and
	/dev/urandom when the former is not available. With the complexity
	of dealing with libc's that have the feature but kernel not
	supporting it, or vice versa it is best keep things simple.

2016-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-linux.c: rnd-linux: added sanity check in getrandom
	output

2016-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
	lib/nettle/rnd-getentropy.c, lib/nettle/rnd-linux.c,
	lib/nettle/rnd-windows.c: nettle: split the rnd-common to
	rnd-windows, rnd-getentropy, and rnd-linux That is, to the windows random generator as well as the getentropy()
	generator in BSDs, as well as the getrandom(), /dev/urandom, and EGD
	generators on Linux systems.

2016-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c: rnd-common: added faster detection of
	getrandom based on GRND_NONBLOCK

2016-07-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-07-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: urandom: use st_ino and st_rdev to
	determine device uniqueness

2016-07-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: Added auto-detection of getrandom()
	system call in Linux systems In addition use getrandom() via the syscall interface if it doesn't
	exist in Libc. The reason for the latter is that getrandom() support
	for glibc is in limbo for several years, and for auto-detection is
	that even if it is going to be present in libc we will not be able
	to guarrantee that the system call is available just because it is
	present in glibc.  For that we detect on initialization whether
	getrandom() can obtain random data, and if yes, we continue using
	that.

2016-07-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls-client-with-seccomp.c, tests/dtls-with-seccomp.c,
	tests/tls-client-with-seccomp.c, tests/tls-with-seccomp.c: tests:
	seccomp examples: use cert-common.h

2016-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/data/arb-extensions.csr,
	tests/cert-tests/data/arb-extensions.pem,
	tests/cert-tests/templates/arb-extensions.tmpl: tests: enhanced
	arbitrary extension tests with octet_string encoding

2016-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/certtool-args.def, src/certtool-cfg.c: 
	certtool: added the ability to encode arbitrary extensions That is, added the ability to encode as an octet string any
	specified extension data.

2016-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added expiration time of a week
	for failure artifacts

2016-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/crq_apis.c: tests: added basic testing of
	gnutls_x509_crq_set_extension_by_oid()

2016-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/data/arb-extensions.csr,
	tests/cert-tests/data/arb-extensions.pem,
	tests/cert-tests/template-exts-test,
	tests/cert-tests/templates/arb-extensions.tmpl: tests: added checks
	on certificate and request generation with arbitrary extensions This tests the add_extension and add_critical_extension options of
	certtool.

2016-07-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: certtool: added options to set arbitrary extensions
	to certificates and requests This allows setting arbitrary extensions using the following new
	template options: add_extension = "5.6.7.8 0x0001020304050607AAABCD"
	add_critical_extension = "9.10.11.12.13.14.15.16.17.1.5 0xCAFE" The "0x" prefix can be omitted.

2016-07-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c,
	lib/x509/x509_write.c: added gnutls_x509_crq_set_extension_by_oid() This is a function to add an arbitrary extension into a certificate
	request.

2016-07-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: doc: mention the need of libtasn1-tools in Fedora based
	systems [ci skip]

2016-07-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-07-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: doc: mention libcmocka dependency

2016-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/dtls-sliding-window.c: 
	tests: added unit testing for DTLS sliding window implementation This was taken from the unit testing of AF_KTLS.

2016-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/constate.c, lib/dtls-sw.c,
	lib/dtls-window.c, lib/dtls.h, lib/gnutls_int.h, lib/record.c,
	lib/state.c: dtls: imported Fridolin's DTLS sliding window
	implementation This simplifies the current code, and reduces the memory needed.

2016-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/dtls-window.c, lib/dtls.c: dtls: moved DTLS
	window handling to separate file

2016-07-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-client-x509.c: ex-client-x509: removed unused call
	to gnutls_session_set_ptr()

2016-07-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/int.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h: libtasn1: updated to allow large OIDs to
	be used even on 32-bit systems

2016-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* CONTRIBUTING.md: doc: updated contribution guide

2016-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* CONTRIBUTING.md: doc: updated contribution guide

2016-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: link the resume tests to gnulib due to
	their missing memmem() This fixes compilation of gnutls in solaris. Reported by Dagobert
	Michelsen.

2016-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: NEWS: corrected release date [ci skip]

2016-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: keep the artifacts on failure

2016-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/kx.c: write_nss_key_log: write the premaster secret while it
	is still valid

2016-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c: updated libtasn1

2016-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.5.2

2016-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: cfg.mk: reduced the generated changelog size

2016-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2016-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am, tests/slow/gnutls-asan.supp: tests: ignore
	any memory leaks from libcrypto

2016-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, devel/perlasm/aesni-gcm-x86_64.pl,
	devel/perlasm/aesni-gcm-x86_64.pl.license,
	devel/perlasm/license.txt, doc/cha-gtls-app.texi,
	lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c,
	lib/accelerated/x86/aes-x86.h,
	lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-gcm-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-gcm-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/cpuid-x86.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/files.mk,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-gcm-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/x86-common.c, tests/slow/test-ciphers-common.sh: 
	asm: updated openssl and the asm sources for AES-GCM from openssl
	1.0.2h This improves the performance of AES-GCM significantly by taking
	advantage of AVX and MOVBE instructions where available. This
	utilizes Andy Polyakov's code under BSD license.

2016-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: tests: when testing with openssl disallow
	any CPU optimizations This ensures that we test our optimized code (which is mostly
	openssl based), with code that is not identical.

2016-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, README.md, configure.ac, tests/slow/Makefile.am,
	tests/slow/cipher-openssl-compat.c, tests/slow/{test-ciphers =>
	test-ciphers-common.sh}, tests/slow/test-ciphers-openssl.sh,
	tests/slow/test-ciphers.sh: tests: added openssl compatibility tests
	for AES-GCM cipher

2016-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/errors.c, libdane/includes/gnutls/dane.h: dane: corrected
	the license of libdane files The license was always LGPL version 2.1, and these files mentioned
	LGPL version 3. Reported by Thomas Petazzoni.

2016-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/gnutls-asan.supp: tests: ignore leaks due
	to p11-kit in test suite This addresses issue in "pkcs11-privkey-fork" which failed when
	compiled under asan due to leaks in p11-kit after fork.

2016-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs11/pkcs11-mock.c,
	tests/pkcs11/pkcs11-mock.h, tests/pkcs11/pkcs11-privkey-fork.c: 
	tests: added check to ensure that pkcs11 objects will be reopened on
	fork This checks whether C_Initialize() and C_OpenSession() will be
	called again when using a PKCS#11 module.  Resolves #95

2016-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: on object import always check for a
	support public key algorithm

2016-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/crypto-selftests.c: 
	gnutls_aead_cipher_decrypt: corrected the return value of ptext_len That is, do not account the tag_size into the plaintext.

2016-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: check for libdl irrespective of FIPS140
	configuration This allows to link to libdl for the tests that require it.

2016-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: account pkcs11/pkcs11-mock-ext.h in
	Makefile

2016-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: link pkcs11-import-url-privkey with
	libdl That is because it uses dlopen().

2016-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2016-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs11/pkcs11-pubkey-import.c: tests: avoid compiler warning
	from pkcs11-pubkey-import

2016-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs11/pkcs11-import-url-privkey.c,
	tests/pkcs11/pkcs11-mock-ext.h, tests/pkcs11/pkcs11-mock.c: tests:
	added check to verify the tolerance of broken C_GetAttributes That is, test gnutls_pkcs11_obj_list_import_url4() when importing
	private keys from tokens that return CKR_OK on sensitive objects,
	and tokens that return CKR_ATTRIBUTE_SENSTIVE.  Relates #108

2016-06-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_int.c: pkcs11_get_attribute_avalue: correctly handle a
	-1 value length from C_GetAttributeValue That is, work-around modules which do not return an error on
	sensitive objects.  Relates #108

2016-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_int.c: pkcs11_get_attribute_avalue: do not assign
	values on failure When C_GetAttributeValue() returns size but does not return data
	then pkcs11_get_attribute_avalue() would set the return data pointer
	to a free'd value. This is against the convention expected by
	callers, i.e, set data to NULL. Reported by Anthony Alba in #108.

2016-06-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/name-constraints: tests: use datefudge in
	name-constraints test This avoids the expiration of the used certificate to affect the
	test.

2016-06-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: link libpkcs11mock1 with gnulib This allows it to use gnulib for strndup where it is needed.

2016-06-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: do not return from void functions This fixes a compilation issue with solaris compiler. Reported by
	Peter Eriksson.

2016-06-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: mention the boolean functions in the
	gnutls API

2016-06-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am: tests: removed remainders of pkcs11 tests
	from suite/

2016-06-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: 
	gnutls_pkcs11_crt_is_known: changed to unsigned type

2016-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs11/pkcs11-is-known.c: tests: pkcs11-is-known: check that
	no flags enforce compare

2016-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_crt_is_known: always assume
	GNUTLS_PKCS11_OBJ_FLAG_COMPARE unless
	GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given

2016-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/{suite => pkcs11}/pkcs11-chainverify.c,
	tests/{suite => pkcs11}/pkcs11-combo.c, tests/{suite =>
	pkcs11}/pkcs11-get-issuer.c, tests/{suite =>
	pkcs11}/pkcs11-is-known.c, tests/{suite =>
	pkcs11}/pkcs11-privkey.c, tests/{suite =>
	pkcs11}/pkcs11-pubkey-import-ecdsa.c, tests/{suite =>
	pkcs11}/pkcs11-pubkey-import-rsa.c, tests/{suite =>
	pkcs11}/pkcs11-pubkey-import.c, tests/{suite => pkcs11}/softhsm.h,
	tests/suite/Makefile.am: tests: moved pkcs11-softhsm test suite into
	pkcs11/

2016-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: find_cert_cb: minor cleanups in find_cert_cb

2016-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-is-known.c: tests: added more unit tests for
	gnutls_pkcs11_crt_is_known()

2016-06-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dn2.c: dn2: updated to account for serial number being
	printed

2016-06-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/certs/create-chain.sh: tests: corrected
	create-chain.sh to remove the ocsp_signing_key from generated certs

2016-06-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: replaced tls feature extension checks The previous checks had incorrect key purpose check on the final (root) certificate.

2016-06-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/x509/verify.c: enhanced debugging messages for
	cert verification

2016-06-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: print serial number in compact output

2016-06-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am: tests: include softhsm.h into dist files

2016-06-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: correctly encode the serial number when
	searching for certificate In gnutls_pkcs11_crt_is_known() corrected the encoding of the serial
	number to TLV DER from LV DER. This is the encoding we use when
	storing that number.

2016-06-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: correctly account check_found_cert()

2016-06-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c: gnutls-cli-debug: replaced
	draft-ietf-tls-chacha20-poly1305-04 with RFC7905

2016-06-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-cipher.c, src/benchmark.c, src/benchmark.h: 
	gnutls-cli: benchmark the memcpy performance to compare with ciphers Also ensure that we use different memory areas for each operation to
	avoid measuring better performance due to caching.

2016-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/prf.c: doc: corrected typo

2016-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/LINGUAS: Sync with TP.

2016-06-18  Andreas Metzler <ametzler@bebt.de>

	* lib/x509/crq.c, lib/x509/tls_features.c, lib/x509/x509.c,
	lib/x509/x509_ext.c: Typo fixes (found by lintian): extention,
	reencode

2016-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/dtls-rehandshake-cert-3.c: tests: added
	check for handshake packet reconstruction This tests whether a split handshake packet is properly
	reconstructed if the parts are switched.

2016-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/buffers.c: dtls: corrected reconstruction of handshake packets
	received out of order That is, when the handshake packet is split into multiple different
	chunks and received out of order, make sure that reconstruction
	occurs properly. Reported by Guillaume Roguez.

2016-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_write.c: Corrected the writing of serial number in
	PKCS#11 modules That is previously the serial number was written in raw format, but
	in PKCS#11 the serial number must be set encoded as integer. Report
	and fix by Stanislav Zidek.

2016-06-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ecc.c: ext: ecc: replaced SUPPORTED ECC POINT FORMATS with
	better formatted name

2016-06-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/srpbase64.c: tests: disable SRP-base64 encode/decoded tests
	when SRP is disabled

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: restrict windows build checks to
	tests/ subdir [ci skip] That is because there is an issue with the gnulib self tests when
	run under windows.

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.5.1

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/Makefile.am: tests: added missing files

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am: tests: fixed the path of cert-tests
	files and added missing files in Makefile.am

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/tlsfeature-ext.c: tests: verify the resilience of the
	TLSFeature handling functions on large number of features

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/tls_features.c, lib/x509/x509_ext.c, lib/x509/x509_int.h: 
	tlsfeature: impose a maximum number of supported TLS features This avoids many allocations and simplifies handling of the
	features.  The currently set maximum number of TLS features aligns
	with the maximum number of supported TLS extensions.

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/tlsfeature-crt.c: tests: added unit test
	for gnutls_x509_tlsfeatures_check_crt

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509.c,
	lib/x509/Makefile.am, lib/x509/crq.c, lib/x509/name_constraints.c,
	lib/x509/tls_features.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_ext.c, lib/x509/x509_write.c: During PKIX chain
	verification check the TLSFeatures compliance This verifies whether a chain complies with RFC7366 p.4.2.2
	requirements.  That is whether the issuer's features are a superset
	of the certificate under verification.  This enhances gnutls_x509_crt_get_tlsfeatures() to allow appending
	of TLSFeatures, and introduces gnutls_x509_tlsfeatures_check_crt().

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: verify_crt: moved all verification state into a
	common structure This allows for easier extension of state.

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: added chain verification with TLS
	features That adds checks for the RFC7633 requirements for intermediate and
	CA certificates (p. 4.2.2).

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/crq,
	tests/cert-tests/data/template-crq.pem,
	tests/cert-tests/templates/template-crq.tmpl: tests: verify the
	operation of honor_crq_ext template option

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/scripts/common.sh: tests: common.sh will export the required
	TZ for datefudge tests

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool.c, src/tests.c: tools: avoid using deprecated types

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: certtool: allow copying specific certificate request
	extensions to certificate This introduces the honor_crq_extension multi-line template option.

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/crq_apis.c: tests: added check on
	gnutls_x509_crt_set_crq_extension_by_oid()

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/x509_write.c: Added
	gnutls_x509_crt_set_crq_extension_by_oid() This allows copying specific OIDs from a certificate request to the
	certificate.

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/certtool, tests/cert-tests/krb5-test,
	tests/cert-tests/md5-test, tests/cert-tests/othername-test,
	tests/cert-tests/sha3-test, tests/cert-tests/template-test,
	tests/cert-tests/tlsfeature-test, tests/scripts/common.sh: tests:
	moved check for datefudge in scripts/common.sh

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/cert-tests/Makefile.am,
	tests/cert-tests/aki, tests/cert-tests/certtool,
	tests/cert-tests/certtool-long-cn, tests/cert-tests/certtool-utf8,
	tests/cert-tests/crl, tests/cert-tests/crq, tests/cert-tests/dane,
	tests/cert-tests/{ => data}/aki-cert.pem, tests/cert-tests/{ =>
	data}/bmpstring.pem, tests/cert-tests/{ => data}/ca-certs.pem,
	tests/cert-tests/{ => data}/ca-no-pathlen.pem, tests/cert-tests/{
	=> data}/cert-ecc256.pem, tests/cert-tests/{ =>
	data}/chain-md5.pem, tests/cert-tests/{ => data}/complex-cert.pem,
	tests/cert-tests/{ => data}/dane-test.rr, tests/cert-tests/{ =>
	data}/full.p7b.out, tests/cert-tests/{ => data}/funny-spacing.pem,
	tests/cert-tests/{ => data}/gost-cert.pem, tests/cert-tests/{ =>
	data}/invalid-sig.pem, tests/cert-tests/{ =>
	data}/invalid-sig2.pem, tests/cert-tests/{ =>
	data}/invalid-sig3.pem, tests/cert-tests/{ =>
	data}/name-constraints-ip.pem, tests/cert-tests/{ =>
	data}/name-constraints-ip2.pem, tests/cert-tests/{ =>
	data}/no-ca-or-pathlen.pem, tests/cert-tests/{ =>
	data}/p7-combined.out, tests/cert-tests/{ =>
	data}/pkcs7-detached.txt, tests/cert-tests/{ => data}/privkey1.pem,
	tests/cert-tests/{ => data}/privkey2.pem, tests/cert-tests/{ =>
	data}/privkey3.pem, tests/cert-tests/{ =>
	data}/provable-dsa2048-fips.pem, tests/cert-tests/{ =>
	data}/provable-dsa2048.pem, tests/cert-tests/{ =>
	data}/provable2048.pem, tests/cert-tests/{ =>
	data}/provable3072.pem, tests/cert-tests/{ =>
	data}/single-ca.p7b.out, tests/cert-tests/{ =>
	data}/template-date.pem, tests/cert-tests/{ =>
	data}/template-dn.pem, tests/cert-tests/{ =>
	data}/template-generalized.pem, tests/cert-tests/{ =>
	data}/template-krb5name-full.pem, tests/cert-tests/{ =>
	data}/template-krb5name.pem, tests/cert-tests/{ =>
	data}/template-nc.pem, tests/cert-tests/{ =>
	data}/template-othername-xmpp.pem, tests/cert-tests/{ =>
	data}/template-othername.pem, tests/cert-tests/{ =>
	data}/template-overflow.pem, tests/cert-tests/{ =>
	data}/template-overflow2.pem, tests/cert-tests/{ =>
	data}/template-rsa-sha3-224.pem, tests/cert-tests/{ =>
	data}/template-rsa-sha3-256.pem, tests/cert-tests/{ =>
	data}/template-rsa-sha3-384.pem, tests/cert-tests/{ =>
	data}/template-rsa-sha3-512.pem, tests/cert-tests/{ =>
	data}/template-test-ecc.key, tests/cert-tests/{ =>
	data}/template-test.key, tests/cert-tests/{ =>
	data}/template-test.pem, tests/cert-tests/{ =>
	data}/template-tlsfeature.csr, tests/cert-tests/{ =>
	data}/template-tlsfeature.pem, tests/cert-tests/{ =>
	data}/template-unique.pem, tests/cert-tests/{ =>
	data}/template-utf8.pem, tests/cert-tests/{ =>
	data}/very-long-dn.pem, tests/cert-tests/{ =>
	data}/xmpp-othername.pem, tests/cert-tests/invalid-sig,
	tests/cert-tests/krb5-test, tests/cert-tests/md5-test,
	tests/cert-tests/name-constraints, tests/cert-tests/othername-test,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/cert-tests/pkcs7, tests/cert-tests/pkcs7-broken-sigs,
	tests/cert-tests/privkey-import, tests/cert-tests/provable-privkey,
	tests/cert-tests/sha3-test, tests/cert-tests/template-test,
	tests/cert-tests/tlsfeature-test: tests: cert-tests: moved all data
	files in separate subdir

2016-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/krb5-test,
	tests/cert-tests/othername-test, tests/cert-tests/sha3-test,
	tests/cert-tests/template-test, tests/cert-tests/{ =>
	templates}/template-date.tmpl, tests/cert-tests/{ =>
	templates}/template-dn-err.tmpl, tests/cert-tests/{ =>
	templates}/template-dn.tmpl, tests/cert-tests/{ =>
	templates}/template-generalized.tmpl, tests/cert-tests/{ =>
	templates}/template-krb5name.tmpl, tests/cert-tests/{ =>
	templates}/template-nc.tmpl, tests/cert-tests/{ =>
	templates}/template-othername-xmpp.tmpl, tests/cert-tests/{ =>
	templates}/template-othername.tmpl, tests/cert-tests/{ =>
	templates}/template-overflow.tmpl, tests/cert-tests/{ =>
	templates}/template-overflow2.tmpl, tests/cert-tests/{ =>
	templates}/template-test.tmpl, tests/cert-tests/{ =>
	templates}/template-tlsfeature-crq.tmpl, tests/cert-tests/{ =>
	templates}/template-tlsfeature.tmpl, tests/cert-tests/{ =>
	templates}/template-unique.tmpl, tests/cert-tests/{ =>
	templates}/template-utf8.tmpl, tests/cert-tests/tlsfeature-test: 
	tests: cert-tests: moved templates into subdir

2016-06-10  Daniel P. Berrange <berrange@redhat.com>

	* tests/system-prio-file.c: tests: test trailing comma in system
	priorities Add tests which verify behaviour when the list of system priorities
	has a trailing ','. Avoid crash in test suite if the test
	unexpectedly succeeds when expected_str is NULL.  Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

2016-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/dtls-rehandshake-cert-2.c: tests: added
	check of DTLS rehandshake for upgrade That is check whether anon -> cert renegotiation works.

2016-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/dtls-rehandshake-cert.c: tests: added
	check of DTLS rehandshake when using PKIX certs This complements the existing DTLS rehandshake test using anonymous
	ciphersuites.

2016-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/system-prio-file.c: tests: document some details in
	system-prio-file [ci skip]

2016-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/priority.c: doc: mention the usage of the
	_gnutls_resolve_priorities function in testsuite

2016-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: mention the fallback keyword support
	in manual

2016-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/system-prio-file.c: tests: added checks for system priority
	file fallback mechanism

2016-06-03  Daniel P. Berrange <berrange@redhat.com>

	* lib/priority.c: gnutls_priority_init: multiple @KEYWORD lookups
	with fallback The support for using "@KEYWORD" as a priority string is very useful
	to separate selection of priorities from application specific code
	or config files. It is, however, not general enough to fully serve
	all reasonable use cases.  For example, consider an application sets   gnutls_priority_set_direct(session, "@SYSTEM", NULL); The system administrator can modify the global priorities file to
	change what "@SYSTEM" resolves to for all apps using GNUTLS. As soon
	as one application wishes to have a slightly different configuration
	from others on the host, you have to go back and start modifying
	application specific configuration files once more. This is bad for
	the system administrator as it means there's no longer one single
	place where they can see the priority configuration for all apps.  They may try to get around this problem by configuring the app to
	use a different keyword, instead of a full priority string, eg
	"@LIBVIRT". So the global priorities file can now define entries for
	both "SYSTEM" and "LIBVIRT". This has still placed a burden on the
	administrator change the config in two places - both libvirt config
	files and the global priorities file.  What is more desirable is if applications were able to provide a
	list of keywords that would be tried in order, picking the first
	that existed. For example, libvirt could be written to request the
	following by default   gnutls_priority_set_direct(session, "@LIBVIRT,SYSTEM", NULL); With this, gnutls would first try to find the "LIBVIRT" keyword in
	the global configuration file, and if that is not present, then it
	would fallback to trying to find the "SYSTEM" keyword.  This provides nice "out of the box" behaviour for system
	administrators, whereby the app would be using "SYSTEM" initially
	and if the admin wishes to give the app a custom configuration, they
	can simply modify the global priorities file to add in the
	application specific keyword "LIBVIRT". There is never a need for
	the sysadmin to modify any application specific configuration files
	any more. It is exclusively controlled in one place via the global
	priorities file.  Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

2016-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/system-prio-file.c: tests: enhanced system priority file
	testing This checks whether appending to system priority options work.

2016-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/priority.c: doc update

2016-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-gtls-examples.texi: doc: remove all
	references to openpgp auth example

2016-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-03  Daniel P. Berrange <berrange@redhat.com>

	* lib/priority.c: _gnutls_resolve_priorities: always try to re-read
	sys priority file Previously if the system priority file was edited, that would take
	effect on the very next TLS session an application created.  As of:   commit 006b89d4464ae1bb6d545ea5716998654124df45   Author: Nikos Mavrogiannopoulos <nmav@redhat.com>   Date:   Fri Apr 1 10:46:12 2016 +0200     priorities: preload the system priorities on library loading
	    time It is required to restart every application after changing the
	system priority file to get changes to take effect.  Further, for applications running in a chroot, it will no longer
	honour a system priority file that may exist inside the chroot,
	always using the originally cached data from outside the chroot.  This patch changes the caching so that we always try to reload the
	cache of system priorities. A mtime check is used to avoid actually
	re-reading the file unless its content has obviously changed. If the
	file no longer exists, the cache will not be invalidated. This
	ensures that the current priority file is always honoured, whether
	inside a chroot or not, while at the same time allowing apps to work
	in a chroot when no system priority file is present.  Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

2016-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: remove references to GNUTLS_KEYLOGFILE

2016-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/{mini-dtls-rehandshake.c =>
	dtls-rehandshake-anon.c}, tests/{mini-rehandshake-2.c =>
	tls-rehandshake-cert-2.c}, tests/{mini-rehandshake.c =>
	tls-rehandshake-cert.c}: tests: renamed rehandshake checks for
	clarity

2016-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/global.c, lib/global.h, lib/kx.c, tests/keylog-env.c: 
	keylogfile: only consider the SSLKEYLOGFILE variable In addition do not check the environment in the constructor but
	instead use static variables to save the key file name.  The
	GNUTLS_KEYLOGFILE environment variable is no longer used since there
	is no reason to have a separate one.

2016-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/ext/server_name.c, lib/x509/common.c,
	lib/x509/crq.c, lib/x509/key_encode.c, lib/x509/krb5.c,
	lib/x509/krb5.h, lib/x509/privkey.c: lib: eliminated the use of
	deprecated variables

2016-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-examples.texi, doc/examples/Makefile.am,
	doc/examples/ex-serv-pgp.c: doc: removed OpenPGP examples Relates #102

2016-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs12.h, lib/x509/pkcs12_bag.c: pkcs12:
	corrected return type of gnutls_pkcs12_bag_get_type()

2016-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: move pkcs11-cert-import-url4-exts with
	the other pkcs11 tests This prevents a build failure in windows.

2016-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: doc clarify the version since when
	GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT is accepted

2016-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/crl-test: tests: corrected typo in crl-test

2016-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs11/pkcs11-cert-import-url4-exts.c: 
	tests: check gnutls_pkcs11_obj_list_import_url4() with
	GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT

2016-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url4: accepts the
	GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag

2016-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url3: rewritten to use
	gnutls_pkcs11_obj_list_import_url4

2016-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_int.c, lib/pkcs11_privkey.c,
	lib/pkcs11_secret.c, lib/pkcs11_write.c: pkcs11: use ctx as variable
	name for ck_object_handle_t for clarity

2016-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: doc update

2016-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: _gnutls_check_key_purpose: in CA certificates
	treat the SGC key purpose as GNUTLS_KP_TLS_WWW_SERVER This is a hack for certain very old CA certificates lurking around
	which instead of having the GNUTLS_KP_TLS_WWW_SERVER have some old
	OIDs for that purpose. Consider these OIDs equivalent to
	GNUTLS_KP_TLS_WWW_SERVER in marked as CA certificates.

2016-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: --save-ocsp will work even if verification
	fails That is, allow saving the response even if the OCSP response caused
	a verification error. That way the response can be examined for
	possible issues.

2016-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: ocsp: attempt harder to figure an OCSP staple issuer That is, check initially against the trust list set on the
	credentials, and if verification is not possible attempt with all
	certificates in the chain as possible issuers. The reason of this
	enhancement is the few servers have an OCSP response signed not by
	their direct CA but rather by one of the higher level CAs.

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp-tests/Makefile.am,
	tests/ocsp-tests/ocsp-must-staple-connection: tests: added
	comprehensive OCSP test suite with MUST-staple PKIX extension This includes the tests:  - Server with valid certificate - no staple  - Server with valid certificate - valid staple  - Server with valid certificate - invalid staple  - Server with valid certificate - unrelated cert staple  - Server with valid certificate - expired staple  - Server with valid certificate - old staple

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/utils.c, tests/utils.h: tests: utils: added c_print()

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c,
	tests/cert-tests/template-tlsfeature.csr: ext: status_request: added
	more descriptive name

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: ocsp: fail certificate verification on expired or too
	old revocation data info

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cert.c, lib/includes/gnutls/gnutls.h.in, lib/x509.c: ocsp:
	Introduced GNUTLS_CERT_INVALID_OCSP_STATUS This verification status flag indicates an OCSP status response
	being stapled but it being invalid for some reason (e.g., unable to
	parse or doesn't contain the expected certificate).

2016-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-bib.texi, doc/cha-cert-auth2.texi, doc/cha-intro-tls.texi: 
	doc: improved OCSP description and mention RFC7633

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/urls.c: tests: added basic check for
	gnutls_url_is_supported

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/urls.c: 
	gnutls_url_is_supported: type changed to unsigned In addition function documentation was updated.

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c: doc update

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/abstract_int.h, lib/pubkey.c: pubkey_to_bits: return type was
	changed to unsigned This function did not return signed data, so the "int" return type
	was confusing.

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: crypto-selftests: removed unneeded cast

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphers.c, lib/crypto-api.c,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/pkcs12.h,
	lib/includes/gnutls/pkcs7.h, lib/includes/gnutls/x509.h,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c, lib/x509/verify-high.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: several
	sign-related API changes This replaces the usage of "int" in functions which could only have
	accepted an "unsigned" value. Also functions which return unsigned
	values are explicitly tagged as such. The ABI remains the same with
	these changes.  This allows easier catching of sign/unsigned related errors from the
	calling applications.

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/sign.c: x509: simplified _gnutls_x509_get_tbs()

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/verify.c: x509:
	replace the bool type with the unsigned type This allows to rely on gcc warnings for improper checks and
	conversions. Unfortunately gcc does warn on invalid checks for the
	bool type (e.g., b<0).

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: enable the type-limits gcc warnings In addition remove the unsafe-loop-optimizations warning as they
	were not helpful.

2016-05-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: certtool: doc update

2016-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: DCO: added Tim Kosse [ci skip]

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: tools: modify canonicalize_host to not depend on
	in6_addr

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/tlsfeature-ext.c: tests: added unit tests
	for gnutls_x509_tlsfeatures_t handling funcs This includes DER import/export as well as feature appending.

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/tlsfeature-test: tests: tlsfeature-test will
	ignore the 'Algorithm Security Level' line in comparisons That is to allow depending on the certificate output validation
	without relying on "moving" parameters such as the Algorithm
	Security Level.

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-tlsfeature-crq.tmpl,
	tests/cert-tests/tlsfeature-test: tests: verify whether the
	TLSFeatures extension is copied Verify whether the TLSFeatures extension is copied from the
	certificate request to the generated certificate.

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/x509/crq.c, lib/x509/x509.c, lib/x509/x509_ext.c,
	lib/x509/x509_write.c: doc: updated since version of tlsfeature
	functionality and documented new functions

2016-01-15  Tim Kosse <tim.kosse@filezilla-project.org>

	* tests/Makefile.am, tests/status-request-missing.c: tests: add
	testcase to check for missing status request That is verify whether the OCSP MUST-staple extension, as can be
	deduced from RFC7633, is accounted during handshake.

2016-01-15  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/extensions.c, lib/handshake.c, lib/state.c: Reset
	extensions_sent_size only at start of handshake That is, do not reset it when completing it so that we can use the
	negotiated extensions even after the handshake is complete.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2015-12-20  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/cert.c, lib/extensions.c, lib/extensions.h,
	lib/includes/gnutls/gnutls.h.in, lib/x509.c: Account the TLSFeature
	certificate extension in certificate verification That is, account for the OCSP-Must staple extension. If we have sent
	an OCSP status request and have not gotten anything, but the
	certificate has the Status Request TLSFeature extension present,
	fail to verify the certificate.

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/cli.c, src/socket.c, src/socket.h: tools:
	allow specifying a hostname with a port attached That is: gnutls-cli www.example.com:443 is equivalent to gnutls-cli
	www.example.com -p 443

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-tlsfeature.csr,
	tests/cert-tests/template-tlsfeature.pem,
	tests/cert-tests/template-tlsfeature.tmpl,
	tests/cert-tests/tlsfeature-test: tests: check the generation and
	printing of TLS feature PKIX extension

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc: document tls_feature option in the
	sample template

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/cert_type.c, lib/ext/dumbfw.c, lib/ext/ecc.c,
	lib/ext/etm.c, lib/ext/ext_master_secret.c, lib/ext/heartbeat.c,
	lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
	lib/ext/server_name.c, lib/ext/session_ticket.c,
	lib/ext/signature.c, lib/ext/status_request.c: TLS extensions: use
	more human-friendly names This is required to provide better output to gnutls_ext_get_name()

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/extensions.c, lib/extensions.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/x509/output.c: exported function to convert TLS extension
	numbers to strings The exported function is gnutls_ext_get_name()

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/extensions.c, lib/extensions.h, lib/x509/output.c: 
	x509/output: print the extension name of TLSFeatures

2016-01-07  Tim Kosse <tim.kosse@filezilla-project.org>

	* doc/certtool.cfg, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: Implement setting the TLS features extension on
	certificates via certtool's template file.

2016-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: libgnutls.map: exported the tlsfeatures-related
	functions

2016-01-15  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/includes/gnutls/x509.h, lib/x509/crq.c: Add functions to
	get/set the tlsfeatures to certificate requests.

2016-05-30  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/includes/gnutls/x509.h, lib/x509/x509.c,
	lib/x509/x509_write.c: Added gnutls_x509_crt_set_tlsfeatures Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2016-05-30  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/includes/gnutls/x509-ext.h, lib/x509/x509_ext.c: Added
	functions to add features and convert tlsfeatures back to DER That adds:   gnutls_x509_ext_export_tlsfeatures   gnutls_x509_tlsfeatures_add Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2016-01-15  Tim Kosse <tim.kosse@filezilla-project.org>

	* tests/sign-md5-rep.c, tests/status-request-ok.c,
	tests/status-request.c: Move call to terminate() until after
	printing the error message.

2016-01-15  Tim Kosse <tim.kosse@filezilla-project.org>

	* tests/status-request-ok.c, tests/status-request.c: Fix the
	description of two testcases.

2016-05-30  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/includes/gnutls/x509-ext.h, lib/includes/gnutls/x509.h,
	lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/output.c,
	lib/x509/x509.c, lib/x509/x509_ext.c, lib/x509/x509_int.h: Added
	functions to parse the TLSFeatures X.509 extension.  In addition provide function to enumerate the features it lists, and
	output information with the output functions.  This adds:   gnutls_x509_tlsfeatures_init   gnutls_x509_tlsfeatures_deinit   gnutls_x509_tlsfeatures_get   gnutls_x509_ext_import_tlsfeatures   gnutls_x509_crt_get_tlsfeatures Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2016-05-29  Andreas Metzler <ametzler@bebt.de>

	* src/certtool-args.def: Typo fix: auxilary -> auxiliary [ci skip]

2016-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls0-9.c: tests: added DTLS 0.9 check with AES-128-GCM

2016-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/secure_getenv.c: gl: secure_getenv() will behave as getenv on
	windows

2016-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/windows/crypt32.c: tests: corrected definition of
	CryptSignHash in mock crypt32

2016-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c,
	gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h, gl/errno.in.h,
	gl/float+.h, gl/float.c, gl/float.in.h, gl/fstat.c, gl/ftell.c,
	gl/ftello.c, gl/getdelim.c, gl/getline.c, gl/gettext.h,
	gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
	gl/intprops.h, gl/itold.c, gl/lseek.c, gl/m4/00gnulib.m4,
	gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/byteswap.m4,
	gl/m4/ctype.m4, gl/m4/errno_h.m4, gl/m4/exponentd.m4,
	gl/m4/extensions.m4, gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4,
	gl/m4/fcntl_h.m4, gl/m4/fdopen.m4, gl/m4/float_h.m4,
	gl/m4/fpieee.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4,
	gl/m4/ftello.m4, gl/m4/func.m4, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/gettimeofday.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/include_next.m4,
	gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
	gl/m4/inttypes_h.m4, gl/m4/largefile.m4, gl/m4/ld-output-def.m4,
	gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/longlong.m4, gl/m4/lseek.m4,
	gl/m4/malloc.m4, gl/m4/manywarnings.m4, gl/m4/math_h.m4,
	gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
	gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
	gl/m4/off_t.m4, gl/m4/printf.m4, gl/m4/read-file.m4,
	gl/m4/realloc.m4, gl/m4/secure_getenv.m4, gl/m4/size_max.m4,
	gl/m4/snprintf.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
	gl/m4/ssize_t.m4, gl/m4/stdalign.m4, gl/m4/stdbool.m4,
	gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4,
	gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4,
	gl/m4/string_h.m4, gl/m4/strings_h.m4, gl/m4/strndup.m4,
	gl/m4/strnlen.m4, gl/m4/strtok_r.m4, gl/m4/strverscmp.m4,
	gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
	gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4, gl/m4/time_h.m4,
	gl/m4/time_r.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
	gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4,
	gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4, gl/m4/warnings.m4,
	gl/m4/wchar_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4,
	gl/m4/xsize.m4, gl/malloc.c, gl/memchr.c, gl/memmem.c, gl/minmax.h,
	gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
	gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h,
	gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
	gl/printf-parse.h, gl/read-file.c, gl/read-file.h, gl/realloc.c,
	gl/secure_getenv.c, gl/size_max.h, gl/snprintf.c, gl/stdalign.in.h,
	gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h, gl/strcasecmp.c,
	gl/string.in.h, gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c,
	gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_socket.c,
	gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
	gl/tests/binary-io.c, gl/tests/binary-io.h, gl/tests/ctype.in.h,
	gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/fpucw.h,
	gl/tests/getpagesize.c, gl/tests/init.sh, gl/tests/inttypes.in.h,
	gl/tests/macros.h, gl/tests/signature.h,
	gl/tests/test-alloca-opt.c, gl/tests/test-binary-io.c,
	gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
	gl/tests/test-ctype.c, gl/tests/test-errno.c,
	gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c,
	gl/tests/test-fgetc.c, gl/tests/test-float.c,
	gl/tests/test-fputc.c, gl/tests/test-fread.c,
	gl/tests/test-fstat.c, gl/tests/test-ftell.c,
	gl/tests/test-ftell3.c, gl/tests/test-ftello.c,
	gl/tests/test-ftello3.c, gl/tests/test-ftello4.c,
	gl/tests/test-func.c, gl/tests/test-fwrite.c,
	gl/tests/test-getdelim.c, gl/tests/test-getline.c,
	gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c,
	gl/tests/test-init.sh, gl/tests/test-intprops.c,
	gl/tests/test-inttypes.c, gl/tests/test-memchr.c,
	gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
	gl/tests/test-read-file.c, gl/tests/test-snprintf.c,
	gl/tests/test-stdalign.c, gl/tests/test-stdbool.c,
	gl/tests/test-stddef.c, gl/tests/test-stdint.c,
	gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
	gl/tests/test-string.c, gl/tests/test-strings.c,
	gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c,
	gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
	gl/tests/test-sys_time.c, gl/tests/test-sys_types.c,
	gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h,
	gl/tests/test-time.c, gl/tests/test-unistd.c,
	gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
	gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/unistd.c,
	gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
	gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h, lib/mem.h: 
	Rely on gnulib's secure_getenv()

2016-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.c: x86-common: use secure_getenv()

2016-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure.ac: check for secure_getenv where
	available and always enable system extensions

2016-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/keylog-env.c: tests: keylog-env will check for SSLKEYLOGFILE
	as well

2016-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c, lib/global.c, lib/mem.h, lib/priority.c, lib/system.c: 
	env: use secure_getenv when reading environment variables

2016-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/global.c, lib/global.h, lib/kx.c: 
	Append keys on keylogfile Also consider the SSLKEYLOGFILE variable, since the format is
	identical and we are always appending keys.

2016-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ssl2-hello.c: tests: ssl2-hello check is made conditional It is only run if ENABLE_SSL2 is defined.

2016-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: .gitignore: more files to ignore

2016-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/ssl2-hello.c: tests: added SSL2.0 client
	hello parsing check

2016-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-common.h: tests: added small text clarifying the
	purpose of the cert-common.h header

2016-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-openssl.sh,
	tests/suite/testcompat-polarssl.sh: tests: add an upper limit in the
	run of compat tests This allows the test suite to recover from the case of DTLS
	implementations that do not properly retransmit and block on lost
	packets.

2016-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: doc: advise against using the TPM-specific
	API It is restricted to TPM 1.2, and there are fine PKCS#11 wrappers
	that will provide identifical functionality.  Relates #101

2016-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: corrected typo preventing the
	no-SSL 3.0 test part to be properly run Also test the --disable-ssl2-support option.

2016-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/kx.c: Amend the "Allow for conditional compilation of SSL 3.0
	protocol patch" That is fix bug introduced by an incorrect #ifdef, and
	unconditionally provide access to certificate callbacks.  This amends 89faab9e9e9123f39e8c0c6f8da1f67de423254a

2016-05-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-bib.texi, doc/cha-gtls-app.texi, doc/latex/gnutls.bib: 
	doc: updated text on priority strings Refer to RFC7685 for the TLS padding extension (%DUMBFW), and
	mention the default behavior for the TLS client hello record
	version.

2016-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: added sanity check to find_obj_url_cb() for
	object validity Also avoid unnecessary recursion.

2016-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: run compatibility
	checks in parallel for various modifiers That is, the various %NO_ETM, %COMPAT, ... modifiers are checked in
	parallel in the testcompat suite, reducing the overall running time
	significantly.

2016-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/version-checks.c: tests: enhance TLS version checks with
	DTLS That is we check whether DTLS-1.0 and DTLS-1.2 can be negotiated
	using the NORMAL priority string. We also add a custom check for
	DTLS-0.9 as this is not fully supported for negotiation.

2016-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/danetool.sh, tests/scripts/common.sh,
	tests/suite/eagain.sh, tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl, tests/suite/testdane.sh,
	tests/suite/testpkcs11.sh, tests/suite/testrng.sh,
	tests/suite/testsrn.sh: tests: use /bin/bash in tests which require
	common.sh

2016-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: minimal build disables SSL2 client
	hello

2016-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/buffers.c, lib/debug.c, lib/handshake.c,
	lib/record.c, lib/sslv2_compat.c, m4/hooks.m4: Allow for conditional
	compilation of SSL 2.0 client hello support This allows to completely remove SSL 2.0 support by calling
	configure with the '--disable-ssl2-support' option.  Relates #97

2016-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cipher.c, lib/cipher_int.c, lib/cipher_int.h, lib/constate.c,
	lib/kx.c, lib/range.c: Amend: Allow for conditional compilation of
	SSL 3.0 protocol This patch makes conditional several more SSL 3.0-only parts of
	codebase.

2016-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* CONTRIBUTING.md: CONTRIBUTING.md: link to milestones instead of
	all issues

2016-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509-cas.c: tests: mini-x509-cas: use cert-common.h

2016-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* CONTRIBUTING.md: CONTRIBUTING.md: doc update

2016-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: do not use pkglib to generate
	libpkcs11mock1.so This resulted in the test library being installed. Install we use
	noinst for the library, but pass -rpath to LDFLAGS as a hack to for
	libtool to generate the shared version.

2016-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure.ac: increased stack size usage to reduce
	warnings Also remove gcc flags from the banned list that no longer pose and
	issue.

2016-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/announce.txt: announce.txt:  updated list email address

2016-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/priority.c: priority: CCM ciphersuites was promoted over the
	CBC ones Also make explicit the prioritization rules for the default set of
	ciphers.

2016-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/socket.c, src/socket.h: gnutls-cli: allow operation
	with stdin input That is once commands from stdin are given, they are not only sent
	to server, but we also wait for a response prior to exiting.  Resolves #96

2016-05-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: doc update

2016-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ocsp-tests/ocsp-tls-connection: tests: ocsp-tls-connection:
	use /bin/bash since we rely on the $RANDOM variable

2016-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/keylog-env.c: tests: use _putenv() for setting environment
	on windows

2016-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/keylog-env.c: tests: added check to
	verify that keylog file is being written

2016-05-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi: doc: documented the GNUTLS_KEYLOGFILE
	environment variable

2016-05-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/kx.c: Write session keys into a file when GNUTLS_KEYLOGFILE is
	exported That is the file pointed from the variable is written to, and
	contain the session parameters in the following format (identical to
	NSS key log format): CLIENT_RANDOM <space> <64 bytes of hex encoded client_random>
	<space> <96 bytes of hex encoded master secret> and for the old RSA ciphersuites also in the format: RSA <space> <16
	bytes of hex encoded encrypted pre master secret> <space> <96 bytes
	of hex encoded master secret> Resolves #64

2016-05-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/systemkey-args.def, src/systemkey.c: systemkey: corrected help
	output

2016-05-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: doc: document the systems supported via
	systemkeys API

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cert.c, lib/x509/verify-high.c: doc update [ci skip]

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: corrected check for OCSP verification
	success

2016-04-29  Thomas Klute <thomas2.klute@uni-dortmund.de>

	* tests/ocsp-tests/Makefile.am, tests/ocsp-tests/{ =>
	certs}/ca.key, tests/ocsp-tests/{ => certs}/ca.pem,
	tests/ocsp-tests/{ => certs}/ocsp-server.key, tests/ocsp-tests/{ =>
	certs}/ocsp-server.pem, tests/ocsp-tests/certs/ocsp_index.txt,
	tests/ocsp-tests/certs/ocsp_index.txt.attr,
	tests/ocsp-tests/certs/server_bad.key,
	tests/ocsp-tests/certs/server_bad.template,
	tests/ocsp-tests/certs/server_good.key,
	tests/ocsp-tests/certs/server_good.template,
	tests/ocsp-tests/ocsp-test, tests/ocsp-tests/ocsp-tls-connection: 
	Test case for gnutls-cli --ocsp This new test case checks if gnutls-cli accepts OCSP responses for a
	valid and a revoked server certificate when establishing TLS
	connections. Uses the OpenSSL OCSP responder.  Signed-off-by: Thomas Klute <thomas2.klute@uni-dortmund.de>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* INSTALL.md: INSTALL.md: no longer reference libgcrypt

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-install.md => INSTALL.md, Makefile.am, README-alpha.md =>
	README.md: doc: updated README files This makes the names a bit more reasonable, drops the very generic
	INSTALL file, and also allows the github repository to print the
	correct README file.  README -> INSTALL.md README-alpha.md -> README.md

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/{mini-x509-cert-callback-legacy.c =>
	x509-cert-callback-legacy.c}, tests/{mini-x509-cert-callback.c =>
	x509-cert-callback.c}: tests: renamed cert-callback checks for
	simplicity

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-x509-cert-callback-legacy.c: tests:
	added check with the legacy cert verification callback

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c: doc update

2016-05-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509-cert-callback.c: tests: cert-callbacks check now
	checks the server-side callback operation as well

2016-05-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/dtls-stress.c: tests: dtls-stress: fix debug argument
	accounting It was not being considered when it was not the last argument.

2016-05-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/Makefile.am: tests: re-disabled dtls-nb check; it had
	random failures This was disabled for quite long time already, and needs to be
	investigated.

2016-05-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/Makefile.am, tests/dtls/dtls-resume,
	tests/dtls/dtls-stress.c: tests: added DTLS test suite when in
	session resumption While there is already a test suite for DTLS lost packets/rearranges
	it does not cover the session resumption flights. This patch
	enhances the test suite with these checks.

2016-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: dtls-stress: added session resumption
	option This allows to perform tests on DTLS resumed sessions for
	retransmitions due to lost packets.

2016-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls: tests: dtls: removed excessive debugging output
	from test

2016-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: tests: dtls-stress: corrected parsing of
	-d option

2016-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/record.c: record.c: removed superfluous debugging

2016-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/errors.h: gnutls_assert_val: corrected regression from
	78ee98e06c7862df38131b12083adc1a0c5eea4a

2016-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/errors.h: gnutls_assert_val: was modified to be in line with
	gnutls_assert()

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added new build target without SSL
	3.0 Also disable SSL3.0 in the minimal library compilation.

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: .gitignore: more files to ignore

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/common-cert-key-exchange.c,
	tests/common-cert-key-exchange.h,
	tests/dtls1.0-cert-key-exchange.c,
	tests/dtls1.2-cert-key-exchange.c: tests: added key exchange checks
	for all DTLS protocols

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: prefer the usage of VERS-ALL in
	documentation

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ext_master_secret.c: ext master secret: don't enable when
	SSL 3.0 is the only protocol That is on server side only. On client side this logic was already
	present.

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/common-cert-key-exchange.c,
	tests/common-cert-key-exchange.h, tests/ssl3.0-cert-key-exchange.c,
	tests/tls1.0-cert-key-exchange.c, tests/tls1.1-cert-key-exchange.c,
	tests/tls1.2-cert-key-exchange.c: tests: separated the key exchange
	checks That is introduce separate checks for each key exchange on every TLS
	version.

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c: doc: mention the TLS 1.2 restriction of sign
	algo functions

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, lib/algorithms/ciphersuites.c,
	lib/algorithms/protocols.c, lib/auth/rsa.c, lib/cipher_int.c,
	lib/cipher_int.h, lib/constate.c, lib/ext/ext_master_secret.c,
	lib/gnutls_int.h, lib/handshake.c, lib/hash_int.c, lib/hash_int.h,
	lib/kx.c, lib/tls-sig.c, m4/hooks.m4, tests/suite/Makefile.am,
	tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl, tests/version-checks.c: Allow
	for conditional compilation of SSL 3.0 protocol This allows to completely remove SSL 3.0 support by calling
	configure with the '--disable-ssl3' option.  Resolves #93

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, NEWS, configure.ac, doc/Makefile.am: Makefile.am:
	include renamed files into distribution

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha.md: README-alpha.md: refer to CONTRIBUTING.md [ci
	skip]

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE: LICENSE: mention that documentation is under GNU FDL

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE, COPYING => doc/COPYING, COPYING.LESSER =>
	doc/COPYING.LESSER: Leave only LICENSE in the root directory and
	move licenses to doc/

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* LICENSE, README-install.md: Added a LICENSE file [ci skip]

2016-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* CONTRIBUTING.md, doc/README.CODING_STYLE: Moved coding style and
	contribution guide to CONTRIBUTION.md This aligns with gitlab's web interface.

2016-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/cipher-test.c, tests/slow/hash-large.c: tests: include
	unistd.h in tests which call _exit()

2016-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dsa/testdsa, tests/openpgp-certs/testcerts,
	tests/scripts/common.sh, tests/suite/eagain.sh,
	tests/suite/mini-eagain2.c, tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl, tests/suite/testpkcs11.sh,
	tests/suite/testsrn.sh: tests: simplified server launching process Also attempt to use a new port on every started server and added a
	waiting period for the port to become re-usable.

2016-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/no-signal.c, tests/slow/cipher-test.c,
	tests/slow/hash-large.c: tests: avoid calling exit() from signal
	handlers

2016-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/memmem.m4: memmem.m4: don't call exit() from signal handler

2016-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-server-name.c: tests: enhance SNI checking with invalid
	UTF8 and embedded NULL case

2016-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c, lib/libgnutls.map: Introduce
	_gnutls_server_name_set_raw This is an internal function intended for testing, which performs
	the same as gnutls_server_name_set() but without any UTF8
	conversions or other checks in the input. It is intended to be used
	with raw data.

2016-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c: errors: include GNUTLS_E_IDNA_ERROR to the list

2016-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c: server_name: only save the supported server
	names in the session Invalid server names with embedded nulls and unsupported types are
	not saved.

2016-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c: gnutls_server_name_get: mention
	GNUTLS_E_IDNA_ERROR being returned

2016-05-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-crypto.texi: doc: clarify that 'hmac' in the name of
	functions is only for legacy reasons

2016-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testsrn.sh: tests: introduce delay between server
	restarts in testsrn.sh This is to reduce test suite random failures on CI.

2016-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/crl: tests: CRL test will separate stderr output
	from stdout This addresses CI failures due to "Merge mismatch for function"
	messages from gcov being inserted into stdout output and messing the
	base64 encoding.

2016-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/crl: Revert "tests: CRL test will not push stderr
	into output files" This reverts commit bf1ee75f78cd81ea8309bdfb50f63ed0ab61a23a.

2016-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-output.c: gnutls_pkcs7_print: avoid warning for
	signed/unsigned comparison by making everything signed

2016-05-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/crl: tests: CRL test will not push stderr into
	output files This addresses CI failures due to "Merge mismatch for function"
	messages from gcov being inserted into output and messing the base64
	encoding.

2016-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/session_pack.c: pack_srp_auth_info: corrected check for
	uninitialized username

2016-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: call_get_cert_callback: removed dead code

2016-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: added error check in
	_gnutls_buffer_append_data()

2016-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pubkey.c: gnutls_pubkey_verify_data2: simplified return logic

2016-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7-output.c: gnutls_pkcs7_print: corrected type of
	unsigned count variable

2016-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/krb5.c: _gnutls_krb5_der_to_principal: fixed invalid
	deinitialization on cleanup

2016-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/hash-large.c: tests: don't run hash-large on freebsd

2016-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/hash-large.c: tests: fix mmap usage of hash-large to
	correctly detect failures

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: doc: updated documentation for
	gnutls_x509_crt_get_*_dn

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: handle empty CNs on verification That is, handle GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if returned
	from gnutls_x509_crt_get_dn() on the end certificate.

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/ocsp.c,
	lib/x509/x509.c, lib/x509/x509_int.h: Revert "x509: allow empty DNs
	on parsing for subject DNs" This reverts commit 1641ea943079765d601cf418dc2c89c1c93f0ecf.

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: cert cred: add the CN to the list of known hostnames
	only if no dns_names That is, follow rfc6125 and support CN as a fallback only.

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h, tests/set_x509_key.c,
	tests/set_x509_key_file.c, tests/set_x509_key_file_der.c,
	tests/set_x509_key_mem.c, tests/set_x509_pkcs12_key.c,
	tests/utils-adv.c, tests/utils.h: tests: enhanced set_x509*_key to
	verify that connections succeed with creds That is the tests no only verify that credentials are set as
	expected but also whether sessions are established with the
	credentials provided.

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: gnutls_certificate_set_key: import the DNS names of
	the certificates That is, only when no (NULL) names are provided.

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c: reset the global time func on init/deinit

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c: auth/cert: log the server name requested by
	client

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.h: improved output of gnutls_assert()

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/ocsp.c,
	lib/x509/x509.c, lib/x509/x509_int.h: x509: allow empty DNs on
	parsing for subject DNs

2016-05-09  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/windows/cng-windows.c: build: tests/windows/cng-windows.c:
	fix implicit decleration of exit Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: enable openssl compat library in
	minimal build

2016-05-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* extra/openssl_compat.c: openssl_compat: removed unneeded headers These headers have been renamed, but they were not necessary for
	this module's compilation. Report/Patch by Andreas Metzler.

2016-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: added build for windows DLLs This creates the windows DLLs on every tagged release.

2016-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: bumped soversion

2016-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2016-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509.c, lib/x509/verify-high.c, lib/x509/x509.c,
	lib/x509/x509_int.h: x509: use the modified flag in
	gnutls_x509_crt_t That will avoid re-encoding or decoding in common operations.

2016-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/extensions.c, lib/x509/x509_int.h, lib/x509/x509_write.c: 
	x509: added flag to indicate modification in gnutls_x509_crt_t

2016-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_equals*: modified to allow
	operation with certificates that are not imported This allows it operating with certificates that are generated from
	scratch.

2016-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/crt_apis.c: tests: added checks for
	certificate generation APIs

2016-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_write.c: doc: fixed documentation of
	gnutls_x509_crt_set_subject_alternative_name The previous version could not be parsed by gdoc.

2016-05-06  Hubert Kario <hkario@redhat.com>

	* src/serv-args.def, src/serv.c: gnutls-serv: sending alerts on
	mismatched SNI names Extend serv utility to be able to send alerts when the name
	advertised by client does not match the name expected by server.

2016-05-06  Hubert Kario <hkario@redhat.com>

	* lib/alert.c, lib/errors.c, lib/includes/gnutls/gnutls.h.in: Add
	support for sending unrecognized name alerts To better test support for server_name extension in TLS, it's
	necessary to be able to differentiate between name being rejected
	because it is unknown to the server and it being malformed.

2016-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: doc: TODO list references to gitlab

2016-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c, lib/gnutls_int.h,
	lib/priority.c: priorities: when without AES acceleration prefer
	stream ciphers (i.e., CHACHA20)

2016-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: updated documentation on rehandshake
	and GNUTLS_ALLOW_ID_CHANGE [ci skip]

2016-05-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_x509_key_file_der.c: tests: use the 'b' modifier for
	writing binary data in set_x509_key_file_der This allows the test to operate properly on windows systems.

2016-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/set_x509_key_file.c,
	tests/set_x509_key_file_der.c, tests/set_x509_pkcs12_key.c,
	tests/utils.c, tests/utils.h: tests: avoid the usage of tmpnam() Use a simpler version which is confined within the testsuite build
	directories.

2016-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/set_x509_key_file_der.c, tests/set_x509_pkcs12_key.c: tests:
	disable checks with tmpnam() on windows

2016-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-x509.c: tests: fixed 64-bit check for time_t in
	mini-x509

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h,
	tests/set_x509_pkcs12_key.c: tests: added check for
	gnutls_certificate_set_x509_simple_pkcs12_file

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: .gitignore: more files to ignore

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/set_x509_key_file_der.c: tests: added
	check of gnutls_certificate_set_x509_key_file2 with DER input

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_x509_key_file.c: tests: enhanced set_x509_key_file check That now verifies that the input is the same as the data stored in
	the credentials as well checks for valid operation.

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509.c: tests: mini-x509: include the legacy
	verification functions into the check

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/set_x509_key.c: tests: added check for
	gnutls_certificate_set_key()

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: gnutls_certificate_set_key: duplicate the provided
	memory That is, do not assume that a heap allocated value is provided.

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: enabled coverage run in the x86
	build

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dsa/testdsa: tests: do not block server errors in testdsa
	from being printed out Also added a delay prior to launching next server instance.

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: .gitignore: more test files to ignore

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11x.c: pkcs11: find_ext_cb: eliminated memory leak

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: find_cert_cb: do not use C_FindObjectsInit()
	when another is already running While some modules implicitly terminated the previous run, this is
	not something that PKCS#11 modules are expected to typically do.

2016-05-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: the flag
	GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT will be respected by
	imported certificates That is, certificates imported with gnutls_pkcs11_obj_import_url()
	or gnutls_x509_crt_import_url() will be able to be extracted with
	their extensions overriden. Previously that was available only on
	gnutls_pkcs11_get_raw_issuer() and friends.

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs11/pkcs11-cert-import-url-exts.c,
	tests/pkcs11/pkcs11-get-exts.c,
	tests/pkcs11/pkcs11-get-raw-issuer-exts.c,
	tests/pkcs11/pkcs11-mock.c, tests/pkcs11/pkcs11-mock.h: tests: added
	a basic PKCS#11 mock module This is used to test gnutls_pkcs11_obj_get_exts(),
	gnutls_x509_crt_import_url(), and gnutls_pkcs11_get_raw_issuer()
	with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c, lib/x509/verify-high.c, lib/x509/x509.c,
	lib/x509/x509_int.h: _gnutls_x509_crt_cpy: optimized and simplified

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/x509/common.h, lib/x509/ocsp.c, lib/x509/verify-high.c,
	lib/x509/verify.c, lib/x509/x509.c: exported
	gnutls_x509_crt_equals() and gnutls_x509_crt_equals2() These functions provide a way to compare parsed certificates. They
	were used internally and they are quite useful to be made available.

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11x.c: gnutls_pkcs11_obj_get_exts: updated documentation

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_import_url: updated documentation
	for new function name

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_add_provider: clarified params
	description

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs1-digest-info.c: tests: added checks
	on PKCS#1 digest info encoding/decoding

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pk.c: gnutls_decode_ber_digest_info: return more precise error
	code on unknown hash That is instead of returning GNUTLS_E_UNKNOWN_ALGORITHM on unknown
	hash, return GNUTLS_E_UNKNOWN_HASH_ALGORITHM.

2016-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.h: errors.h: removed terminating colon on
	gnutls_assert() output

2016-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, lib/pkcs11.c: doc: updated PKCS #11
	documentation

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert.c: gnutls_certificate_get_crt_raw: doc update

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: doc: mention the version after which
	gnutls_pem_base64_en/decode2() are available

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/crl: tests: use one-time files in crl

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/scripts/common.sh: tests: check whether the randomly
	generate port is used

2016-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: enabled the code coverage checks
	in the valgrind and ubsan targets

2016-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-import-export.c: tests: enhanced the key-import-export
	tests This check now includes the abstract privkey import/export
	interfaces.

2016-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/privkey_raw.c: corrected import issue in
	gnutls_privkey_import_ecc_raw

2016-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: x509/privkey: in raw import functions set the
	parameter's algorithm type

2016-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp_sb64.c: srp base64: return proper gnutls errors codes
	on error rather than -1

2016-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/base64.c, tests/srpbase64.c: tests: added
	checks for base64 functions

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, Makefile.am: .gitlab-ci.yml: added code coverage
	run This enhances a test to print the code coverage of the test suite,
	which in turn is being used/reported by gitlab CI interface.

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/ax_code_coverage.m4: ax_code_coverage.m4: updated to latest
	version

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c: libtasn1: updated to latest version

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.h: errors.h: gnutls_assert() will log the function name
	in addition to filename/line This is quite necessary after the filenames were simplified and we
	have filenames with identical names in the directory structure.

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/rehandshake-switch-srp-id.c: tests: added
	check for SRP ID change during rehandshake The tests make sure that username changes are allowed if the flag
	GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise.

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/rehandshake-switch-psk-id.c: tests: added
	check for PSK ID change during rehandshake The tests make sure that username changes are allowed if the flag
	GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise.

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/Makefile.am, lib/alert.c, lib/errors.c,
	lib/gnutls_int.h, lib/handshake-checks.c, lib/handshake.c,
	lib/handshake.h, lib/includes/gnutls/gnutls.h.in,
	tests/rehandshake-switch-cert-allow.c,
	tests/rehandshake-switch-cert-client-allow.c,
	tests/rehandshake-switch-cert-client.c,
	tests/rehandshake-switch-cert.c: handshake: enhance same certificate
	checks to apply to PSK/SRP username That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a
	rehandshake clients will not be allowed to present another
	certificate than the original, or change their username for PSK or
	SRP ciphersuites.

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/priorities.c: tests: added 'PFS' and 'SUITEB128' into the
	list of checked priority strings

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/utils.c, tests/utils.h: tests: fail() function will also
	print function and line information

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/str.c: _gnutls_hex2bin: refuse to decode odd-sized hex data

2016-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/hex.c: tests: added unit tests on the HEX
	encoding/decoding functions

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c, src/certtool-common.h, src/certtool.c: 
	certtool: eliminated memory leaks in DH parameter
	printing/generation.

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c, src/certtool-common.h, src/certtool.c: 
	certtool: combined all the seed decoding methods to a single one That not only simplifies the code, but also allows decoding hex
	strings which contain not hex chars (and that allows decoding hex of
	the form XX:XX:XX)

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/provable-privkey: Revert "tests: ensure the seed
	is provided in plain hex" This reverts commit 0ea7206e12f52f6ed50c4a76ea0a23f5470115b2.

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/provable-dh: tests:
	check certtool dh-parameter generation with --provable option

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/provable-privkey: tests: ensure the seed is
	provided in plain hex

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c, src/certtool-common.h, src/certtool.c: 
	certtool: allow specifying seed size when generating provable DH
	parameters

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/custom-urls.c: tests: simplified custom-urls check

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/custom-urls-override.c: tests: added
	check on whether builtin URLs cannot be overriden

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/privkey.c, lib/pubkey.c, lib/urls.c, lib/x509/x509.c: keys:
	custom URLs take precedence over pre-defined URLs This allows applications to define the own 'system:' or 'pkcs11:'
	URLs.  Resolves #89

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: x25519: ensure that a valid private key is
	present on key derivation

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/send-client-cert.c: tests: added check for
	GNUTLS_FORCE_CLIENT_CERT init flag

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/dtls.c, lib/dtls.h,
	lib/ext/ext_master_secret.c, lib/gnutls_int.h, lib/handshake.c,
	lib/record.c, lib/state.c: instead of assigning a variable per flag
	use the init flags directly That is store the flags provided in gnutls_init() in the session
	structure and use these flags directly when required.

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in, lib/state.c: added flag in session
	to force sending a client certificate This handles the use case of a client connecting to a server which
	incorrectly lists the CA certificates it supports. Without that
	change the only option was to avoid using the "automatic" client
	certificate functions, but rather utilize callbacks.  With that
	approach this use case is handled by the "automatic" certificate
	selection functions.

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: do not load submodules on CI since
	they are not used This reduces the CI running time.

2016-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h, tests/send-client-cert.c: 
	tests: check client behavior of sending CA certificates

2016-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc: removed news about feature already backported in 3.4.6

2016-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-psk.c, doc/examples/ex-serv-x509.c,
	doc/examples/ex-verify-ssh.c: examples: introduced basic error
	checking in more examples

2016-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509.c: examples: simplified the basic
	client example

2016-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509-3.1.c, doc/examples/ex-client-x509.c: 
	examples: introduced basic error checking in main client examples

2016-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509.c: examples: corrected the required
	version of example

2016-04-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dane.c: tests: enhanced dane testing with offline
	verification checks

2016-04-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: dane: verification will not fail if a CA entry is
	encountered but cannot be verified That addresses the issue of verifying a single certificate against a
	list of TLSA entries that contain an entry with CA usage (cert usage
	0). With the previous behavior verification would have failed, while
	now this entry will be skipped.

2016-04-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cert.c, libdane/dane.c: doc: improved documentation on
	certificate and DANE verification functions

2016-04-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: dane: updated documentation of dane_verify_crt_raw

2016-04-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, libdane/dane.c: doc: added clarifications
	on documentation for dane_state_t

2016-04-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/manpages/Makefile.am: manpages: include the dane functions
	into the distributed pages

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdhe.c: ecdhe: eliminated unneeded checks for zero of
	public parameters There were not required by either draft-ietf-tls-rfc4492bis-07 or
	rfc7748.

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-examples.texi, doc/examples/Makefile.am,
	doc/examples/ex-client-x509-3.1.c: doc: added example client
	application utilizing the 3.1.x APIs

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509.c: examples: added explicit 3.5.0
	dependency in ex-client-x509

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-verify.c: examples: added error checks and updated
	verify_certificate_chain()

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: made the linux tag explicit for
	our runners

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: document curve X25519

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: clarify what catch all means in all
	scenarios

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
	tests for supported curves

2016-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-key-exchange.c, tests/handshake-false-start.c,
	tests/suite/testcompat-main-openssl: tests: include self tests with
	CURVE-X25519

2016-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: gnutls-cli: enhanced KX benchmark with X25519

2016-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/ecc.c,
	lib/algorithms/publickey.c, lib/algorithms/secparams.c,
	lib/auth/ecdhe.c, lib/crypto-backend.h, lib/ecc.c, lib/ecc.h,
	lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/mem.c, lib/mem.h, lib/nettle/pk.c, lib/pk.c,
	lib/state.c: handshake: added support for ECDH with curve X25519 This follows draft-ietf-tls-rfc4492bis-07 and rfc7748

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: tests: updated the openssl
	compat check to make explicit the used curves

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdhe.c: ecdhe: print the received curve from the server
	on debug mode

2016-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
	CHACHA20-POLY1305 detection

2016-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/hash-large.c: tests: on out of memory conditions do not
	fail the hash-large test This test may require a large amount of memory which some CI systems
	cannot provide. When an out-of-memory-error is detected skip the
	test instead of failing.

2016-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/state.c: session: removed unused parameters
	from RSA-EXPORT era

2016-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha.md: README-alpha.md: updated badges with the new
	gitlab URLs

2016-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: doc: document the TPM 1.2 limitation

2016-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: doc: tpm: include short instructions on
	initializing the TPM chip

2016-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/hash-large.c: tests: hash-large: use private mmap() This reduces the memory usage of the test significantly on Linux.

2016-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, tests/slow/hash-large.c: tests: use mmap() for large
	memory allocations in systems that support it That allows the hash-large test to run on systems which its calloc()
	is attempting to allocate an impossible amount of memory.

2016-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dsa/testdsa, tests/openpgp-certs/testcerts: tests: use
	/bin/bash for tests that use bashisms

2016-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/danetool.sh: tests: don't run danetool.sh if danetool is not
	present That prevents test suite failure in systems without libunbound.

2016-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: gnutls_int.h: allow compiling with system
	(gnutls) headers

2016-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added build rule on freebsd

2016-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def: certtool: document sha3 functions in
	manpage [ci skip]

2016-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool-args.def: doc: added missing @end example in danetool
	documentation

2016-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: doc: updated documentation on false start

2016-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c: gnutls-cli-debug: enable socket verbosity when
	--verbose is given

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: tools: explicitly initialize socket struct to zero That resolves issue where verbose was enabled by default.

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/danetool.c: tools: avoid extracting the value
	of the app-proto alias Instead always extract the starttls-proto value, as it seems that
	libopts doesn't report any value for the former. This corrects the
	starttls capability of danetool and gnutls-cli-debug.

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli-debug-args.def, src/socket.c: tools:
	document the starttls capability

2016-04-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: do not run danetool.sh on windows The test fails due to CRLF.

2016-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/cli.c, src/danetool-args.def, src/danetool.c: 
	tools: avoid relying on static buffers for service name

2016-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/danetool.sh: tests: added basic check on
	danetool --tlsa-rr option

2016-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/danetool-args.def, src/danetool.c, src/socket.c: danetool:
	Allow specifying a service name into port option This makes the tool similar to gnutls-cli.

2016-04-18  Kevin Cernekee <cernekee@gmail.com>

	* lib/x509/verify-high2.c: Fix library build on Chrome Native Client
	(NaCl) Some supported toolchains define DT_UNKNOWN but do not define
	_DIRENT_HAVE_D_TYPE (and do not have the d_type field).  On other
	platforms GnuTLS may need to second-guess what the library is
	reporting, but on NaCl this is unsafe.

2016-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: gnutls-serv: don't send closure messages in failed
	handshakes

2016-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c, lib/auth/ecdhe.c: client key exchange: fail
	if the client KX message is padded with additional bytes

2016-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: _wrap_nettle_pk_derive: reject values of public
	key that are over the prime That is do not canonicalise the value we get from the network, but
	rather check it for validity. This saves a modular reduction on
	handshake and performs a sanity check on the peer's (client)
	parameters.  Reported by Hubert Kario.  Resolves #84

2016-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am: tests: suite: disable any openssl cpu
	optimizations This prevents from valgrind failures on softhsm usage due to any new
	instruction optimizations which are not supported by valgrind.

2016-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-intro-tls.texi: doc: further updated documentation on
	false start [ci skip]

2016-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-intro-tls.texi: doc: updated documentation on false
	start

2016-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/handshake-false-start.c: tests: enhanced the false start
	checks These now check whether sending and receiving is performed as
	expected after handshake, DTLS, as well as test explicit handshake
	called by the application.

2016-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c, lib/gnutls_int.h, lib/handshake.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/record.c,
	lib/state.c: Updated false start support to be transparent to
	applications.  That is, an additional flag GNUTLS_ENABLE_FALSE_START is introduced
	for gnutls_init(), and that enables support for false start. At this
	point false start will be performed by the handshake if possible,
	and gnutls_record_recv() will handle handshake completion.

2016-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/privkey.c, lib/x509/privkey.c, src/certtool-args.def: doc:
	updated docs related to private key generation

2016-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: do not allow combining --provable with
	--ecc in key generation There is no such support in the library.

2016-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files for new APIs

2016-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml, .gitmodules, doc/cha-gtls-app.texi,
	doc/examples/Makefile.am, doc/examples/tlsproxy: doc: added tlsproxy
	example reference into documentation

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/pem-decoding: tests: pem-decoding: fixed issue
	preventing out-of-tree checks

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/pem-decoding: tests: pem-decoding: use unique
	temp files

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/{mini-x509-kx.c => cert-key-exchange.c}: 
	tests: enhanced mini-x509-kx with ECDHE-ECDSA ciphersuite testing Also renamed it to cert-key-exchange for easier tracking.

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/tls-sig.c: handshake: do not overwrite the server's signature
	algorithm That is, correct a bug under which a client sending a certificate
	would overwrite the server's idea about the used signature
	algorithm.  Reported by Hubert Kario.

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509-kx.c: tests: enhanced mini-x509-kx with client
	auth scenarios

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509-kx.c: tests: verify that the output of
	gnutls_sign_algorithm_get() is the expected one

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: ocsp: increased the preallocated space in
	check_ocsp_purpose to account for null terminator This relates to gnutls_x509_crt_get_key_purpose_oid() change to
	return null-terminated OIDs.

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/sha3-test,
	tests/cert-tests/template-ecdsa-sha3-256.pem,
	tests/cert-tests/template-ecdsa-sha3-512.pem,
	tests/cert-tests/template-rsa-sha3-224.pem,
	tests/cert-tests/template-rsa-sha3-384.pem: tests: enhanced and
	simplified SHA3 tests Included checks about SHA3-224 and SHA3-384.

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/gost-cert.pem,
	tests/cert-tests/pem-decoding: tests: added check of GOST cert
	decoding/printing This verifies whether our printing functions print the OID on
	unknown/unsupported algorithms.

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509 output: print the OID of
	certificates/CRLs/CRQs with unknown algorithms That is, if any unknown signature or subject public key algorithm is
	encountered the OID will be printed instead.

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/crq-basic.c: tests: added basic tests for
	CSR parsing This mainly includes tests on the new
	gnutls_x509_crq_get_signature_oid() and
	gnutls_x509_crt_get_algorithm_oid().

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/crl-basic.c: tests: added basic tests on
	CRL parsing That includes testing on the new gnutls_x509_crl_get_signature_oid()

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509cert-tl.c: tests: added basic functionality tests for
	gnutls_x509_crt_get_*_oid

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c: 
	Added gnutls_x509_crl_get_signature_oid

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c: 
	Added gnutls_x509_crq_get_signature_oid and
	gnutls_x509_crq_get_pk_oid

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509.c: 
	Added gnutls_x509_crt_get_signature_oid and
	gnutls_x509_crt_get_pk_oid These functions can directly provide the textual object identifier
	of their corresponding fields.

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_get_key_purpose_oid: copy the OID
	as a null-terminated string

2016-04-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/sign.c, tests/cert-tests/template-rsa-sha3-256.pem: 
	sign: corrected digest in SHA3-224 OID mapping

2016-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: corrected regression which prevented the
	build of tests/suite This regression was introduced at
	8b97662c40c67a6d4087ce6e1f0c6fb6ea4a8b2c

2016-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: gnutls_x509_ext_import_policies: initialize
	value to avoid compiler warnings

2016-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha.md: README: removed inexistent package

2016-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/common.mk, libdane/Makefile.am: common.mk:
	corrected typo on LDFLAGS for coverage

2016-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool-args.def: danetool: corrected typo in manual [ci
	skip]

2016-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/record.c: gnutls_packet_get: avoid null pointer dereference on
	NULL input That is, still allow the function to handle a NULL packet input but
	reset the data contents.

2016-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: gnutls_x509_privkey_verify_seed: corrected
	typo that made the function always return true

2016-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.h: _gnutls_asn2err: declared as constant function

2016-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: load_dir_certs: use readdir() in all
	platforms According to glibc documentation readdir_r() is deprecated and the
	use of readdir() is recommended. As such we switch to it on all
	platforms.

2016-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/resume-psk.c, tests/resume.c: tests:
	combined the resume checks for Anonymous and PSK ciphersuites In addition enhanced it to check the resumption on the certificate
	ciphersuites as well.

2016-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am, README-alpha.md, configure.ac, lib/Makefile.am,
	lib/common.mk, libdane/Makefile.am, m4/ax_code_coverage.m4: 
	configure: Add a code coverage option Configure with:   ./configure --enable-code-coverage Show coverage output with:   make && make check && make code-coverage-capture

2016-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/accelerated/Makefile.am,
	lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am,
	lib/auth/Makefile.am, lib/common.mk, lib/ext/Makefile.am,
	lib/extras/Makefile.am, lib/minitasn1/Makefile.am,
	lib/nettle/Makefile.am, lib/opencdk/Makefile.am,
	lib/openpgp/Makefile.am, lib/x509/Makefile.am: Makefile.am: moved
	common rules (AM_CFLAGS) to common.mk

2016-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: gnutls_ocsp_resp_get_single: fail if thisUpdate
	is not available or unparsable That is because this field is not optional, and a failure on its
	parsing is always fatal. Reported by Yuan Jochen Kang.

2016-04-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: gnutls_x509_privkey_import2: document an
	intentional fall through

2016-04-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha.md: README: add abi-compliance-checker into install
	instructions

2016-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pubkey.c, lib/x509/verify.c: gnutls_x509_crt_get_key_usage:
	ensure that its returned value is properly handled Reported by Yuan Jochen Kang.

2016-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: tests: do not enable valgrind in non-git builds

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/mac.c: hash: corrected the textual description of
	hashes

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/sign.c, tests/cert-tests/template-rsa-sha3-256.pem: 
	corrected SHA3-224 OID

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp_output.c, lib/x509/output.c: x509 output: don't warn
	about insecure algorithm when unknown

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ecore/src/include/eina_file.h,
	tests/suite/ecore/src/lib/eina_cpu.c: tests: remove any system
	specific code of ecore This was causing issues with certain builds and was not used for the
	purpose of testing.

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/testcompat-openssl.sh: tests:
	disable unsupported curves from compatibility checks This allows running make check even when compiling with
	disable-suiteb-curves.

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl: 
	tests: removed unused scripts

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: combined C99 and undefined
	sanitizer builds

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am, src/crywrap/Makefile.am,
	src/crywrap/README, src/crywrap/crywrap.c, src/crywrap/crywrap.h,
	src/crywrap/primes.h: crywrap: was removed from gnutls tools Its inclusion did not increase the attention paid to this tool, not
	provided any significant advantage to gnutls' users thus it was
	unbundled from the main library. The tool can be found at
	https://github.com/nmav/crywrap

2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c: minitasn1: updated to latest git version

2016-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: Replace references to select with poll
	and other fixes

2016-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: replace inaccurate sentence with
	reference to gnutls_record_discard_queued [ci skip]

2016-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/state.c: gnutls_record_get_direction: doc update [ci skip]

2016-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509sign-verify2.c: tests: reduce the number of loops in
	x509sign-verify2 This enables running the test in reasonable time under valgrind.

2016-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkix.asn, lib/pkix_asn1_tab.c: pkix.asn: corrected byKey
	definition OCSP is defined in an EXPLICIT tags module, and as such we must tag
	explicitly all of its tags.

2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-nc.pem,
	tests/cert-tests/template-nc.tmpl: tests: check the generation of IP
	name constraints with certtool

2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c: certtool: allow
	generating IP name constraints Relates #83

2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/x509.c: 
	_gnutls_parse_general_name2: allow parsing empty names This allows parsing empty general names such as an empty DNSname
	used in name constraints.

2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: enforce the rules
	for IP constraints when adding This will prevent gnutls from generating badly formed certificates.

2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: .gitignore: more files to ignore

2016-03-16  Daiki Ueno <ueno@gnu.org>

	* lib/libgnutls.map, lib/x509/name_constraints.c,
	lib/x509/x509_ext.c, lib/x509/x509_int.h, tests/Makefile.am,
	tests/name-constraints-merge.c, tests/test-chains.h: name
	constraints: compute permitted set strictly RFC 5280 6.1.4. states that the permitted_subtrees variable is
	constructed as an intersection of its previous value.  Co-authored-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added C99 target for the library This compiles the library using gcc options for the C99 standard.

2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha.md: README: updated libtasn1 URL [ci skip]

2016-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.c: x86-common: increase the size of
	_gnutls_x86_cpuid_s to match the size of assembly files This resolves issue on certain platforms (e.g., windows) where ld
	would simply fail, instead of allocate the largest size of the
	variable.

2016-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool-common.c: ocsptool: use HTTP/1.0 for requests This avoids issue with servers serving chunk encoding which ocsptool
	doesn't support. Reported by Thomas Klute.

2016-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in, lib/state.c: gnutls_init(): refer
	to gnutls_init_flags_t for the documentation of available flags

2016-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE: README.CODING_STYLE: set C99 as the C
	dialect of choice

2016-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/system-prio-file.c, tests/system.prio: 
	tests: added check for system priority file loading and parsing This checks whether the file is properly loaded and its contents are
	parsed as expected.

2016-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/global.c, lib/global.h, lib/libgnutls.map,
	lib/priority.c: priorities: preload the system priorities on library
	loading time This allows to rely on the system priorities even in the case of
	applications that chroot(). This also introduces the environment
	variable GNUTLS_SYSTEM_PRIORITY_FILE which can be used to override
	the global priority file.

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/chain-md5.pem,
	tests/cert-tests/md5-test: tests: added check of verification using
	MD5 with and without --verify-allow-broken This tests certtool and whether it fails verification of MD5 chains
	with no --verify-allow-broken, or whether it succeeds if given.

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7-broken-sigs: 
	tests: added PKCS #7 signing/verification test with broken sigs
	(MD5) This tests whether we can sign structures using broken algorithms
	(MD5), and verify structures signed with broken algoritms if
	--verify-allow-broken is given to certtool.

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: added flag to
	allow verification using broken algorithms

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume.c: tests: check whether resumption data from resumed
	session work

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/session.c, lib/state.c: session resumption:
	lift the limitation of calling gnutls_session_get_data*() on
	non-resumed sessions This allows of obtaining the session data required for proper
	session resumption from any available session. This brings the API
	in par with expectations of its users.  Resolves #79

2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/state.c: dtls: added missing dtls.h to state.c

2016-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/key-material-set-dtls.c: tests: added
	check for gnutls_record_set_state() under DTLS

2016-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/dtls.c, lib/dtls.h, lib/state.c: dtls: reset the record number
	sliding window on gnutls_record_set_state() This addresses issue where gnutls_record_set_state() was called with
	a new state but the sliding window information was not updated, thus
	blocking any incoming packets.  Resolves #82

2016-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509/output: simplified cidr_to_string()

2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: .gitignore: more files to ignore

2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/key-material-dtls.c: tests: check
	gnutls_record_get_state() with DTLS Since in DTLS we relied on a sliding window to keep track of the
	sequence numbers we didn't provide a sensible value to application
	via gnutls_record_get_state(). This test makes sure that we report
	the "correct" value when asked. Correct being the next number after
	the last received packet.

2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/record.c: DTLS: save last valid record sequence number This will allow to report a valid number to
	gnutls_record_get_state() callers in case of DTLS. Reported by
	Fridolin Pokorny.

2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/certtool-long-cn: tests: delete outfile in
	certtool-long-cn

2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/name-constraints,
	tests/cert-tests/name-constraints-ip2.pem: tests: verify the output
	of name constraints IP decoding

2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509/output: print RFC5280 CIDRs in name
	constraints

2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-key-material.c: tests: check the sequence numbers
	produced by gnutls_record_get_state()

2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/state.c: gnutls_record_get_state: Allow for NULL parameters

2016-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool.c: ocsptool: eliminated memory leaks in
	verify-response option

2016-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool.c: ocsptool: don't exit with error code on
	verification failures when --ignore-errors is given

2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/ocsp-tests/Makefile.am,
	tests/ocsp-tests/ca.key, tests/ocsp-tests/ca.pem,
	tests/ocsp-tests/ocsp-server.key, tests/ocsp-tests/ocsp-server.pem,
	tests/ocsp-tests/ocsp-test: tests: added OCSP related checks

2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool.c: ocsptool: exit with error on verification failures

2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp.c: ocsp: gnutls_ocsp_resp_verify_direct will skip
	additional checks for certificates matching issuer That eliminates issue with ocsptool rejecting OCSP responses signed
	by the same CA that signed the certificate. Reported by Thomas
	Klute.

2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool-args.def, src/ocsptool.c: ocsptool: Allow saving
	responses even if verification fails In addition do not enter a spurious newline to responses.

2016-03-23  Maya Rashish <coypu@sdf.org>

	* tests/dtls/dtls-stress.c: Avoid using strerror in dtls stress test Using it results in build failure on NetBSD: undefined reference to
	`rpl_strerror'

2016-03-23  Maya Rashish <coypu@sdf.org>

	* tests/utils.h: Add missing header to testsuite This causes a problem for NetBSD+clang tests, because SIGTERM and
	kill are undefined.  Resolves #80 Signed-off-by: Maya Rashish <coypu@sdf.org>

2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_int.h: session tickets: avoid
	GCM for session tickets and rely on CBC and HMAC The latter is more resilient against non-key renewal.

2016-02-15  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/ext/heartbeat.c, lib/handshake.c, lib/record.c, lib/record.h: 
	Broke apart _gnutls_recv_int() to the packet and non-packet cases.  Only gnutls_record_recv_packet() called _gnutls_recv_int() with
	(packet != NULL). I refactored this logic directly downstream into
	gnutls_record_recv_packet(). The _gnutls_recv_int() function now
	only handles non-packet specific logic. The check_session_status()
	function was created to deduplicate common code which would
	otherwise have ended up in both functions.  The rationale behind this change is to optimize what were previously
	calls of _gnutls_recv_int(). First of all _gnutls_recv_int() now has
	only 6 parameters, which according to the x86_64 System V
	Application Binary Interface should now fit into CPU registers and
	no longer use the stack. Secondly this change avoids a number of
	branching checks for both packet and non-packet cases.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2016-03-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/socket.c, src/socket.h: gnutls-cli: corrected usage
	of gnutls_session_get_data() This is no longer called on resumed sessions, allowing more than one
	resumption in servers which use tickets and don't resend the ticket
	on subsequent connections.

2016-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main-openssl: testcompat-openssl: enable
	TLS 1.2 tests with openssl 1.0.1+

2016-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509-callbacks.c: tests: verify that the
	post-client-hello callback has access to ALPN data

2016-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: don't use git submodule update,
	not needed for our testsuite

2016-03-15  Yuriy M. Kaminskiy <yumkam@gmail.com>

	* lib/ext/alpn.c: alpn: ALPN state is per-connection, it should not
	be saved with session data In addition the extension was moved to the mandatory to parse to
	ensure it is always parsed when sessions are resumed.  rfc7301:     Unlike many other TLS extensions, this extension does not
	    establish properties of the session, only of the connection.
	    When session resumption or session tickets [RFC5077] are used, the
	    previous contents of this extension are irrelevant, and only the
	    values in the new handshake messages are considered.  Signed-off-by: Yuriy M. Kaminskiy <yumkam@gmail.com> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2016-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume.c: tests: added checks for session resumption and
	ALPN This checks whether the ALPN extension is re-read on resumption and
	is negotiated.

2016-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c: x86-common: CPUID override will
	only work if CPU has already the capability present This resolves test suite failure on CPUs with limited capabilities.
	Reported by Andreas Metzler.

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/x509/common.c: Introduced GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING This error code is returned when an embedded NULL is detected in a
	string.

2016-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/server_name.c: gnutls_server_name_set: accept non-null
	terminated hostnames The introduction of IDNA support introduced a regression and this
	function does not operate correctly when given non-null terminated
	strings. Reported by Tim Ruehsen.  Relates #78

2016-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-server-name.c: tests: added check for non-null
	terminated server name This checks whether a non-null terminated server name, but with
	correct length is correctly accepted by gnutls_server_name_set().  Relates #78

2016-03-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-nc.pem: tests: template-test was updated
	for OCSP key purpose reordering

2016-03-14  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: guile: doc: Mention bytevectors.  * doc/gnutls-guile.texi (Representation of Binary Data): Mention
	bytevectors.  (Input and Output): Likewise.

2016-03-14  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: guile: doc: Explain "Application Data"
	packets and 'session-record-port'.  * doc/gnutls-guile.texi (Input and Output): Mention "Application
	Data" packets and buffering.

2016-03-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: do not require a CA for OCSP signing This follows the recommendations in RFC6960 in 4.2.2.2 which allow a
	CA to delegate OCSP signing to another certificate without requiring
	it to be a CA.  Reported by Thomas Klute.

2016-03-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: doc: updated text for
	gnutls_ocsp_status_request_is_checked() Relates #75

2016-03-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: clarified expectations on
	gnutls_datum_t Relates #77

2016-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/handshake.c: doc update:
	gnutls_handshake_set_false_start_function() [ci skip]

2016-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/ABI-x86_64.dump, devel/abi-unchecked-symbols,
	devel/abi-unchecked-symbols.txt: abi-check: corrected type of
	gnutls_x509_crl_get_issuer_dn That will avoid any accidental ABI breakage on that symbol.

2016-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added abi-checker rule This allows to test ABI incompatibilities as soon as possible.

2016-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am, devel/ABI-dane-x86_64.dump, devel/ABI-x86_64.dump,
	devel/abi-unchecked-symbols, devel/abi-unchecked-symbols.txt,
	devel/abi.xml, devel/abi3.2.xml, devel/abi3.4.xml: Makefile: made
	abi-checks self-contained That is, they no longer assume a given directory structure to exist
	outside git. It now includes a static dump of the symbols in 3.4.0
	for x86_64 and we compare with it.

2016-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: better error handling in
	file_size()

2016-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: fix invalid initialization in
	cert_verify_ocsp()

2016-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: gnutls-serv: human_addr always returns a non-null
	argument This addresses issue with libc's which don't support printf() with a
	NULL argument.

2016-03-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11.sh: tests: testpkcs11: the test will always
	fail in code path failures

2016-03-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha.md: README: list the main branches build status [ci
	skip]

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c: gnutls_system_recv_timeout: restore poll on EINTR

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: doc: corrected typo [ci skip]

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: gnutls_ocsp_status_request_is_checked:
	document the version the flag was introduced at Relates: #75

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/doc.mk: doc: generate manpages for all functions That addresses issue where certain manpages were created empty.  See
	https://bugzilla.redhat.com/show_bug.cgi?id=1306800

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: mention
	gnutls_certificate_set_x509_trust_dir() It was not mentioned in the "Client or server certificate
	verification" section.  Resolves #76

2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: mini-loss-time: improved timeout
	detection

2016-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509.c: corrected typo in comment [ci skip]

2016-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: silence clang's warnings

2016-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/version-checks.c: tests: added check for
	version negotiation default prio string That verifies whether the support versions are negotiated.

2016-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: tests: include test-hash-large into dist

2016-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/LINGUAS, po/zh_CN.po.in: Sync with TP [ci skip]

2016-03-02  Ludovic Courtès <ludo@gnu.org>

	* NEWS: Update NEWS.

2016-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/global.c: Disable weak symbols for _gnutls_global_init_skip()
	under windows That is to avoid an issue with running gnutls under windows; that
	renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows.  Relates #74

2016-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: asan, clang and valgrind builds
	were made arch-independent

2016-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12-decode/pkcs12: tests: pkcs12: allow multiple in-place
	builds

2016-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs1-padding/pkcs1-pad,
	tests/rsa-md5-collision/rsa-md5-collision: tests:
	pkcs1-pad,rsa-md5-collision: allow multiple in-place builds

2016-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: gnutls-cli: fail if gnutls is not compiled with DANE
	support and --dane is provided Suggested by Bjorn Jacke.

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/ecore/src/lib/eina_hash.c: tests: always used the slow
	(portable) version of get16bits This prevents issues with misaligned addresses and undefined
	sanitizer.

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/state.c: timespec_sub_ms: fixed operation in 32-bit systems

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: don't use the internal libtasn1
	when compiling with libubsan This prevents build failures due to issues in libtasn1

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/ecore/src/lib/eina_hash.c: tests: Fixes to prevent
	undefined behavior (found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: Fixes to prevent undefined
	behavior (found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: cipher.c: Fixes to prevent undefined behavior
	(found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ecc.c: ecc: optimized extension parsing

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/misc.c: opencdk: Fixes to prevent undefined behavior
	(found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: Fixes to prevent
	undefined behavior (found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/mem.h, lib/x509/x509.c: x509: Fixes to prevent undefined
	behavior (found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: x509: cleanup in privkey.c

2016-02-28  Andreas Metzler <ametzler@bebt.de>

	* src/p11tool-args.def: Let p11tool --provider option accept
	filenames.  Drop 'file-exists = yes;' to allow specifying either an absolute
	pathname or a file in P11_MODULE_PATH.

2016-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: abort on ubsan errors

2016-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: p11tool: addressed memory leaks

2016-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/krb5-test, tests/cert-tests/othername-test,
	tests/cert-tests/sha3-test, tests/cert-tests/template-test: tests:
	use 'datefudge -s' to avoid loops This avoids repeated loops of the same test as well as random
	failures in the test suite.

2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/krb5-test: tests: krb5-test: increased the number
	of loops This should prevent random failures in the test suite.

2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: asan and ubsan include the suite/

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: .gitignore: more files to ignore

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-intro-tls.texi: doc: documented false start functionality

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h,
	tests/handshake-false-start.c, tests/utils.c, tests/utils.h: tests:
	Added checks for false start operation

2016-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/kx.c,
	lib/algorithms/protocols.c, lib/gnutls_int.h, lib/handshake.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/state.c: 
	Added gnutls_handshake_set_false_start_function() This function allows to use TLS False-start, by using the provided
	function to send data just after finished message.

2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-is-known.c,
	tests/suite/softhsm.h, tests/suite/testpkcs11.softhsm,
	tests/utils.c, tests/utils.h: tests: enable softhsmv2 test suite by
	default Also do not fatally fail with known softhsmv2 bugs.

2016-02-26  Jan Vcelak <jan.vcelak@nic.cz>

	* tests/suite/testpkcs11.sh: pkcs11: tests for RSA, ECC, DSA private
	key import Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2016-02-26  Jan Vcelak <jan.vcelak@nic.cz>

	* tests/suite/testpkcs11.sh: pkcs11: tests for DSA key generating Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, tests/seccomp.c: added getpid() to the list
	of system calls used

2016-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added compilation rule with
	libubsan

2016-02-25  Jan Vcelak <jan.vcelak@nic.cz>

	* lib/x509/privkey_pkcs8.c: gnutls_x509_privkey_import: add missing
	algorithm setting for DSA keys The algorithm number was set only in the private key structure, not
	in the nested structure with parameters. This made certain
	operations to fail (e.g., copying the key into a PKCS #11 token).  Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2016-02-25  Jan Vcelak <jan.vcelak@nic.cz>

	* lib/pkcs11_privkey.c: pkcs11: implement correct DSA key pair
	generating Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2016-02-25  Jan Vcelak <jan.vcelak@nic.cz>

	* lib/pkcs11_int.c, lib/pkcs11_int.h: pkcs11: add interface for
	C_GenerateKey Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2016-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/sign.c: better match with unknown_tls_aid

2016-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/common.c, lib/x509/time.c: x509:
	moved time-specific functions to time.c

2016-02-24  Sebastian Dröge <sebastian@centricular.com>

	* configure.ac: configure: Android is ELF too Without this, compiling Android for x86 or x86-64 fails because the
	assembly optimizations are not compiled in.

2016-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha.md: mentioned the public git URL for cloning [ci
	skip]

2016-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/session-export-funcs.c: tests: check
	functions which export session parameters That is gnutls_session_get_random() and
	gnutls_session_get_master_secret().

2016-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/state.c: 
	Added gnutls_session_get_master_secret This provides the ability to export all session parameters in
	various formats.  Resolves #64

2016-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rehandshake-ext-secret.c: tests: gnutls_session_get_flags()
	is checked for extended master secret

2016-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-etm.c: tests: check gnutls_session_get_flags() for EtM

2016-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
	tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c: 
	tests: check gnutls_session_get_flags() for safe renegotiation

2016-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/state.c: 
	Added gnutls_session_get_flags() This function would allow to simplify handling of future flags which
	we may want to indicate, and would not require API additions for new
	flags.

2016-02-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: Revert ".gitlab-ci.yml: disable guile tests" This reverts commit 50ce516eebaf011f041002ecbfdb61b113159282.

2016-02-21  Ludovic Courtès <ludo@gnu.org>

	* guile/Makefile.am: guile: Fix out-of-tree builds.  This fixes a regression introduced in 3045a96.  * guile/Makefile.am (.in.scm): Make the parent directory of $@.

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: Improved documentation in _gnutls_sort_clist

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_list_import: corrected memory
	leak This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was
	specified and a failure occurred.

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: _gnutls_sort_clist: fixed issues when used with
	func option This function would incorrectly call func() on elements that were
	included in the list, and would not call func() if the size of the
	final chain was one.

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pcert-list.c: tests: added tests for
	gnutls_pcert_list_import_x509_raw()

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ext_master_secret.c: ext master secret: ensure we disable
	ext master secret if requested That is, on rehandshakes, as on the standard handshakes it is
	disabled by default.

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/rehandshake-ext-secret.c: tests: verify
	that we do not allow rehandshakes without ext master That is, if we have an initial session which uses the extended
	master secret do not allow subsequent rehandshakes to skip it.

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/sha3-test: tests: sha3-test: use different dates
	for generation and validation

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: eliminated memory leaks

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: bumped the version of max
	algorithm num to account for new signing algorithms

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: src: added systemkey-args to BUILT_SOURCES

2016-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/sha3-test: tests: simplified sha3-test

2016-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: updated for gnutls 3.4.9, nettle 3.2, gmp
	6.1.0 and p11-kit 0.23.2 [ci skip]

2016-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: disable guile tests This prevents the test suite from failing.

2016-02-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume.c: tests: resume: check whether the server does not
	resume in ext master secret mismatch Relates #69

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/db.c, lib/db.h, lib/ext/session_ticket.c, lib/handshake.c: 
	Ensure that session resumption does not occur when ext master secret
	status changes That is we make sure the server doesn't resume when: 1. Original session had extended master secret but not advertised in
	resumed 2. Original session did not have extended master secret but is
	advertised in resumed Relates #69

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume.c: tests: resume: simplified structure assignment
	using C99 syntax

2016-02-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/sha3-test,
	tests/cert-tests/template-ecdsa-sha3-256.pem,
	tests/cert-tests/template-ecdsa-sha3-512.pem,
	tests/cert-tests/template-rsa-sha3-256.pem,
	tests/cert-tests/template-rsa-sha3-512.pem,
	tests/cert-tests/template-test-ecc.key: tests: added certification
	generation tests with SHA-3 tests

2016-02-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
	lib/x509/common.h, src/certtool.c: Added NIST's OIDs for SHA3
	signature algorithms This allows to generate certificates signed with SHA3.

2016-02-11  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls.in: guile: Work around lack of 'eval-when' on
	1.8.  * guile/modules/gnutls.in (eval-when) [!guile-2]: New macro.

2016-02-11  Ludovic Courtès <ludo@gnu.org>

	* configure.ac: guile: Install modules in versioned directory by
	default.  * configure.ac: Change default 'GUILE_SITE' value to include
	$guile_effective_version.

2016-02-11  Ludovic Courtès <ludo@gnu.org>

	* guile/Makefile.am, guile/src/Makefile.am: guile: build: Make
	silent rules actually quiet.  * guile/Makefile.am (.in.scm): Use $(AM_V_GEN) and $(AM_V_at).  * guile/src/Makefile.am (enums.h, enum-map.i.c) (smobs.h, smob-types.i.c, %.x): Likewise.

2016-02-11  Ludovic Courtès <ludo@gnu.org>

	* configure.ac, guile/Makefile.am, guile/modules/Makefile.am,
	guile/tests/Makefile.am: guile: Build and install .go files on Guile
	2.x.  * configure.ac: Check for 'guild' and substitute 'GUILD'.  Define
	'HAVE_GUILD'.  Substitute 'guileobjectdir'.  Don't output
	guile/modules/Makefile and guile/tests/Makefile.  * guile/modules/Makefile.am, guile/tests/Makefile.am: Remove.  Move
	contents to...  * guile/Makefile.am: ... here.  (SUBDIRS): Remove 'modules' and 'tests'.

2016-02-11  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: guile: doc: Change prompt in examples.  * doc/gnutls-guile.texi (Guile Preparations): Use the prompt found
	in 2.0.  Change "libguile-gnutls-v-0" to "guile-gnutls-v-2".

2016-02-11  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi, guile/modules/gnutls/build/tests.scm: 
	guile: tests: Add Guile 2.2 compatibility layer.  This allows tests to run with Guile 2.1/2.2.  * guile/modules/gnutls/build/tests.scm (define-replacement)
	[guile-2]: New macro.  (uniform-vector-read!, uniform-vector-write)
	[guile-2]: New procedures.  * doc/gnutls-guile.texi (Guile Preparations): Mention 2.2.

2016-02-11  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
	guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: 
	guile: tests: Make sure no processes are left behind.  Before that, child processes would be left behind and become
	zombies.  * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
	guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: Add
	(waitpid pid) call on the server side.

2016-02-11  Ludovic Courtès <ludo@gnu.org>

	* guile/.dir-locals.el, guile/Makefile.am,
	guile/modules/gnutls/build/tests.scm,
	guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
	guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: 
	guile: tests: Add 'with-child-process'.  This makes sure that child processes always exit no matter what.  * guile/modules/gnutls/build/tests.scm (define-syntax-rule)
	[!guile-2]: New macro.  (call-with-child-process): New procedure.  (with-child-process): New macro.  * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
	guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: Use
	it instead of an explicit 'primitive-fork' call.  * guile/.dir-locals.el: New file.  * guile/Makefile.am (EXTRA_DIST): New variable.

2016-02-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: mini-loss-time: ensure client
	timeouts after the server is This addresses issue with the server detecting the client
	disconnection prior to its timeout. Reported by Steven Chamberlain,
	Andreas Metzler.

2016-02-12  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/ext/heartbeat.c, lib/handshake.c, lib/record.c, lib/record.h: 
	Removed the invariant htype parameter of _gnutls_recv_int() All uses of _gnutls_recv_int() passed -1 as the htype argument of
	type gnutls_handshake_description_t, which had been used for SSLv2
	client hellos. Introduced in 2001 with dc1122e7b6.

2016-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/int/rsa-keygen-fips186.c: provable RSA key generation:
	adjust the seed size based on N size

2016-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/int/rsa-keygen-fips186.c: provable RSA key generation:
	allow non-2048 and non-3072 keys That is enforce the 2048 and 3072-bit limit to FIPS when in
	FIPS140-2 mode.

2016-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: DH/DSA: allow the generation of larger
	than 15360 bit parameters

2016-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/hash-large.c: tests: eliminated mem leak in hash-large

2016-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am, tests/slow/hash-large.c,
	tests/slow/test-hash-large: tests: check whether large buffer hashes
	and MAC work as expected

2016-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/hmac-x86-ssse3.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-padlock.h,
	lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/mac.c: nettle: use
	the correct type for hash and MAC functions

2016-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/rsa-keygen-fips186.c: provable prime generation:
	arbitrary seed lengths are accepted in non-FIPS mode

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-cipher.c: gnutls-cli: improved indentation in
	benchmark output

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: removed unused variable

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am, src/certtool-common.c, src/certtool-common.h,
	src/certtool.c, src/common.h: certtool: the --generate-dh-params
	option can be combined with --provable This however, will generate provable DSA parameters and import them
	as DH parameters.  Resolves #72

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: the --dh-info option will
	retrieve DH parameters from DSA keys

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h, tests/dh-params.c: tests:
	added check for gnutls_dh_params_import_dsa

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/dh.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: 
	Added gnutls_dh_params_import_dsa() which allows to import DSA
	parameters into DH ones This simplifies importing DSA private keys into DH parameters.

2016-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_pkcs12_cred.c: tests: set_pkcs12_cred: existing tests
	are disabled when in FIPS140-2 mode The tests require access to the RC4 cipher which is not available.

2016-02-10  Attila Molnar <attilamolnar@hush.com>

	* lib/ext/status_request.c, tests/Makefile.am,
	tests/ocsp-filename-memleak.c: Fix memory leak in
	gnutls_certificate_set_ocsp_status_request_file() Signed-off-by: Attila Molnar <attilamolnar@hush.com>

2016-02-06  Attila Molnar <attilamolnar@hush.com>

	* lib/anon_cred.c, lib/cert.c, lib/psk.c, lib/srp.c: doc: Update
	description of credential alloc/dealloc functions Get rid of "This structure is complex enough to manipulate
	directly..." text which suggests that these functions are optional,
	"helper" functions when in fact their usage is required for
	encapsulation reasons.

2016-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-02-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/alpn.c, lib/includes/gnutls/gnutls.h.in,
	tests/Makefile.am, tests/alpn-server-prec.c: ALPN: added the
	GNUTLS_ALPN_SERVER_PRECEDENCE flag This allows the server to set precedence on the protocols it
	supports, rather than following the client's order.  Resolves #71

2016-02-09  Andreas Metzler <ametzler@bebt.de>

	* doc/cha-gtls-app.texi: improve doc on special keywords in priority
	string Special keywords in priority strings like %COMPAT may not be
	prefixed with +, - or !, "NORMAL:+%COMPAT is invalid.

2016-02-06  Attila Molnar <attilamolnar@hush.com>

	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/cha-tokens.texi, lib/auth.c, lib/dtls.c, lib/extensions.c,
	src/tpmtool-args.def: doc: Fix some typos

2016-02-06  Attila Molnar <attilamolnar@hush.com>

	* doc/cha-gtls-app.texi, src/certtool-cfg.c, src/serv-args.def: 
	Remove remaining RSA-EXPORT support leftovers from doc and messages

2016-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-pubkey-import-ecdsa.c: tests:
	pkcs11-pubkey-import-ecdsa will only work under softhsmv2

2016-01-31  Andreas Metzler <ametzler@bebt.de>

	* lib/openpgp/openpgp.c, lib/pubkey.c, lib/x509/pkcs12_bag.c,
	lib/x509/x509.c, lib/x509/x509_ext.c, src/certtool-cfg.c: Fix some
	more typos.  certifcate, funtion, withing, missmatch

2016-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-krb5name.pem,
	tests/cert-tests/template-othername-xmpp.pem,
	tests/cert-tests/template-othername.pem: tests: updated check to
	account for revert in 7d3caedb8df9d04eee9513cb5b3b417ae29927f5

2016-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-date.pem,
	tests/cert-tests/template-dn.pem,
	tests/cert-tests/template-generalized.pem,
	tests/cert-tests/template-nc.pem,
	tests/cert-tests/template-overflow.pem,
	tests/cert-tests/template-overflow2.pem,
	tests/cert-tests/template-test.pem,
	tests/cert-tests/template-unique.pem: Revert "tests: updated to
	account for cert generation after
	2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix" This reverts commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b.

2016-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_ext.c: Revert "Fix out-of-bounds read in
	gnutls_x509_ext_export_key_usage" This was not really an out-of-bounds check. Added documentation to
	make that clear.  This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d.

2016-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: certtool: corrected email escaping in
	texinfo

2016-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi, lib/system.c, tests/seccomp.c: 
	Replaced select() system call with poll() on POSIX systems This allows to use the default gnutls functions with file
	descriptors over the maximum supported by select.

2016-01-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/windows/Makefile.am: tests: windows: fixed check-output call

2016-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/windows/crypt32.c: tests: added dummy functions used by
	CAPI32 implementation

2016-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/windows/Makefile.am, tests/windows/check-output: tests:
	better checking for failure in windows cng check

2016-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system-keys-win.c: system-key-win: call
	CertFreeCertificateContext()

2016-01-22  Bjørn Christensen <bhc@insight.dk>

	* lib/system-keys-win.c: system-key-win: added interface to  CAPI,
	old style crypto api on windows

2016-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: certtool: corrected texinfo output for
	krb5_principal

2016-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/priorities.c: tests: priorities: account for the addition of
	CHACHA20-POLY1305

2016-01-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/priority.c: CHACHA20_POLY1305 was added to the default
	priority strings That is the NORMAL and PERFORMANCE priority strings now will enable
	CHACHA20-POLY1305 by default.

2016-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/global.c: gnutls_global_init: log gnutls' version on
	initialization

2016-01-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: corrected typo [ci skip]

2016-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha.md: README: added trousers to list of dependencies
	[ci skip]

2016-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
	tests/cert-tests/template-krb5name-full.pem: tests: added check for
	KRB5Principal output Resolves #67

2016-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README.md => README-alpha.md: README.md ->
	README-alpha.md

2016-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: updated copyright info

2016-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README => README-install.md: README: auto-generated
	from README-install.md

2016-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: gnutls_int.h: increased MAX_SERVER_NAME_SIZE to
	256 bytes

2016-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pubkey.c: gnutls_pubkey_import_x509_raw: fixed memory leak

2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/krb5-test,
	tests/cert-tests/template-krb5name.pem,
	tests/cert-tests/template-krb5name.tmpl: tests: added check for the
	krb5_principal template option

2016-01-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c: certtool: introduced
	the krb5_principal template option

2016-01-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls.asn, lib/gnutls_asn1_tab.c,
	lib/includes/gnutls/gnutls.h.in, lib/x509/Makefile.am,
	lib/x509/common.h, lib/x509/krb5.c, lib/x509/krb5.h,
	lib/x509/output.c, lib/x509/virt-san.c: x509: introduced
	GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL That allows to print and write KRB5PrincipalName othernames in
	subject alternative name.

2016-01-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: place newline when printing unsupported
	othernames

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
	lib/x509/virt-san.c, lib/x509/virt-san.h, lib/x509/x509_ext.c,
	lib/x509/x509_ext_int.h: x509: moved virtual subject alternative
	name othername support to virt-san.c

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_write.c: gnutls_x509_crt_set_subject_alt_name:
	documented the version after which GNUTLS_SAN_OTHERNAME_XMPP is
	available

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/othername-test,
	tests/cert-tests/template-othername-xmpp.pem,
	tests/cert-tests/template-othername-xmpp.tmpl: tests: added check
	for XMPP othername generation

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-cfg.c: certtool: allow writing
	xmpp_name

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
	lib/x509/x509_ext.c, lib/x509/x509_write.c: Allow assigning
	'virtual' SAN types via *_set_subject_alt_name()

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: document newly added functions

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/alpn.c: alpn: when parsing the list of protocols return at
	the first mutually common That resolves an issue where the server wouldn't select the first
	mutually supported.  Resolves #63

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-alpn.c: tests: mini-alpn: corrected protocol selection
	order

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-alpn.c: tests: alpn: enhance the testing of ALPN
	negotiation

2016-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/alpn.c: alpn: document how the selected protocol is
	selected [ci skip]

2016-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-alpn.c: tests: verify that the selected ALPN protocol
	is the first advertised

2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: gnutls_aead_cipher_decrypt: removed misleading
	text Reported by Fridolin Pokorny.

2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/othername-test,
	tests/cert-tests/template-othername.pem,
	tests/cert-tests/template-othername.tmpl: tests: added check for
	certtool's othername writing functionality

2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: certtool: added ability to generate othernames via
	template files Relates #62

2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/crq.c, lib/x509/x509_int.h,
	lib/x509/x509_write.c: x509: added flags to enable the encoding of
	othername data

2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c,
	lib/x509/extensions.c, lib/x509/x509_ext.c, lib/x509/x509_int.h,
	lib/x509/x509_write.c: x509: introduced functions to set an
	othername alternative name That is, added, gnutls_x509_crt_set_subject_alt_othername,
	gnutls_x509_crt_set_issuer_alt_othername,
	gnutls_x509_crq_set_subject_alt_othername Relates #62

2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: trust_list_get_issuer_by_dn: fixed check
	for DN or SPKI

2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: no longer distribute lzip tarballs

2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: symbols.last: don't include internal symbols into
	exported list

2016-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-date.pem,
	tests/cert-tests/template-dn.pem,
	tests/cert-tests/template-generalized.pem,
	tests/cert-tests/template-nc.pem,
	tests/cert-tests/template-overflow.pem,
	tests/cert-tests/template-overflow2.pem,
	tests/cert-tests/template-test.pem,
	tests/cert-tests/template-unique.pem: tests: updated to account for
	cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix

2016-01-04  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/x509/x509_ext.c: Fix out-of-bounds read in
	gnutls_x509_ext_export_key_usage

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: optimized build process That is, in slow asan and valgrind builds don't check the full test
	suite.

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
	the writing of ECC private key

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am,
	tests/suite/pkcs11-pubkey-import-ecdsa.c,
	tests/suite/pkcs11-pubkey-import-rsa.c,
	tests/suite/pkcs11-pubkey-import.c: tests: pkcs11-pubkey-import will
	check both RSA and ECDSA keys

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
	the type of the written object Previously only RSA objects were correctly written.

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-common.h: tests: added ECDSA key in cert-common.h

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: pkcs11: moved default RSA public exponent
	out of stack

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: pkcs11: import public keys from any
	available object That is, load public keys from the public key object, or the
	certificate object if they are present. That affects non-RSA public
	keys which do not contain all required fields on the private key
	object.

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/db.h: session DB: made the magic number depending on gnutls'
	version That will make sure that sessions not stored by this version of
	gnutls will not be resumed by another (which may be incompatible).

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/{ui.c => fingerprint.c}: ui.c ->
	fingerprint.c

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/status_request.c, lib/ui.c: split OCSP functionality from
	ui.c

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/anon_cred.c, lib/ui.c: split anon credentials functionality
	from ui.c

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/psk.c, lib/ui.c: split psk functionality from ui.c

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/session.c, lib/ui.c: split session info functions from ui.c

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/cert-session.c, lib/ui.c: split certificate
	credentials functions from ui.c

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/cert.c, lib/dh-session.c, lib/ui.c: split dh
	API functions from ui.c

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/randomart.c, lib/ui.c: split randomart
	functionality from ui.c

2015-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/file.c, lib/{helper.h => file.h},
	lib/helper.c, lib/psk.c, lib/srp.c, lib/ui.c: helper.c -> file.c

2015-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def: certtool: doc update [skip ci]

2015-12-26  Andreas Metzler <ametzler@bebt.de>

	* README, lib/ext/srtp.c, lib/locks.c, lib/opencdk/keydb.c,
	lib/priority.c, lib/x509/pkcs7.c, tests/mini-handshake-timeout.c: 
	Fix some typos [ci skip]

2015-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: doc update [ci skip]

2015-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/dtls.c, lib/gnutls_int.h: respect the max-record extension
	under DTLS This resolves issue with max-record being negotiated but ignored.
	Resolves #61

2015-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/tls-max-record.c: tests: added check for
	max-record extension in TLS

2015-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/dtls-max-record.c, tests/eagain-common.h: 
	tests: check whether the max-record extension is usable with DTLS

2015-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/dtls.c: dtls: print the MTU in debugging messages

2015-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-crypto.texi, lib/includes/gnutls/gnutls.h.in: updated
	documentation on supported algorithms [ci skip]

2015-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Added SHA384 to the list of TLS support
	MAC algorithms

2015-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/README.ci-runners: documented the gitlab ci runner tags

2015-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl: 
	tests: added timeout in long-running checks

2015-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: eliminated various memory leaks

2015-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: prevented memory leak in pkcs8-info cmd

2015-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: do not use signal() under win32

2015-12-18  Alon Bar-Lev <alon.barlev@gmail.com>

	* configure.ac: build: configure.ac: manpages cleanups Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-12-18  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitignore, Makefile.am, configure.ac, doc/Makefile.am,
	doc/manpages/Makefile.am: build: allow installing man(1) even with
	--disable-doc Currently these man pages are installed only if --enable-doc is
	provided, while these are not actually docs, do not require any
	special dependency, nor consume large space.  This adds --enable-manpages to enable/disable manpages installation,
	and install the man(1) regardless of --disable-doc.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@redhat.com>

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: ignore sigpipe This signal was observed under certain cirquimstances

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: don't close stdout on exit

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-output.c: pkcs7: eliminated leak in
	gnutls_pkcs7_print

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pubkey.c: gnutls_pubkey_import_privkey: document that this
	operation is not possible in certain keys

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi: doc: replace writev with sendmsg in
	the list of system calls

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/no-signal.c: tests: don't run the no-signal test in systems
	which MSG_NOSIGNAL is not available

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c, tests/seccomp.c: Reduce the number of used syscalls
	by using sendmsg() instead of writev() We relied on sendmsg() anyway for the MSG_NO_SIGNAL version of the
	calls, thus it is a good idea to avoid calling writev() and use
	sendmsg(). That way we reduce the number of calls required for
	seccomp.

2015-12-17  Alon Bar-Lev <alon.barlev@gmail.com>

	* doc/manpages/tpmtool.1: doc: manpages: remove generated tpmtool.1
	page Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-12-17  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitignore: .gitignore: add m4/extern-inline.m4

2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/pkcs7: tests: added check to verify that the
	PKCS#7 embedded data are recovered as expected

2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: introduced the
	--p7-show-data option This option allows printing the embedded data in a PKCS#7 signed
	structure.

2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: 
	gnutls_pkcs7_get_embedded_data: added function This function allows extracting the embedded data from a PKCS#7
	signed structure.

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs7-gen.c: tests: updated pkcs7-gen to account for
	content-type attribute

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/pkcs7: tests: check whether the content-type
	attribute is set if we sign using time

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: set by default the content type attribute That is a requirement of rfc5652. Relates #59

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crq.c, lib/x509/mpi.c, lib/x509/pkcs7.c,
	lib/x509/sign.c, lib/x509/x509_int.h: pkcs7: use the
	PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7
	structures That is because there are implementations which cannot cope with the
	normal RSA signature OIDs. Relates #59

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c, tests/cert-tests/p7-combined.out: pkcs7: Disable
	the optional fields prior to generating the PKCS#7 structure This resolves issue with our PKCS#7 structures not being parsed by
	MacOSX' tools. Relates #59

2015-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: corrected invalid free

2015-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: warn if an ECDSA key is marked for
	encryption

2015-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/Makefile.am: build: fix make distclean by
	including src/gl only once

2015-12-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/session_pack.c, lib/state.c, lib/ui.c: make sure gnutls_assert
	is present at the cases where GNUTLS_E_INTERNAL_ERROR is returned

2015-12-14  Gustavo Zacarias <gustavo@zacarias.com.ar>

	* configure.ac: configure: really make --disable-crywrap work The crywrap variable is set regardless of the state of
	enable_crywrap, hence --disable-crywrap never works.  Just put the
	tests for crywrap deps inside the enable_crywrap conditional.  Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

2015-12-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: the --p7-time
	option was made an enable/disable option It remains disabled by default.

2015-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/dtls-handshake-versions.c,
	tests/handshake-versions.c: tests: check whether server returns the
	correct error code if presented with invalid versions That is gnutls_handshake() will return
	GNUTLS_E_UNSUPPORTED_VERSION_PACKET in server side, if the client
	presents a very old TLS version which is not supported.  Relates #42

2015-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/protocols.c, lib/handshake.c,
	lib/handshake.h, lib/sslv2_compat.c: handshake: when receiving a TLS
	version which is too low fail That is, don't treat all unsupported version as being to high. Treat
	versions which are not known and lower than the highest as a
	protocol error.  Resolves #42

2015-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: valgrind build was moved at the
	end as it is the slowest build

2015-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: the
	--p7-include-cert option is enabled by default This allows to generate PKCS#7 structures by default that can be
	read by iOS.

2015-12-13  sskaje <sskaje@gmail.com>

	* src/certtool-args.def, src/certtool.c: #56 Feature: certtool
	--p7-sign support GNUTLS_PKCS7_INCLUDE_CERT

2015-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c: gnutls-cli-debug: rephrased inappropriate
	fallback test description to match the rest

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS
	#11 private keys for DSA and ECDSA This prevents the reading of the public key when non-RSA keys are
	available. This is a much cleaner approach than
	5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pubkey.c: Revert "Do not allow importing public keys from PKCS
	#11 private keys for DSA and ECDSA" This reverts commit 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-common.h,
	tests/rehandshake-switch-cert-allow.c,
	tests/rehandshake-switch-cert-client-allow.c,
	tests/rehandshake-switch-cert-client.c,
	tests/rehandshake-switch-cert.c: tests: check whether a peer
	changing certificate is detected

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-rehandshake-2.c, tests/mini-rehandshake.c: tests: doc
	update

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/errors.c, lib/gnutls_int.h, lib/handshake.c,
	lib/includes/gnutls/gnutls.h.in, lib/state.c: Do not allow
	certificate change during a rehandshake That is require that the certificate of the peer remains the same
	and return GNUTLS_E_SESSION_CERTIFICATE_CHANGED otherwise. To revert
	to the previous behavior the GNUTLS_ALLOW_CERT_CHANGE flag was
	introduced.

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/pkcs11-pubkey-import.c: 
	tests: check whether gnutls_pubkey_import_privkey() operates well
	for PKCS#11 RSA keys

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pubkey.c: Do not allow importing public keys from PKCS #11
	private keys for DSA and ECDSA That is, because they do not contain all the required parameters for
	a direct import. Reported by Jan Vcelak.

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: pkcs11: avoid setting a variable which isn't
	used

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/pkcs11.c: MAX_PK_PARAM_SIZE was moved to
	gnutls_int.h

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
	deinitialize gnutls_pkcs11_obj_t's pubkey on deinit

2015-12-06  Jan Vcelak <jan.vcelak@nic.cz>

	* lib/pkcs11_privkey.c: pkcs11: fix passing of incorrect variable in
	privkey_get_pubkey The code worked for RSA because the content of the variables
	matched.  But it doesn't match for ECC.  CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0)
	CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3) Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2015-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: gnutls-cli: don't use RSA ciphersuites to
	test chacha20 as they are not defined

2015-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: documented bug in
	gnutls_x509_crt_get_*_unique_id()

2015-12-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: tools: don't compile tpmtool if PKCS11 is
	disabled That is because GnuTLS' TPM code makes use of the PKCS11 PIN
	callbacks.

2015-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/extensions.c: Amend "When decoding extensions do not ignore
	decoding errors" Do not treat an error the fact that no extensions field is present.

2015-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: allow specifying NULL buffer in
	gnutls_x509_crt_get_*_unique_id()

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: NEWS: removed functions that were part of 3.4.x releases

2015-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/cert-common.h,
	tests/tlsext-decoding.c: tests: added check for TLS extension
	decoding error propagation Relates #40

2015-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/alert.c, lib/errors.c, lib/extensions.c,
	lib/includes/gnutls/gnutls.h.in: When decoding extensions do not
	ignore decoding errors That is, move from a parsing error tolerance to a more strict
	decoding approach.  Relates #40

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: .gitignore: more files to ignore

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp_output.c: ocsp_output: when next update is not
	present don't print error message That is because this field is optional.  Resolves #53

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/override-ciphers: tests:
	override-ciphers will not run mac tests on windows There is some issue with symbols for self tests not being exported.

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: removed separate builddir build
	from x86-64 targets to reduce builds

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests:
	updates for certtool test to run under windows

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: minimal library no longer requires
	x86-64 for compilation

2015-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: in windows build skip the gnulib
	tests

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added windows build

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
	tests/cert-tests/certtool, tests/cert-tests/certtool-long-cn,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/cert-tests/pkcs7, tests/pkcs8-decode/pkcs8: tests: changes for
	running tests under windows

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/override-ciphers, tests/slow/test-ciphers: tests:
	cipher-test will forward the prog exit code as the script exit code

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README: added information for windows build

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/libopts/text_mmap.c: libopts: use the O_BINARY flag in windows
	for files

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
	src/libopts/COPYING.mbsd, src/libopts/Makefile.am,
	src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.c, src/libopts/autoopts.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
	src/libopts/check.c, src/libopts/compat/compat.h,
	src/libopts/compat/pathfind.c, src/libopts/compat/windows-config.h,
	src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c,
	src/libopts/env.c, src/libopts/file.c, src/libopts/find.c,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/gettext.h, src/libopts/init.c, src/libopts/intprops.h,
	src/libopts/libopts.c, src/libopts/load.c,
	src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
	src/libopts/m4/stdnoreturn.m4, src/libopts/makeshell.c,
	src/libopts/nested.c, src/libopts/numeric.c,
	src/libopts/option-value-type.c,
	src/libopts/option-xat-attribute.c, src/libopts/parse-duration.c,
	src/libopts/parse-duration.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
	src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
	src/libopts/stack.c, src/libopts/stdnoreturn.in.h,
	src/libopts/streqvcmp.c, src/libopts/text_mmap.c,
	src/libopts/time.c, src/libopts/tokenize.c, src/libopts/usage.c,
	src/libopts/version.c: libopts: updated to 5.18.6

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c: use consistent terms in system.c and
	system-keys-win.c

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, tests/Makefile.am, tests/cert-common.h,
	tests/seccomp.c, tests/windows/Makefile.am,
	tests/windows/cng-windows.c, tests/windows/crypt32.c,
	tests/windows/ncrypt-int.h, tests/windows/ncrypt.c: tests: added
	basic functionality testing for system-keys in windows

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/crypto.h, lib/libgnutls.map, lib/pk.c,
	lib/pk.h: Added gnutls_encode_ber_digest_info and
	gnutls_decode_ber_digest_info

2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cross.mk: cross.mk: allow building with mingw64

2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am: tests: use gnulib where needed

2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cross.mk: cross.mk: updated windows cross compile makefile

2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/global-init-override.c: tests: disable global-init-override
	test in windows Gcc does not support weak symbols on this platform.

2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: tools: don't call endservent in windows

2015-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: added cast to silence gcc warning

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-extension.c: tests: added check for multiple extension
	registering

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extensions.c, lib/extensions.h: statically initialize
	extensions instead of using the lib constructor

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/alpn.c, lib/ext/alpn.h, lib/ext/cert_type.c,
	lib/ext/cert_type.h, lib/ext/dumbfw.c, lib/ext/dumbfw.h,
	lib/ext/ecc.c, lib/ext/ecc.h, lib/ext/etm.c, lib/ext/etm.h,
	lib/ext/ext_master_secret.c, lib/ext/ext_master_secret.h,
	lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/ext/max_record.c,
	lib/ext/max_record.h, lib/ext/safe_renegotiation.c,
	lib/ext/safe_renegotiation.h, lib/ext/server_name.c,
	lib/ext/server_name.h, lib/ext/session_ticket.c,
	lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h,
	lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h,
	lib/ext/status_request.c, lib/ext/status_request.h,
	lib/extensions.c: marked all extensions structures as constant

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system-keys-win.c: system-keys-win: allow reinitialization of
	the library after a deinitialization

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/getfuncs.pl: getfuncs.pl: don't consider functions
	with _gnutls prefix

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/global.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: 
	gnutls_global_init_skip: prefixed with an underscore

2015-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added clang compilation target

2015-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: check fread_file() for errors in all
	situations This caused certtool to crash on invalid input on stdin.  Reported
	by Christoph Biedl.

2015-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_write.c: doc update

2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ui.c: gnutls_certificate_set_flags: Added since

2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/set_x509_key_mem.c: tests: check gnutls_certificate_flags

2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.h, lib/cert.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/ui.c: Added gnutls_certificate_flags() and
	GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH That allows a user of the credentials to disable the certificate
	matching action. That is, to disable the calls to sign and verify on
	initialization.

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am: link with libdl when trousers is enabled;
	reported by Andreas Schneider

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: enhanced cipher selftests with variable
	key sizes on arcfour

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: Do not enforce a maximum key size on ARCFOUR That makes the library consistent with the behavior of previous
	versions (3.3.x)

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: make TLS 1.6 fallback check more
	reliable

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pubkey.c, lib/x509/x509_write.c: doc update

2015-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README: added non-interactive versions of commands

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: disable non-suiteb curves in all
	systems as we have multiple which are fedoras

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/global-init-override.c, tests/global-init.c: tests:
	corrected copyright info

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: documented GNUTLS_SKIP_GLOBAL_INIT macro

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/global-init-override.c: tests: added
	check for overriding global initialization

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/global.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: 
	Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skip implicit
	global initialization

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/utils.c: tests: utils.c: simplify windows check

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: added build and check in FIPS140-2
	mode

2015-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls-client-with-seccomp.c, tests/dtls-with-seccomp.c,
	tests/tls-client-with-seccomp.c, tests/tls-with-seccomp.c: tests:
	made seccomp tests more reliable by waiting for each side to
	terminate

2015-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: document how to use gnutls with
	seccomp

2015-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: reorganized and added a simple
	build and check on x86-64 rule The latter also enables the seccomp checks.

2015-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am,
	tests/dtls-client-with-seccomp.c, tests/dtls-with-seccomp.c,
	tests/seccomp.c, tests/tls-client-with-seccomp.c,
	tests/tls-with-seccomp.c, tests/utils.h: tests: check operation of
	TLS and DTLS under seccomp when configured with
	--enable-seccomp-tests

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_write.c: 
	gnutls_x509_crt_set_subject/issuer_unique_id: added Since in doc

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pubkey.c: doc update

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-crypto.texi, lib/includes/gnutls/pkcs7.h,
	lib/x509/pkcs7.c: Added documentation on PKCS #7 signing

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: updated chacha20 ciphers to conform
	to latest draft

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/{eagain => eagain.sh},
	tests/suite/{invalid-cert => invalid-cert.sh},
	tests/suite/testcompat-openssl.sh,
	tests/suite/testcompat-polarssl.sh, tests/suite/{testdane =>
	testdane.sh}, tests/suite/{testrandom => testrandom.sh},
	tests/suite/{testrng => testrng.sh}, tests/suite/{testsrn =>
	testsrn.sh}: tests: suite: more shell scripts were given the .sh
	suffix and simplified makefile

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
	tests/cert-tests/template-unique.pem,
	tests/cert-tests/template-unique.tmpl: tests: verify that unique IDs
	are generated as expected

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: certtool: Allow writing unique IDs in generated
	certificates

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/x509_write.c: Added gnutls_x509_crt_set_issuer_unique_id()
	and gnutls_x509_crt_set_subject_unique_id()

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: properly indent unique IDs

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-x509-kx.c: tests: added check with
	the various X.509 key exchanges

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509-dual.c: tests: check rehandshake from anon to DHE

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: documented the GNUTLS_NO_EXPLICIT_INIT
	environment variable

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: crypto-api: doc update

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dhe.c, lib/auth/ecdhe.c: Allow switching a ciphersuite to
	DHE and ECDHE on a rehandshake

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/eagain-common.h, tests/mini-x509-dual.c: 
	tests: added check for ciphersuite switch from anonymous to
	certificate

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: disable guile in asan builds

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/{chain => chain.sh},
	tests/suite/{test-ciphersuite-names => test-ciphersuite-names.sh},
	tests/suite/{testpkcs11 => testpkcs11.sh}: tests: suite: don't run
	shell scripts with valgrind

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testsrn: tests: testsrn: output errors on stderr

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/state.c: deinitialize all handshake keys when handshake is
	over

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: testdane: improved error detection in sites

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/chain,
	tests/suite/pkcs11-is-known.c, tests/suite/suppressions.valgrind,
	tests/suite/testsrn, tests/suite/x509paths/suppressions.valgrind: 
	tests: suite: eliminate many leaks in the tests and run them under
	valgrind

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: eliminate leaks in _verify_x509_mem()

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-certs/Makefile.am,
	tests/openpgp-certs/suppressions.valgrind,
	tests/openpgp-certs/testcerts: tests: openpgp-certs: use valgrind

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/extras.c: openpgp: eliminate leaks in
	gnutls_openpgp_keyring_import()

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/mini-eagain2.c: tests: eliminate leaks in
	mini-eagain2.c

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: eliminate memory leaks in certificate
	generation

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-tests/Makefile.am, tests/key-tests/key-id,
	tests/key-tests/pkcs8, tests/key-tests/suppressions.valgrind: tests:
	key-tests: use valgrind

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pubkey.c: gnutls_x509_crt_set_pubkey: clarify usage

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: pkcs12: correctly set
	salt size in gnutls_pkcs12_mac_info Also eliminate leaks in PKCS #12 parsing.

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
	tests/pkcs12-decode/suppressions.valgrind: tests: run the PKCS #12
	tests under valgrind

2015-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: make sure that pkcs12 structures are
	deinitialized

2015-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/provable-dsa2048-fips.pem,
	tests/cert-tests/provable-privkey: tests: provable-privkey: fixed
	DSA test on FIPS140 enabled systems

2015-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/rsa-keygen-fips186.c: nettle: be more specific in
	seed size mismatches

2015-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c: crypto-backend: ensure there are no leaks on
	deinitialization

2015-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c, tests/mini-etm.c,
	tests/mini-record.c: Require TLS 1.2 for all the ciphersuites which
	are defined for it only This solves an interoperability issue with openssl. Reported by
	Viktor Dukhovni.

2015-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
	src/pkcs11.c: p11tool: introduced --only-urls option This option allows printing a compact listing containing only of
	URLs.

2015-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/cipher.c, lib/constate.c, lib/dtls.c, lib/gnutls_int.h: Modified
	the CHACHA20 cipher to conform to
	draft-ietf-tls-chacha20-poly1305-02

2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: use static libasan This prevents issues with tests which use LD_PRELOAD.

2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: disable non-suiteb curves on build
	on Fedora system

2015-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: tools: better ftp auth tls negotiation

2015-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-x509-default-prio.c: tests: added
	check for gnutls_priority_set_default

2015-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: tools: only check for status code in FTP starttls
	negotiation

2015-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: tools: print more info in starttls negotiation when
	--verbose is given

2015-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls.pc.in: gnutls.pc: don't use the libtool version of the
	link options Reported by Dan Kegel.  Resolves #49

2015-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-hello-verify-48.c: tests: simplified
	mini-dtls-hello-verify-48

2015-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-hello-verify-48.c: tests: added
	check for blocking on invalid DTLS cookie Relates to #48

2015-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/heartbeat.c: removed inacurate text

2015-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/cipher_int.c: doc update

2015-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/kx.c: doc update

2015-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphers.c: doc update

2015-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/privkey.c: doc: document the sign function requirements in
	gnutls_privkey_import_ext

2015-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: Mention key protection through isolation
	in crypto backend section

2015-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib: 
	doc: updated supplemental data documentation

2015-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testdane: tests: testdane will not check hosts which
	are unreachable

2015-10-20  Andreas Metzler <ametzler@bebt.de>

	* lib/auto-verify.c, lib/state.c: Documentation update The new simple verification functions were backported to 3.4.6,
	correct "Since:" to reflect this.

2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: documented future level

2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h: pkcs11.h: relocated
	gnutls_pkcs11_copy_pubkey to allow discovery by buggy doc scripts

2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: bumped version to distinguish from 3.4 branch

2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ext_master_secret.c: ext master secret: extension is
	marked as mandatory This forces the extension to be sent even where resuming sessions.
	Resolves #45

2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume.c: tests: Check whether a resumed session contains
	the ext master secret extension Relates #45

2015-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/alpn.c: alpn: avoid warning on signed/unsigned

2015-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README: updated CI link

2015-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: doc: set a path which includes new binaries when
	running autogen That makes sure that autogen will discover the binaries to obtain
	the --help output.

2015-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug-args.def: gnutls-cli-debug: updated doc

2015-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug-args.def, src/cli-debug.c, src/cli.c,
	src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h: 
	tools: when the starttls-proto is specified automatically detect the
	port if not given

2015-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11, tests/suite/testpkcs11.softhsm: tests:
	verify that public keys are properly written Also disable parts of the suite that softhsm2 cannot properly work
	with, to allow running parts of the suite even with broken softhsm.

2015-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pubkey.c: cleanup in gnutls_pubkey_import_rsa_raw

2015-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11_read_pubkey: make input type more clear

2015-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: Allow writing a PKCS #11 pubkey object

2015-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: tools: allow importing a pubkey from a
	certificate

2015-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11:
	introduced gnutls_pkcs11_copy_pubkey That allows copying a public key to a PKCS #11 module.

2015-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: combined the slow build with the
	separate build dir

2015-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c, lib/cipher_int.c, lib/priority.c: 
	Disable the NULL cipher on runtime when FIPS140 mode is enabled
	instead of statically That way the NULL cipher can be used when not in FIPS140 mode.

2015-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/kx.c, lib/priority.c: re-enable NULL ciphersuites They were accidentally disabled by
	b237b37d4d17ee4f98629aae9d72aec87f434cb8

2015-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/priorities.c: tests: check whether the RSA-EXPORT and
	ARCFOUR-40 legacy strings are accepted

2015-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/algorithms/kx.c,
	lib/gnutls_int.h, lib/priority.c: Tolerate priority strings with
	names of legacy ciphers and key exchanges That enables better backwards compatibility with old applications
	which disable or enable algorithms which no longer are supported.
	Relates #44

2015-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_write.c: pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER
	when writing on a certificate That allows NSS to read and use the written certificate.  Relates
	#43

2015-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/sec-params.c: tests: enhanced sec-params check to account
	for future sec-param

2015-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c: certtool: recognize the future sec-param

2015-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in: 
	Introduced the security parameter future (256) and switched ultra to
	192 bits For ultra, this was its documented strength, and now follows RFC3766
	recommendations for sizes.

2015-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c: certtool: be more specific on the help
	message for --sec-param when --bits are given

2015-10-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-10-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/record-timeouts.c: tests: added test case
	for record timeout values

2015-10-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/buffers.c, lib/dtls.c, lib/handshake.c,
	lib/includes/gnutls/gnutls.h.in, lib/record.c, lib/system.c,
	lib/system_override.c: Introduced GNUTLS_INDEFINITE_TIMEOUT This allows to specify an indefinite timeout to
	gnutls_record_set_timeout().  In addition this flag is accepted by
	gnutls_handshake_set_timeout() and cancels out a previously set
	timeout.  Resolves #41

2015-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11.softhsm: tests: better detection of softhsm
	library

2015-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: added text on _gnutls_dh_compute_key

2015-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/record.c: gnutls_record_recv: simplified text on
	GNUTLS_E_REHANDSHAKE

2015-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: print 16-bytes of hex values per
	line Also avoid a colon on the end of the line.

2015-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/fips.c: fips140: set the key via a configure
	argument

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/cipher-test.c, tests/slow/mac-override.c: tests:
	disable cipher-test on windows platform; they don't seem to work

2015-09-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README.md: added build instructions for Fedora/RHEL

2015-09-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/priority.c: priorities: sort algorithms by security strength
	unless performance is requested That is prioritize 256-bit ciphers over 128-bit ciphers. This would
	protect secrecy of current data even after a PQ future.

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: reduce the number of CPUs used in
	slow on make check

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: use time_t for internal type to avoid warnings
	on signed/unsigned comparison

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/int/dsa-keygen-fips186.c: DSA FIPS186-4 key generation:
	print the required seed length on mismatch

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: added more friendly error on seed_size
	mismatch That prints more useful information when generating provable private
	keys.

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/provable-privkey: tests: use the corrected seed
	for default provable private key

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c: certtool: switched the default level to
	HIGH for key generation That requires 3072 bits for RSA and DSA keys.

2015-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
	src/socket.c: tools: added xmpp into the starttls-proto options

2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
	src/socket.c: tools: added ldap into the starttls-proto options

2015-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c: system.c: simplify gnutls_system_recv_timeout

2015-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c: gnutls-cli-debug: use RFC7627 instead of
	draft-ietf-tls-session-hash

2015-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auto-verify.c, lib/includes/gnutls/gnutls.h.in: updated
	documentation on gnutls_vdata_types_t based on DKG's suggestions

2015-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-09-16  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* lib/cert.c: improve docs for gnutls_certificate_verify_peers*() The gnutls_certificate_verify_peers{,2,3}() functions all return
	GNUTLS_E_SUCCESS (0) even in situations when the peer's certificate
	was not verified.  This is explained in the first paragraphs ("i.e.
	failure to trust a certificate does not imply a negative return
	value"), but the Returns: line isn't comparably clear.

2015-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: increased seed size to allow for DSA
	seeds

2015-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/str.c: _gnutls_hex2bin: avoid overrun in the provided buffer

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: don't output PKCS #8 on key-info option

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: better error checking in seed decoding

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: gnutls_x509_privkey_verify_seed: fail on keys
	without seed information

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: on provable keys always print the legacy
	format

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.asn, lib/gnutls_asn1_tab.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/privkey.c, lib/x509/key_encode.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h,
	tests/cert-tests/provable-dsa2048.pem,
	tests/cert-tests/provable2048.pem,
	tests/cert-tests/provable3072.pem: Use separate PEM headers for
	provable private keys Also introduce GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT to allow exporting
	provable private keys in the old compatibility format.

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-common.h, src/certtool.c,
	tests/cert-tests/Makefile.am,
	tests/cert-tests/provable-dsa2048.pem,
	tests/cert-tests/provable-privkey: certtool: provable key generation
	was moved to a separate flag that can be combined with
	--generate-privkey Also enhanced the test suite with DSA provable key
	generation/verification.

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.asn, lib/gnutls_asn1_tab.c, lib/nettle/Makefile.am,
	lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/pk.c, lib/x509/key_encode.c, lib/x509/privkey.c: Allow
	verifying and generating provable DSA keys

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/provable-privkey,
	tests/cert-tests/provable2048.pem,
	tests/cert-tests/provable3072.pem: tests: added checks for provable
	key generation and verification

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: added provable
	key verification

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
	lib/nettle/pk.c, lib/privkey.c, lib/x509/privkey.c: Made the new key
	generation API flexible to allow extensions in the future

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/errors.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/privkey.c, lib/x509/privkey.c: Added API to
	verify private keys generated with seed

2015-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_asn1_tab.c: gnutls_asn1_tab: updated auto-generated
	file

2015-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: allow the
	generation of "provable" private keys Relates to #34

2015-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.h, lib/gnutls.asn, lib/gnutls_int.h,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/nettle/Makefile.am,
	lib/nettle/int/dsa-fips.h, lib/nettle/int/rsa-fips.h,
	lib/nettle/int/rsa-keygen-fips186.c, lib/nettle/pk.c, lib/pk.c,
	lib/privkey.c, lib/x509/key_encode.c, lib/x509/privkey.c: Added API
	to generate private keys from a given seed Currently it is restricted to RSA and FIPS 186-4 key generation with
	SHA384.  Relates to #34

2015-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_asn1_tab.c: properly generate
	asn1_tab.c

2015-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Don't use formatted output for fixed strings Resolves #35

2015-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: updated information

2015-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/examples/ex-client-x509.c, lib/auto-verify.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/auto-verify.c: renamed the auto-verification functions The names are more consistent with the rest of the library.

2015-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: when storing public keys, make sure
	they are marked as not private

2015-08-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: README.md: mention the testsuite

2015-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: print build status

2015-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README.md: refer to files using markdown

2015-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE: Updated coding style

2015-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: corrected typo in inappropriate
	fallback check

2015-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: use the same number of CPUs in all
	the checks

2015-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
	check for inappropriate fallback support

2015-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/alert.c, lib/auto-verify.c, lib/errors.c,
	lib/includes/gnutls/gnutls.h.in, tests/auto-verify.c: Introduced
	GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR to be returned by the
	auto-verification functions

2015-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-selftests.c, lib/nettle/mac.c: nettle: simplified SHA3
	checks for nettle nettle 3.1 doesn't have the functions nettle for runtime version
	checking.

2015-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: export _gnutls_digest_exists for self tests

2015-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: tolerate missing subject or issuer fields

2015-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: added support for sha3

2015-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/mac.c: gnutls_oid_to_digest(): don't return
	supported but disabled algorithms

2015-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/mac.c, lib/crypto-selftests.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/mac.c,
	lib/x509/x509_int.h: Added support for the SHA3 digest algorithm

2015-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-serv-anon.c: corrected typo in ex-server-anon

2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auto-verify.c: Define more precisely the auto verification
	function semantics.

2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auto-verify.c, lib/cert.c, lib/gnutls_int.h, lib/priority.c,
	lib/x509.c: Allow overriding the verification flags from the
	auto-verification functions

2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi, lib/auto-verify.c: 
	Document the new verification functions

2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-client-x509.c: examples: simplify the X.509 client
	example by using the new verification API

2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/auto-verify.c: tests: check the
	auto-verification functionality

2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/auto-verify.c, lib/gnutls_int.h,
	lib/handshake.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: 
	Added simpler verification functions for clients The major use-case for the TLS protocol is verification of PKIX
	certificates. However, certificate verification support while is
	similar for almost all projects it requires around 100 lines of code
	(a callback) to be duplicated to all applications. That patch set
	gets rid of the callback and simplifies certificate verification
	support, by introducing a very simple API; one that would accept the
	session and the hostname only.  Resolves #27

2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/eagain-common.h,
	tests/mini-session-verify-function.c: tests: added test for
	gnutls_session_set_verify_function

2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/handshake.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/state.c: 
	Added gnutls_session_set_verify_function That allows to set a verification callback per session rather than
	only globally on the credentials structure.

2015-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/getfuncs.pl: getfuncs.pl: ignore defines in headers

2015-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/latex/Makefile.am, extra/gnutls_openssl.c,
	lib/Makefile.am, lib/openpgp/Makefile.am, po/POTFILES.in: Makefiles:
	updated for new filenames

2015-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pk.c, lib/pk.h, lib/tls-sig.c, lib/tls-sig.h: Moved pk_*
	functions to pk.c

2015-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/accelerated/cryptodev-gcm.c,
	lib/accelerated/cryptodev.c,
	lib/accelerated/x86/aes-cbc-x86-aesni.c,
	lib/accelerated/x86/aes-cbc-x86-ssse3.c,
	lib/accelerated/x86/aes-ccm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.h,
	lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/hmac-x86-ssse3.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-x86-ssse3.c,
	lib/accelerated/x86/x86-common.c, lib/{gnutls_alert.c => alert.c},
	lib/algorithms.h, lib/algorithms/cert_types.c,
	lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/publickey.c,
	lib/algorithms/secparams.c, lib/algorithms/sign.c,
	lib/{gnutls_anon_cred.c => anon_cred.c}, lib/{gnutls_asn1_tab.c =>
	asn1_tab.c}, lib/atfork.c, lib/atfork.h, lib/{gnutls_auth.c =>
	auth.c}, lib/{gnutls_auth.h => auth.h}, lib/auth/Makefile.am,
	lib/auth/anon.c, lib/auth/anon.h, lib/auth/anon_ecdh.c,
	lib/auth/cert.c, lib/auth/cert.h, lib/auth/dh_common.c,
	lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c,
	lib/auth/ecdhe.c, lib/auth/ecdhe.h, lib/auth/psk.c, lib/auth/psk.h,
	lib/auth/psk_passwd.c, lib/auth/rsa.c, lib/auth/rsa_psk.c,
	lib/auth/{srp.c => srp_kx.c}, lib/auth/{srp.h => srp_kx.h},
	lib/auth/srp_passwd.c, lib/auth/srp_rsa.c, lib/auth/srp_sb64.c,
	lib/{gnutls_buffers.c => buffers.c}, lib/{gnutls_buffers.h =>
	buffers.h}, lib/{gnutls_cert.c => cert.c}, lib/{gnutls_cipher.c =>
	cipher.c}, lib/{gnutls_cipher.h => cipher.h},
	lib/{gnutls_cipher_int.c => cipher_int.c}, lib/{gnutls_cipher_int.h
	=> cipher_int.h}, lib/{gnutls_compress.c => compress.c},
	lib/{gnutls_compress.h => compress.h}, lib/{gnutls_constate.c =>
	constate.c}, lib/{gnutls_constate.h => constate.h},
	lib/crypto-api.c, lib/crypto-backend.c, lib/crypto-selftests-pk.c,
	lib/crypto-selftests.c, lib/{gnutls_datum.c => datum.c},
	lib/{gnutls_datum.h => datum.h}, lib/{gnutls_db.c => db.c},
	lib/{gnutls_db.h => db.h}, lib/debug.c, lib/{gnutls_dh.c => dh.c},
	lib/{gnutls_dh.h => dh.h}, lib/{gnutls_dtls.c => dtls.c},
	lib/{gnutls_dtls.h => dtls.h}, lib/{gnutls_ecc.c => ecc.c},
	lib/{gnutls_ecc.h => ecc.h}, lib/{gnutls_errors.c => errors.c},
	lib/{gnutls_errors.h => errors.h}, lib/ext/alpn.c, lib/ext/alpn.h,
	lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/dumbfw.c,
	lib/ext/dumbfw.h, lib/ext/ecc.c, lib/ext/ecc.h, lib/ext/etm.c,
	lib/ext/etm.h, lib/ext/ext_master_secret.c,
	lib/ext/ext_master_secret.h, lib/ext/heartbeat.c,
	lib/ext/heartbeat.h, lib/ext/max_record.c, lib/ext/max_record.h,
	lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
	lib/ext/server_name.c, lib/ext/server_name.h,
	lib/ext/session_ticket.c, lib/ext/session_ticket.h,
	lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
	lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h,
	lib/ext/status_request.c, lib/ext/status_request.h,
	lib/{gnutls_extensions.c => extensions.c}, lib/{gnutls_extensions.h
	=> extensions.h}, lib/extras/randomart.c, lib/fips.c, lib/fips.h,
	lib/{gnutls_global.c => global.c}, lib/{gnutls_global.h =>
	global.h}, lib/gnutls_int.h, lib/{gnutls_handshake.c =>
	handshake.c}, lib/{gnutls_handshake.h => handshake.h},
	lib/{gnutls_hash_int.c => hash_int.c}, lib/{gnutls_hash_int.h =>
	hash_int.h}, lib/{gnutls_helper.c => helper.c},
	lib/{gnutls_helper.h => helper.h}, lib/{gnutls_kx.c => kx.c},
	lib/{gnutls_kx.h => kx.h}, lib/locks.c, lib/locks.h,
	lib/{gnutls_mbuffers.c => mbuffers.c}, lib/{gnutls_mbuffers.h =>
	mbuffers.h}, lib/{gnutls_mem.c => mem.c}, lib/{gnutls_mem.h =>
	mem.h}, lib/{gnutls_mpi.c => mpi.c}, lib/{gnutls_mpi.h => mpi.h},
	lib/nettle/cipher.c, lib/nettle/egd.c, lib/nettle/init.c,
	lib/nettle/int/drbg-aes-self-test.c, lib/nettle/mac.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd-common.c,
	lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c,
	lib/{gnutls_num.c => num.c}, lib/{gnutls_num.h => num.h},
	lib/opencdk/literal.c, lib/opencdk/misc.c, lib/opencdk/opencdk.h,
	lib/opencdk/pubkey.c, lib/opencdk/read-packet.c,
	lib/opencdk/sig-check.c, lib/openpgp/Makefile.am,
	lib/openpgp/compat.c, lib/openpgp/extras.c,
	lib/openpgp/{gnutls_openpgp.c => openpgp.c},
	lib/openpgp/{gnutls_openpgp.h => openpgp.h}, lib/openpgp/output.c,
	lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
	lib/{gnutls_pcert.c => pcert.c}, lib/pin.c, lib/{gnutls_pk.c =>
	pk.c}, lib/{gnutls_pk.h => pk.h}, lib/pkcs11.c, lib/pkcs11_int.c,
	lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
	lib/pkcs11x.c, lib/prf.c, lib/{gnutls_priority.c => priority.c},
	lib/{gnutls_privkey.c => privkey.c}, lib/{gnutls_privkey_raw.c =>
	privkey_raw.c}, lib/{gnutls_psk.c => psk.c}, lib/{gnutls_pubkey.c
	=> pubkey.c}, lib/random.c, lib/{gnutls_range.c => range.c},
	lib/{gnutls_record.c => record.c}, lib/{gnutls_record.h =>
	record.h}, lib/safe-memfuncs.c, lib/{gnutls_session.c =>
	session.c}, lib/{gnutls_session_pack.c => session_pack.c},
	lib/{gnutls_session_pack.h => session_pack.h}, lib/{gnutls_srp.c =>
	srp.c}, lib/{gnutls_srp.h => srp.h}, lib/{gnutls_v2_compat.c =>
	sslv2_compat.c}, lib/{gnutls_v2_compat.h => sslv2_compat.h},
	lib/{gnutls_state.c => state.c}, lib/{gnutls_state.h => state.h},
	lib/{gnutls_str.c => str.c}, lib/{gnutls_str.h => str.h},
	lib/{gnutls_str_array.h => str_array.h}, lib/{gnutls_supplemental.c
	=> supplemental.c}, lib/{gnutls_supplemental.h => supplemental.h},
	lib/system-keys-dummy.c, lib/system-keys-win.c, lib/system.c,
	lib/system.h, lib/system_override.c, lib/{gnutls_sig.c =>
	tls-sig.c}, lib/{gnutls_sig.h => tls-sig.h}, lib/tpm.c,
	lib/{gnutls_ui.c => ui.c}, lib/urls.c, lib/verify-tofu.c,
	lib/{gnutls_x509.c => x509.c}, lib/{gnutls_x509.h => x509.h},
	lib/x509/common.c, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/email-verify.c,
	lib/x509/extensions.c, lib/x509/hostname-verify.c,
	lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c,
	lib/x509/name_constraints.c, lib/x509/ocsp.c,
	lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
	lib/x509/pkcs7-attrs.c, lib/x509/pkcs7-output.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_openssl.c,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify-high.c,
	lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_dn.c, lib/x509/x509_ext.c, lib/x509/x509_write.c,
	lib/x509_b64.c, tests/gc.c, tests/mpi.c, tests/openpgp_test.c: 
	Removed the 'gnutls_' prefix from files to simplify file naming

2015-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_state.c, lib/prf.c: Moved the PRF
	functions to prf.c

2015-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: hex decoding: more reasonable error codes That is, return GNUTLS_E_PARSING_ERROR instead of base64 decoding
	error, and document that fact.

2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/resume-psk.c: tests: Added resumption
	tests for PSK ciphersuites

2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ext_master_secret.c, lib/gnutls_db.c: Set the extended
	master secret status based on resumption data only That is, don't require a new negotiation with extensions.

2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume-dtls.c, tests/resume.c: tests: corrected resumption
	tests to disable tickets when needed That is, perform the tests that require no tickets, with tickets
	disabled.

2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_session_pack.c: session packing: corrected issue in PSK
	session unpack

2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/psk.c: PSK: save the username in client side in the auth
	structure

2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_hash_int.h: _gnutls_hash() returns error code if any.  Ideally we would like to eliminate any return codes from that
	function. However, since that's on exported API we cannot easily do
	without breaking the ABI. Reported by Benedikt Klotz.  Resolves #28

2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c, lib/x509/verify-high2.c: x509: when
	appending CRLs to a trust list ensure that we don't have duplicates That is, overwrite CRLs if they have been obsoleted.

2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: allow exporting very long CRLs

2015-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/key-usage.c: tests: verify that a key
	usage violation is detected That is that the certificate key usage flags are respected by either
	the client side or the server side.

2015-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/rsa.c: Enable key usage checks in the client side of RSA
	ciphersuites

2015-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/priority_options.gperf: priorities: Added internal option to
	allow key usage violations in server side

2015-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: fix typo in comment

2015-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/gnutls_sig.c: Re-enable the certificate key
	usage checks for compliance with ciphersuite There is a new attack on the TLS protocol which relies on using
	certificates for ECDSA as certificates for ECDH ciphersuites. That
	attack while it doesn't affect gnutls, which doesn't support static
	ECDH, assumes that implementations ignore the key usage bits in the
	certificate. We have done it since 3.1.0 for compatibility reasons
	(see http://www.gnutls.org/faq.html#key-usage-violation), but that
	clearly opens the door for real attacks in the future.  For this reason the key usage bits will no longer be ignored.  Resolves #24

2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/crl: tests: verify whether CRL date setting works
	as expected

2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: certtool: Allow specifying CRL dates as fixed dates

2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/crl: tests: verify CRL appending effectiveness

2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl_write.c: gnutls_x509_crl_set_authority_key_id,
	gnutls_x509_crl_set_number allow overwritting That allows them to overwrite values which were previously set
	(e.g., on an imported CRL).

2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: allow appending
	certificates to a CRL

2015-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: removed limit on maximum imported
	certificates in the -i option

2015-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/crl: tests: check
	whether the CRL generation code works as expected

2015-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/certtool.c: certtool: eliminated memory
	leaks due to new cert loading code

2015-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/certtool-common.h: certtool: lifted
	limits on file size to load

2015-08-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: before dist ensure that included libopts matches
	autogen

2015-08-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: use ':' instead of /bin/true for programs
	not found

2015-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: doc update

2015-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am: tests: include all cert-tests into
	dist

2015-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: doc update

2015-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/simple.c: tests: check gnutls_check_version_numeric()

2015-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in: gnutls.h:
	added macro gnutls_check_version_numeric This simplifies version checking, and allows the compiler to
	optimize out. It can only accept numerals.  Patch by David Woodhouse.

2015-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in: use
	pure and const gcc attributes in headers

2015-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: mention version macro

2015-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: test-sign will not fail if a pubkey is not
	found

2015-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: key decoding: set key to null for consistency

2015-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: key decoding: simplify decoding logic by
	removing the fallback

2015-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: key decoding: corrected regression with PKCS
	#8 key decoding Reported by Daniel Berrange.

2015-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs8-key-decode.c: tests: added check
	for decoding of a PKCS #8 key as fallback

2015-08-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: set
	the CKA_TOKEN attribute on generated public keys That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY
	flag, to simulate the previous behavior.

2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/fallback-scsv.c: tests: added check for
	the fallback SCSV

2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: handshake: check inappropriate fallback
	against the configured max version That allows to operate on a server which is explicitly configured to
	utilize earlier than TLS 1.2 versions.

2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: corrected
	GNUTLS_E_INAPPROPRIATE_FALLBACK error code

2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: DCO: added Alessandro Ghedini

2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: copy_ciphersuites: use definition for
	reserved ciphersuites

2015-08-01  Alessandro Ghedini <alessandro@ghedini.me>

	* doc/cha-gtls-app.texi, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/priority_options.gperf: handshake: add
	FALLBACK_SCSV priority option This allows clients to enable the TLS_FALLBACK_SCSV mechanism during
	the handshake, as defined in RFC7507.

2015-08-01  Alessandro Ghedini <alessandro@ghedini.me>

	* lib/algorithms.h, lib/gnutls_alert.c, lib/gnutls_errors.c,
	lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: handshake:
	check for TLS_FALLBACK_SCSV If TLS_FALLBACK_SCSV was sent by the client during the handshake,
	and the advertised protocol version is lower than
	GNUTLS_TLS_VERSION_MAX, send the "Inappropriate fallback" fatal
	alert and abort the handshake.  This mechanism was defined in RFC7507.

2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: cfg.mk: fix order of arguments in gnulib-tool

2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/codeset.m4, gl/m4/gettext.m4,
	gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
	gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
	gl/m4/lcmessage.m4, gl/m4/lock.m4, gl/m4/nls.m4, gl/m4/po.m4,
	gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/sys_time_h.m4,
	gl/m4/threadlib.m4, gl/m4/time_h.m4, gl/m4/uintmax_t.m4,
	gl/m4/visibility.m4, gl/time.in.h, src/gl/Makefile.am,
	src/gl/error.c, src/gl/error.h, src/gl/fseeko.c,
	src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/stdio_h.m4,
	src/gl/m4/sys_time_h.m4, src/gl/m4/time_h.m4, src/gl/stddef.in.h,
	src/gl/stdio.in.h, src/gl/string.in.h, src/gl/time.in.h,
	src/gl/wchar.in.h, src/gl/xalloc.h: use gettext-h gnulib module

2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/certtool-long-cn: tests: added missing
	certtool-long-cn

2015-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/safe_renegotiation.c: safe renegotiation: simulate
	receiving the extension on receival of SCSV

2015-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: made data2hex() safer, and eliminated mem leak

2015-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/very-long-dn.pem: 
	tests: added check for proper handling of very long CNs

2015-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated the required gettext version to match the
	macros from gnulib

2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/safe_renegotiation.c: safe renegotiation: handle case
	where client didn't send any extension That was affected by the "don't try to send extensions we didn't
	receive".

2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/tpm.c: tpm: avoid warning

2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h: 
	As server don't try to send extensions we didn't receive.

2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/status-request-ok.c,
	tests/status-request.c: tests: added check for server sending (or
	not) status request messages

2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: fips140: corrected hex decoding

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: verify-tofu: use nettle's base64 functions

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/gendocs.sh, gl/Makefile.am, gl/base64.c, gl/base64.h,
	gl/m4/base64.m4, gl/m4/codeset.m4, gl/m4/extern-inline.m4,
	gl/m4/gettext.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/intl.m4,
	gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4,
	gl/m4/manywarnings.m4, gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4,
	gl/m4/valgrind-tests.m4, gl/stddef.in.h, gl/stdio.in.h,
	gl/string.in.h, gl/tests/Makefile.am, gl/tests/init.sh,
	gl/tests/inttypes.in.h, gl/tests/test-base64.c,
	gl/tests/test-read-file.c, gl/tests/test-stddef.c, gl/wchar.in.h: 
	gnulib: removed base64 implementation

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: openpgp: use nettle's base64 functions

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: x509_b64: switch to nettle's base64 functions

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/psk-file.c, tests/psk.passwd: tests:
	added check for PSK file parsing

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c: fips: use gnutls_hex_decode for MAC decoding

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/tpm.c: tpm: use gnutls_hex_decode for uuid decoding

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk_passwd.c: psk: use gnutls_hex_decode2 for key
	decoding

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system-keys-win.c: system-keys-win: use gnutls_hex_decode for
	ID decoding

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/gnutls_openpgp.c: openpgp: use gnutls_hex_decode for
	keyid decoding

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: DN decoding: use gnutls_hex_encode

2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/Makefile.am, lib/extras/hex.c, lib/extras/hex.h,
	lib/extras/licenses/CC0, lib/gnutls_str.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Introduced
	gnutls_hex_encode2() and gnutls_hex_decode2() These also use safer hex decoding functions which don't skip invalid
	input.

2015-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: x509: simplified data to hex conversion in
	unknown DN names

2015-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c, tests/prf.c: gnutls_prf_rfc5705: Allow for
	non-null context and zero context length

2015-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/prf.c: tests: added cross-check between gnutls_prf_rfc5705()
	and gnutls_prf()

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/safe-renegotiation/Makefile.am,
	tests/suite/Makefile.am: removed legacy libgcrypt flags

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, tests/prf.c: gnutls_prf_rfc5705: optimize in
	the common use case, by avoiding malloc Also don't handle specially the case of non-NULL context and
	context_size of zero.

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: ignore more files

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: fix documentation for
	--generate-ecc and generate-dsa

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: gnutls_prf_rfc5705: mention the version it was
	introduced at

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/prf.c: tests: added check for
	gnutls_prf() and gnutls_prf_rfc5705

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: gnutls_prf_rfc5705: added That includes support for RFC5705 when the context field is used.
	Initial patch by Rick van Rein.

2015-07-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: doc update: explain more about PKCS #11 and
	fork

2015-07-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: print the trousers lib only when set

2015-07-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tpmtool-args.def, src/tpmtool.c: tpmtool: Added --test-sign
	parameter

2015-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/tpm.c: Deinitialize the TPM subsystem
	only when trousers support is enabled

2015-07-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/gnutls_errors.c,
	lib/gnutls_global.c, lib/gnutls_global.h,
	lib/includes/gnutls/gnutls.h.in, lib/tpm.c: TPM: don't link to
	trousers, use dlopen() That introduces --with-trousers-lib which can be used to specify the
	library to dlopen().  Resolves #18

2015-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2015-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2015-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h: pkcs11: mention the version
	GNUTLS_PKCS11_TOKEN_MODNAME is available from

2015-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dhe_psk.c: PSK: set the hint in DHE-PSK and ECDHE-PSK
	ciphersuites

2015-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pskself.c: tests: updated pskself to check the hint in all
	PSK ciphersuites

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: be more compact in token URL printing

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: group the provided options for
	readability

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c: p11tool: keep backwards
	compatibility by introducing --list-token-urls That is, the output of --list-tokens remains the same.

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: print the module name of a token in verbose
	mode

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_write.c, lib/pkcs11x.c: Added GNUTLS_PKCS11_TOKEN_MODNAME
	for gnutls_pkcs11_token_get_info That allows to obtain the shared module name of a token URL.

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h: pkcs11.h: doc  update

2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c: p11tool: less verbose output
	in --list-tokens unless --verbose is specified

2015-07-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suppressions.valgrind: tests: added suppression for bash mem
	leak

2015-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/cert-tests/Makefile.am: 
	tests: don't run certtool-utf8 when libidn is 1.30 or less This avoids test suite failures due to libidn.

2015-07-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: gnutls-cli: doc update

2015-07-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/dumbfw.c: dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert.

2015-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/valgrind-tests.m4: gl: use /bin/true to run valgrind during
	configure Bash has memory leaks, which prevents the valgrind check to operate
	using the SHELL variable.

2015-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/certtool-utf8: 
	tests: added check for invalid UTF8 encoded string

2015-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: Revert "libidn support is disabled by default" This reverts commit 5fdffb2c177cb990480fb8b93c9257ccc5dfcaad.

2015-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit d63c088edd15f20318b396f2298744cbf9e1a392 Author: Daniel
	Kahn Gillmor <dkg@fifthhorseman.net> Date:   Thu Jul 2 14:28:32 2015
	-0400

2015-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: DSA: the numeric number of bits returned from
	public key should depend on P not Y That allows to do the proper evaluation to check certificate
	strength.  Reported by Hubert Kario.

2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dsa/Makefile.am, tests/dsa/dsa-pubkey-1018.pem,
	tests/dsa/testdsa: tests: check whether we print the prime size in
	DSA keys

2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: simplified
	gnutls_x509_name_constraints_check_crt()

2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/name-constraints,
	tests/cert-tests/name-constraints-ip.pem: tests: verify that
	unsupported name constraints are properly handled

2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: don't reject
	certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS
	constraints, and the end certificate doesn't have an IPaddress name
	or a URI set.

2015-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/ms.po.in: Sync with TP.

2015-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: libidn support is disabled by default That is until the issues with libidn get resolves.  Relates #10

2015-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/atfork.c: tests: added a test for the
	fork detection interface

2015-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume-dtls.c: tests: resume-dtls: increased timeouts

2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/atfork.c, lib/atfork.h: Don't use
	pthread_atfork(), it is not safe to use with dlopen() http://austingroupbugs.net/view.php?id=851

2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/atfork.c, lib/atfork.h: atfork: added underscore to
	gnutls_forkid

2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/atfork.c, lib/atfork.h, lib/nettle/rnd-fips.c,
	lib/nettle/rnd.c, lib/pkcs11.c: simplified fork detection

2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: enhanced header matching code for private keys
	to skip unrelated data

2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/privkey-import,
	tests/cert-tests/privkey1.pem, tests/cert-tests/privkey2.pem,
	tests/cert-tests/privkey3.pem: tests: added private key import
	checks

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: gnutls_x509_privkey_import: optimized private
	key loading

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: gnutls_x509_privkey_import2: better behavior
	when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to
	trying all encrypted options.

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-openssl.c: tests: added check to verify that
	gnutls_x509_privkey_import2 works for plain keys That is, when a password is provided and the key is non encrypted.

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/key_decode.c, lib/x509/mpi.c: _gnutls_get_asn_mpis() will
	release any data on failure Resolves #15

2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/aki, tests/cert-tests/certtool,
	tests/cert-tests/crq, tests/cert-tests/dane,
	tests/cert-tests/email, tests/cert-tests/invalid-sig,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/cert-tests/pkcs7, tests/cert-tests/template-test,
	tests/dsa/testdsa, tests/dtls/dtls, tests/dtls/dtls-nb,
	tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8,
	tests/nist-pkits/gnutls_test_entry, tests/nist-pkits/pkits_crl,
	tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
	tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test,
	tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs,
	tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
	tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test,
	tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2,
	tests/sha2/sha2-dsa, tests/slow/override-ciphers,
	tests/slow/test-ciphers, tests/suite/certs/create-chain.sh,
	tests/suite/chain, tests/suite/crl-test, tests/suite/eagain,
	tests/suite/invalid-cert, tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl,
	tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl,
	tests/suite/testdane, tests/suite/testpkcs11,
	tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
	tests/suite/testpkcs11.softhsm, tests/suite/testrandom,
	tests/suite/testrng, tests/suite/testsrn, tests/userid/userid: 
	tests: tab indent + minor style changes Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/ciphersuite/scan-gnutls.sh: tests: modified
	test-ciphersuite-names to work with cpp 5.1.1

2015-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/test-ciphersuite-names: tests: test-ciphersuite-names:
	create any needed dirs

2015-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/ciphersuite/scan-gnutls.sh,
	tests/suite/{ciphersuite/test-ciphersuites.sh =>
	test-ciphersuite-names}: tests: moved test-ciphersuites.sh one level
	up That simplifies running the script outside make check.

2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/suite/ciphersuite/scan-gnutls.sh,
	tests/suite/ciphersuite/test-ciphers.js,
	tests/suite/ciphersuite/test-ciphersuites.sh: tests: suite:
	ciphersuite: fixups fix separate builddir issue, without modifying locations, quite
	ugly.  re-indent using tab.  fix shebang.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/pkcs1-padding/pkcs1-pad, tests/suite/testcompat-openssl,
	tests/suite/testcompat-polarssl: tests: enforce UTC timezone in
	datefudge tests Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/aki, tests/cert-tests/certtool,
	tests/cert-tests/crq, tests/cert-tests/dane,
	tests/cert-tests/email, tests/cert-tests/invalid-sig,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/cert-tests/pkcs7, tests/cert-tests/template-test,
	tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8,
	tests/openpgp-certs/testselfsigs: tests: misc: shell cleanup leftovers minor sync.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>

	* configure.ac, tests/suite/certs/create-chain.sh,
	tests/suite/chain, tests/suite/crl-test, tests/suite/eagain,
	tests/suite/invalid-cert, tests/suite/testcompat-common,
	tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl,
	tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl,
	tests/suite/testdane, tests/suite/testpkcs11,
	tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
	tests/suite/testpkcs11.softhsm, tests/suite/testrandom,
	tests/suite/testrng, tests/suite/testsrn: tests: suite: cleanup
	shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup indentation to be consistent with other tests.  Fix separate builddir issues.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
	tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test,
	tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2,
	tests/sha2/sha2-dsa, tests/slow/override-ciphers,
	tests/slow/test-ciphers, tests/userid/userid: tests: misc: cleanup
	shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup indentation to be consistent with other tests.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: fixed includes

2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
	lib/gnutls_global.c, lib/gnutls_str.h, lib/x509/ocsp_output.c: move
	all gettext definitions in gnutls_str.h

2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: updated for 3.4.2

2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.h: gnutls_str: include gettext.h when dgettext is
	available

2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-dtls-fork.c, tests/mini-dtls-mtu.c,
	tests/mini-dtls-pthread.c, tests/mini-dtls-record-asym.c,
	tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/pkcs12_simple.c,
	tests/rsa-encrypt-decrypt.c, tests/utils.c, tests/utils.h,
	tests/x509sign-verify.c, tests/x509sign-verify2.c: tests: don't
	depend on gnulib That dependency unfortunately causes many portability problems on
	platforms where it should have worked out of the box.

2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/perlasm/cpuid-x86.pl, doc/scripts/cleanup-autogen.pl,
	doc/scripts/gdoc, doc/scripts/getfuncs-map.pl,
	doc/scripts/getfuncs.pl, doc/scripts/sort1.pl,
	doc/scripts/sort2.pl, doc/scripts/split-texi.pl,
	doc/scripts/split.pl, tests/nist-pkits/build-chain: use the same
	shebang for perl

2015-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/certtool: tests: added a verify-chain test case

2015-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/scripts/common.sh: tests: don't quote provider in common.sh That caused testpkcs11 to fail.

2015-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-alignment.c: tests: don't enforce alignment rules for
	caller buffers

2015-06-17  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/aki, tests/cert-tests/certtool,
	tests/cert-tests/crq, tests/cert-tests/dane,
	tests/cert-tests/email, tests/cert-tests/invalid-sig,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/cert-tests/pkcs7, tests/cert-tests/template-test: tests:
	cert-tests: cleanup shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup trailing spaces.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: Added gitlab-ci.yml

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: reduced the exported functions to the minimum
	needed

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_extensions.c: _gnutls_ext_register was made static

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: libgnutls.map: use a 3.4 related name for
	private functions This eliminates any collisions with functions from 3.3.x

2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/nist-pkits/build-chain, tests/nist-pkits/gnutls_test_entry,
	tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
	tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
	tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test: tests:
	nist-pkits: cleanup shell/perl usage Add quotes for most usages of variables.  Added ${} for variables.  Consistent indent.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: tests: force link with nettle of mini-alignment

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/oids.c: tests: Check the OID functions

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/ecc.c, lib/algorithms/mac.c,
	lib/algorithms/publickey.c, lib/algorithms/sign.c, lib/gnutls_pk.c,
	lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/x509/common.c, lib/x509/crl.c,
	lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c,
	lib/x509/ocsp.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c: Exported functions to convert from and to
	OIDs

2015-06-18  Saurav Babu <saurav.babu@samsung.com>

	* src/cli.c: gnutls-cli: Fixed Possible Memory Leak This patch fixes possible memory leak in psk_callback() function,
	rawkey is allocated memory by gnutls_malloc() and is not freed when
	gnutls_hex_decode() returns with error Signed-off-by: Saurav Babu <saurav.babu@samsung.com>

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: corrected write_signer_id() when
	GNUTLS_PKCS7_WRITE_SPKI was used

2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs: 
	tests: openpgp-certs: cleanup shell usage Add quotes for most usages of variables.  Added ${} for variables.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/key-tests/key-id, tests/key-tests/pkcs8: tests: key-tests:
	cleanup shell usage Add quotes for most usages of variables.  Added ${} for variables.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/ecdsa/ecdsa: tests: ecdsa: cleanup shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup trailing spaces.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/dsa/testdsa, tests/scripts/common.sh: tests: dsa: cleanup
	shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup trailing spaces.  Removal of unneeded ';'.  Minor fix in tests/scripts/common.sh at trap to pass message and
	avoid killing.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_mbuffers.c: indentation fix

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: Always align in 16-byte boundary our input to
	crypto That allows faster operations in almost all instruction sets.

2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-alignment.c: tests: added check for
	memory alignment

2015-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: tests: only run test with long
	dates in 64-bit systems

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-date.pem,
	tests/cert-tests/template-dn.pem,
	tests/cert-tests/template-generalized.pem,
	tests/cert-tests/template-nc.pem,
	tests/cert-tests/template-overflow.pem,
	tests/cert-tests/template-overflow2.pem,
	tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
	tests/cert-tests/template-utf8.pem: tests: regenerate the results in
	template-test using UTC times

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: ensure that gnutls_pubkey_verify_data2
	returns 0 on success

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: 
	Added gnutls_pkcs7_get_signature_count

2015-06-17  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/suite/Makefile.am: tests: suite: run testpkcs11 if PKCS#11
	is enabled Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-17  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/nist-pkits/gnutls_test_entry,
	tests/suite/certs/create-chain.sh: tests: remove bash usage Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
	tests/cert-tests/template-dn.pem,
	tests/cert-tests/template-generalized.pem,
	tests/cert-tests/template-generalized.tmpl,
	tests/cert-tests/template-nc.pem,
	tests/cert-tests/template-overflow.pem,
	tests/cert-tests/template-overflow2.pem,
	tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
	tests/cert-tests/template-utf8.pem: tests: verify that we generate
	dates with UTCTime prior to 2050 Also that we generate dates with GeneralizedTime format after 2050.

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/common.h: When writing the Time ASN.1
	structure follow the RFC5280 recommendations

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: Set time in PKCS #7 structures properly (in
	UTCTime format).

2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-16  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/cert-tests/pkcs7: tests: cert-tests: pkcs7: support separate
	builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* symbols.last: account new symbols

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: updated
	makefiles for the new functions

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c, lib/x509/x509_ext.c: doc update

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/Makefile.am, lib/x509/{pkcs7_output.c => pkcs7-output.c}: 
	use common base for pkcs7 files

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/libgnutls.map: added missing symbol

2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.4.2

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c, tests/cert-tests/pkcs7: 
	certtool: made explicit the inclusion of time in PKCS #7 signatures

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs7.c: pkcs7:
	write the DER encoded time

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: include the signature time in PKCS #7
	signatures

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: corrected usage of
	GNUTLS_PKCS7_INCLUDE_TIME flag

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out: 
	tests: minor updates in pkcs7 output checks to match new certtool

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: rely on gnutls_pkcs7_print() even more

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7_output.c: pkcs7: print certificates and CRLs in
	FULL mode

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: use gnutls_pkcs7_print() - partially

2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
	lib/x509/Makefile.am, lib/x509/pkcs7.c, lib/x509/pkcs7_output.c: 
	Added gnutls_pkcs7_print()

2015-06-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, m4/hooks.m4: bumped version

2015-06-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/x509sign-verify2.c: tests: added
	signature/verification stress test

2015-06-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: check also individual
	ciphers for interoperability

2015-06-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: fips140: better debug messages when verifying MAC

2015-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tpmtool.c: tpmtool: added newline in error messages

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c: fips140: added check for
	reseed detection

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rng-fork.c: tests: check random generator for long outputs
	as well

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is
	setup do not perform integrity tests

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only
	on reseed

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: fips140: when reseeding only reseed the
	required context not all

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on
	the reseed and generate function

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140:
	enforce the max_number_of_bits_per_request

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/full.p7b.out, tests/cert-tests/pkcs7,
	tests/cert-tests/single-ca.p7b.out: tests: do not include times in
	the PKCS #7 checks as they depend on local timezone

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: addressed memory leaks

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7-attrs.c: doc update

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pkcs7-gen.c: tests: Added PKCS #7
	attribute generation check

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out: 
	tests: updated for new certtool output

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: print signed and unsigned PKCS #7
	attributes

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/pkcs7-attrs.c,
	lib/x509/pkcs7.c, lib/x509/x509_int.h: Added code to parse and set
	PKCS #7 attributes

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pkcs7: tests: added PKCS #7 verification check
	with MD5

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, lib/x509/pkcs7.c, lib/x509/x509.c: use
	the same flags in all verification functions

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c: _decode_pkcs7_signed_data: fixed mem leaks

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.h, lib/x509/x509.c, lib/x509/x509_int.h: 
	Initialization of gnutls_x509_dn_t was modified to allow
	deinitialization after failure Part2: made gnutls_x509_crt_get_subject() and
	gnutls_x509_crt_get_issuer() return a constant value and avoid
	leaks.

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: doc:
	Separated the PKCS #7 in manual

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pkcs7: tests: check PKCS #7 structure signature
	generation

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/p7-combined.out,
	tests/cert-tests/pkcs7: tests: check PKCS #7 bundle generation

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c: certtool: added
	--p7-generate, --p7-sign and --p7-detached-sign

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
	lib/x509/common.c, lib/x509/pkcs7.c: Added gnutls_pkcs7_sign()

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: 
	Added gnutls_pkcs7_get_crl_raw2

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: print the signing time when available

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs7.h, lib/x509/common.c, lib/x509/pkcs7.c: 
	pkcs7 verification: parse the signing time

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c: on PKCS #7 verification check the the content
	type matches the signed data

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: print more info about the PKCS #7 struct

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-common.c, src/certtool.c: 
	certtool: allow verification against a direct PKCS #7 signer

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
	tests/cert-tests/pkcs7-detached.txt: tests: added checks with PKCS
	#7 detached data

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c: pkcs7 verification: return
	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when no encapsulated data
	exist

2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-common.h, src/certtool.c: 
	certtool: allow verifying PKCS #7 with detached data

2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: improved PKCS #7
	verification output

2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pkcs7: tests: check the key purpose in PKCS #7
	verification

2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/full.p7b.out,
	tests/cert-tests/pkcs7: tests: added PKCS #7 test with more than 1
	certs

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.h, src/certtool.c: 
	certtool: allow verification of PKCS #7 structures

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/common.h, lib/x509/dn.c,
	lib/x509/x509.c: Initialization of gnutls_x509_dn_t was modified to
	allow deinitialization after failure

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/Makefile.am, lib/includes/gnutls/pkcs7.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/dn.c, lib/x509/pkcs7.c: Added PKCS #7
	signature(s) verification

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/x509/verify-high.c: Added
	gnutls_pkcs11_get_raw_issuer_by_subject_key_id and
	gnutls_x509_trust_list_get_issuer_by_subject_key_id

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dn.c: tests: added check for gnutls_x509_dn_get_str

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/x509/x509.c: added gnutls_x509_dn_get_str

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: doc update

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
	lib/x509/privkey.c, lib/x509/x509.c: Added
	gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data()

2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs7.c: verify PKCS
	#7 signed data

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c, lib/x509/x509_int.h: updated PKCS #7 code to
	cache signed_data

2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: When manual PKCS #11 configuration is requested
	don't initialize other providers

2015-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: deinitialize PKCS #7 resources

2015-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
	tests/cert-tests/single-ca.p7b.out: tests: Added tests for PKCS7
	cert extraction

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
	gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
	gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
	gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
	gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
	gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
	src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
	src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: Revert
	"updated gnulib" This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c.

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: silence format-signness warnings in gcc5

2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
	gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
	gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
	gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
	gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
	gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
	src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
	src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: updated
	gnulib

2015-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp_output.c: Check the OID size for match when
	comparing for the OCSP nonce extension Reported by Hanno Böck.

2015-05-23  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not
	used Before, the number of bits of a zero-length number was attempted to
	be extracted, resulting in an error. The changed behaviour is
	consistent with the documentation which explicitly states that 0
	should be returned if no DH key exchange was performed.

2015-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may
	include a leading zero

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding
	the DH max prime size with 1007 bits or less

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/verify-tofu.c: cleanup unused variable

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/verify-tofu.c: corrected allocation check

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: removed useless check

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: document intentional fallthrough in switch

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ecc.c: ecc ext: check return code of
	_gnutls_buffer_append_data

2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/no-signal.c: tests: enhance the no-signal check to include
	proper data sending

2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/no-signal.c: tests: check the operation
	of GNUTLS_NO_SIGNAL

2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/system.c, lib/system.h: Allow the usage of MSG_NOSIGNAL in send
	functions That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(), which
	is available in systems that support the MSG_NOSIGNAL flag to
	send(). That eases the usage of the library within other libraries.
	Resolves #11

2015-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/hmac-padlock.c: include nettle/memxor when
	needed

2015-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: gnutls-serv: send alert when wrong data have been
	received from client

2015-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: camellia256-gcm: corrected regression Reported by Manuel Pegourie-Gonnard.

2015-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: doc update

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-bib.texi, doc/cha-cert-auth.texi, doc/latex/gnutls.bib: 
	doc: added section about subject alternative names

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h: handshake_start_time was moved out of the
	DTLS-specific variables

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: apply default timeout for DTLS in
	gnutls_handshake_set_timeout

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/hostname-check.c: tests: do not perform internationalized
	name checks without libidn

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false
	failures

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: eliminate mem leaks in
	mini-loss-time

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testdane: tests: testdane: remove dane.nox.su from the
	list of known to be good hosts

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: mini-loss-time enhanced to check
	proper timeouts in both client and server

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h,
	lib/gnutls_state.c: dtls: combined the total timeouts of DTLS and
	TLS handshake That also makes the waits for packets more robust against blocking.

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/compat.h: define
	GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA

2015-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc: updated text to account for pkcs11-url
	standardization

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-mtu.c: tests: mini-dtls-mtu: compile in windows

2015-05-04  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* doc/cha-intro-tls.texi: doc: Fixed typo in heartbeat
	documentation.

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: updated for 3.4.1

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/abi3.4.xml: updated abi base for 3.4

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: updated

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: released 3.4.1

2015-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-client-dtls.c: doc: fixed example with DTLS
	timeouts

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: use
	macro for DTLS default timeout

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly
	work with DTLS

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_record.c: document the need for
	gnutls_transport_set_pull_timeout_function

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: updated async operation text

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_state.c: disable default
	handshake timeout It caused issues with non-blocking TLS clients and servers which may
	not want to block while the pull timeout function waits.

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-tls-nonblock.c: tests: added check
	to verify that pull timeout is not called on non-blocking sessions

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/system_override.c: 
	GNUTLS_NONBLOCK can be used for non-DTLS sessions as well

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system_override.c: doc update

2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: doc update

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/{slow => }/keygen.c,
	tests/slow/Makefile.am: tests: key generation test was moved to main
	checks This will allow to catch memory leaks with valgrind.

2015-04-28  Jan Vcelak <jan.vcelak@nic.cz>

	* lib/nettle/pk.c: fix memory leak in ECDSA key parameters
	verification Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
	minitasn1

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c, tests/name-constraints.c: Handle DNS
	name constraints with leading dot Patch by Fotis Loukos.  Resolves 3 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: doc update

2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: updated text for gnutls_pkcs11_init

2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: updated pkcs11 loading documentation

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-etm.c: tests: mini-etm: use TLS as the transport layer

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/sign-md5-rep.c: tests: added comment for sign-md5-rep

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/fr.po.in: Sync with TP.

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer
	for the MD5 acceptance issue Reported by Karthikeyan Bhargavan.

	http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c: before falling back to SHA1 as signature
	algorithm in TLS 1.2 check if it is enabled

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not
	consider any values from the extension data to decide acceptable
	algorithms

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-x509-cert-callback.c: tests: added unit tests for
	gnutls_certificate_client_get_request_status

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: set the value used by
	gnutls_certificate_client_get_request_status prior to selecting
	certificate That allows gnutls_certificate_client_get_request_status() to be
	properly operating from the callback. Reported by Anton Lavrentiev.

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: updated doc for retrieve function

2015-04-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-bib.texi, doc/latex/gnutls.bib: updated PKCS #11 URL
	references to rfc7512

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: doc update

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509self.c: tests: added check for gnutls_credentials_get

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_auth.c, lib/gnutls_cert.c: doc update

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: doc: corrected typo

2015-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume-dtls.c: tests: resume-dtls: remove global variables

2015-04-21  Andreas Metzler <ametzler@bebt.de>

	* doc/cha-gtls-app.texi: List all certificate type priority strings.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/rsa.c: tls-rsa: keep a common code path when doing RSA
	decryption Suggested by Nimrod Aviram.

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-rehandshake.c, tests/mini-handshake-timeout.c,
	tests/mini-key-material.c, tests/mini-loss-time.c,
	tests/mini-record-retvals.c, tests/mini-rehandshake-2.c: tests:
	initialize status where needed

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/openpgp-auth2.c: tests: cleanup openpgp-auth2

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-rehandshake.c: tests: cleanup
	mini-dtls-rehandshake

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume-dtls.c, tests/resume.c: tests: resume: check for
	signals

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/certificate_set_x509_crl.c, tests/mini-record-range.c,
	tests/mini-x509-callbacks.c, tests/openpgp-auth2.c,
	tests/record-sizes-range.c, tests/resume.c: tests: reduced compiler
	warnings

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509.c: tests: verify the return value of
	gnutls_certificate_get_ours when no cert is sent

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume-dtls.c, tests/resume.c: tests: close unused file
	descriptors in resume checks

2015-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am: libopts: fixed the reading of the
	--enable-local-libopts flag

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/common.c, src/common.h: gnutls-cli: when no
	certificate is sent, notify the user

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-x509-cert-callback.c: tests: added
	check with X.509 certificates and callbacks That corresponds to functionality checked in openpgp-callback.c

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/openpgp-callback.c: tests: added check for
	gnutls_certificate_get_ours() when used in combination with
	callbacks

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509dn.c: tests: improved x509dn check

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the
	certificate even if a callback was used This corrects a bug where this function would not work, when
	gnutls_certificate_set_retrieve_function2() was used.

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: gnutls-cli: when a certificate is specified
	require the corresponding private key

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: ensure that the X.509 version number is one byte
	only

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: Check for invalid length in the X.509 version
	field If such an invalid length is detected, reject the certificate.
	Reported by Hanno Böck.

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: ocsp: initialize certs to NULL

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: gnutls-serv: print when the peer's certificate is not
	verified

2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/fr.po.in: Sync with TP.

2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/system-keys-win.c: ncrypt.h lacks some defines with some
	versions of MinGW.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/system-keys-win.c: Fix a preprocessor warning about mismatched
	quotes.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/system-keys-win.c: Set _WIN32_WINNT to 0x600, at least with
	some MinGW versions ncrypt.h checks this define to be at least
	0x600.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/gnutls_supplemental.c: Fix include order, include gnutls_int.h
	before gnutls.h, otherwise undefined external references to
	gnutls_free and gnutls_strdup are the result when statically linking
	against GnuTLS built by MinGW.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c: gnutls-cli: removed CCM from the ciphers
	tested with the old API That prevents a crash of the benchmark. Reported by James Cloos.

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.c: refuse to use the old cipher API with
	AEAD-only ciphers

2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-termination.c, tests/resume-dtls.c, tests/resume.c: 
	tests: ignore sigpipe in resume and termination tests

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: doc: added error check in example

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: doc update

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: doc: removed stray @end

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: doc update

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/x509.c: doc update

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: x509: when printing the keyid of a certificate
	use the curve name for randomart

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: gnutls_x509_crt_get_pk_* are based on
	gnutls_pubkey_export_*

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: gnutls_pubkey_export_* are tolerable in null
	input

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/x509.c: Added
	gnutls_x509_crt_get_pk_ecc_raw()

2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/randomart.c: randomart: corrected usage of snprintf

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: when generating an ECDSA key use the
	curve name in random art

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/randomart.c: randomart: only print key size if it is
	non-zero

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: updated for 3.4.0

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/utils.c: Remove SOCK_CLOEXEC from socket() call.  That allows compilation in systems where this flag doesn't exist.
	Resolves #7

2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: document the recommended re-handshake
	process

2015-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: remove duplicate entries from manpages
	Makefile

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/certtool: tests: enhanced cert tests with SHA256
	key IDs

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: modified to allow different key ID
	algorithms

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
	lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c,
	lib/x509/x509.c: Added flags which modify the algorithm used for key
	ID calculation

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc update

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: doc update

2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: gnutls_record_discard_queued() is both for
	TLS and DTLS

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: document the new crypto register functions

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: doc update

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc: avoid spaces in showfunc

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: tests: added files into dist

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: configure: ask for nettle 3.1

2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.4.0

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: gnutls-cli: document the method to override the
	detected ciphers

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-ccm-x86-aesni.c: fixed AESNI CCM
	encryption

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-ccm-x86-aesni.c: cleanups in CCM-aesni

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-polarssl: tests: test CCM-8 against
	polarssl

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: test
	for AES-CCM

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: doc: added 'git submodule update' to clone steps

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/announce.txt: doc update

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/announce.txt: doc update

2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.c: removed unused functions

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c, lib/gnutls_cipher_int.c: extend the fallback
	to setkey in addition to init

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c: doc update

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/cipher-override2.c,
	tests/slow/override-ciphers: tests: verify the behavior of
	GNUTLS_E_NEED_FALLBACK

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c, lib/gnutls_cipher_int.c,
	lib/includes/gnutls/gnutls.h.in: introduced GNUTLS_E_NEED_FALLBACK
	to allow falling back from registered ciphers That allows a registered cipher to indicate that it cannot operate (e.g., due to memory constraints, or internal limits), and gnutls
	should proceed with the default algorithms.

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: ciphersuites: moved CCM
	ciphersuites in the appropriate ifdefs

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/ciphersuite/test-ciphers.js: tests: ciphersuite test
	will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8 That is because the names in rfc6655 are for some reason different
	than the expected.

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-intro-tls.texi: document CCM and CCM-8

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c, tests/mini-record-failure.c,
	tests/mini-record.c: tests: added CCM and CCM_8 into ciphersuite
	tests

2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-ccm-x86-aesni.c,
	lib/accelerated/x86/x86-common.c, lib/algorithms/ciphers.c,
	lib/algorithms/ciphersuites.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/cipher.c: Added CCM-8 ciphersuites

2015-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/announce.txt: updated announce text

2015-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* symbols.last: symbols: added the new supplemental functions

2015-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: doc update

2015-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: tests: delay tests that depend on
	timing when they fail That often prevents failures on busy systems.

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: don't enforce iv_size > block_size; it is no
	longer true for all ciphers

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: simplified calc_enc_length_stream

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-supplementaldata.c: tests: updated supplemental API

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c: gnutls_ext_register will fail on double
	registration

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_supplemental_register will fail on double registration

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, symbols.last: symbols: added new exported functions

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am,
	doc/scripts/getfuncs-map.pl: doc: updated makefiles to include new
	functions

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: libgnutls.map: remove
	gnutls_record_set_max_empty_records

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: account for the renamed
	gnutls_supplemental_recv/send

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: document the export supplemental data API

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send Also added the gnutls_ prefix to new types.

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: Added
	documentation for gnutls_do_send/recv_supplemental

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c, lib/gnutls_mem.c, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c, lib/safe-memfuncs.c, lib/tpm.c: doc updates

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-shared-key.texi, lib/auth/srp_sb64.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
	lib/tpm.c, lib/x509_b64.c: the base64 xxx_alloc functions were
	renamed to xxx2 That brings them in par with the rest of the allocation functions.

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
	src/pkcs11.c: p11tool: use the key usage flags to set PKCS #11
	properties

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11: use key_usage to
	set the appropriate flags

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: 
	cleanups in supplemental data support

2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dh_common.c: DH: do not warn on zero q_bits

2015-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: rearrange entries

2015-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c: certtool: certtool --generate-dh-params
	will account for --outder Resolves #5

2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: chacha20-poly1305: ciphersuite
	numbers correspond to the latest draft

2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: improved output message

2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: removed unecessary warning

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/compat.h: doc update: account for new functions

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: better output text

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: added
	GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY Also enforce the expected flags despite any given flags in the URL.

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: added the --test-sign parameter That allows to check an existing key for signing/verification.

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: 
	gnutls_priv/pubkey_import_url replace:
	gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: corrected import of pubkey in DER format

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-etm.c: tests: added check for EtM
	negotiation

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/ext/etm.c,
	lib/gnutls_int.h, lib/gnutls_priority.c: only send EtM extension if
	we have CBC ciphersuites

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: mention gnutls_privkey_sign_raw_data in
	upgrade section

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
	lib/libgnutls.map: gnutls_privkey_sign_raw_data: converted to macro
	over gnutls_privkey_sign_hash

2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509sign-verify.c: tests: added check for the legacy
	gnutls_privkey_sign_raw_data

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: avoid compilation warnings in self checks
	(take 2)

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: Revert "selftests: avoid compilatio
	warnings" This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603.

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: tests: check whether PKCS #11 ID set on
	copy/generation is correct

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: allow setting the CKA_ID on object
	initialization/generation

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: exported new functions

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
	enhanced key generation functions to allow specifying a CKA_ID

2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: selftests: avoid compilatio warnings

2015-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: enhanced copy
	functions to allow specifying a CKA_ID

2015-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-server-name.c: tests: mini-server-name: ignore sigpipe

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suppressions.valgrind: tests: added more libidn-related
	valgrind suppressions

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/texinfo.css: doc: increase border spacing in HTML tables

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: doc: list chacha20-poly1305 to the list of
	ciphers

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: manpages: automatically adjust the
	copyright year on generated pages

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-server-name.c: tests: added check
	for gnutls_server_name_get and gnutls_server_name_set

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/test-ciphers.js: test-ciphers.js: improved
	ciphersuite checks

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: corrected
	GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/scan-gnutls.sh: updated
	test-ciphersuite.sh for new types

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: Better fix for the double free in dist point
	parsing

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated
	minitasn1

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey: increase size
	for attributes

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: moved chacha20-poly1305
	ciphersuites to the 0xCD space

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: doc update: replace cryptographic algorithm by
	encryption algorithm

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c,
	lib/x509/x509_ext.c: gnutls_subject_alt_names_set and
	gnutls_x509_aki_set_cert_issuer will set null-terminated strings

2015-03-27  Jiří Klimeš <jklimes@redhat.com>

	* lib/crypto-api.c: doc: be consistent in the function descriptions Signed-off-by: Jiří Klimeš <jklimes@redhat.com>

2015-03-27  Jiří Klimeš <jklimes@redhat.com>

	* lib/crypto-api.c: doc: correct the description of crypto API
	functions Signed-off-by: Jiří Klimeš <jklimes@redhat.com>

2015-03-27  Jiří Klimeš <jklimes@redhat.com>

	* doc/examples/ex-client-x509.c, lib/ext/server_name.c,
	lib/x509/output.c: Fix a few compiler warnings about unused
	variables [-Wunused-variable] Signed-off-by: Jiří Klimeš <jklimes@redhat.com>

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: fixed CHACHA20-POLY1305 in DTLS

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c, src/benchmark-tls.c: gnutls-cli: added
	chacha-poly1305 into benchmarks

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: when calculating record overhead account for
	chacha20 which doesn't send the nonce on the wire

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-record-2.c, tests/mini-record.c: tests: include
	chacha20 into transfer tests

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_int.h: Added
	the CHACHA20-POLY1305 ciphersuites (with random IDs)

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c, lib/crypto-selftests.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c: added
	chacha20-poly1305 as cipher

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-record-retvals.c: tests: check retvals in block ciphers

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: do not penalize CBC ciphers with the maximum
	send data size That reduced the maximum send size for CBC ciphers from 16384 to
	16384-(block size), which was unnecessary and was causing issues:
	https://bugs.winehq.org/show_bug.cgi?id=37500

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in: 
	gnutls_record_set_max_empty_records: removed

2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: eliminated double-free in the parsing of dist
	points Reported by Robert Święcki.

2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: Added a tight loop around the legacy push
	function That reduces the need for more expensive outer loops.  Originally
	suggested by Anton Lavrentiev.

2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gl/Makefile.am, src/gl/fseeko.c, src/gl/m4/dup2.m4,
	src/gl/m4/printf.m4, src/gl/m4/stdio_h.m4, src/gl/m4/time_h.m4,
	src/gl/signal.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
	src/gl/time.in.h, src/gl/vasnprintf.c, src/gl/xalloc.h: updated
	gnulib

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: more precise documentation of
	--set-id parameter

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: depend on nettle 3.1 or later

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/email: tests: updated email check for renamed
	--verify-email option

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased
	the size of ck_attributes

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error
	condition

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a
	CKA_ID on key generation

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool.c: p11tool: reduced debugging output

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: --purpose,
	--hostname were renamed to --verify-purpose, --verify-hostname

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c: p11tool: added --mark-no-sign
	and --mark-no-decrypt options

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c: pkcs11: added flags to mark keys as not-being
	signable or decryptable That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and
	GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during
	generation or write of keys.

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags
	when writing a private key

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume-dtls.c: tests: cleanups in resume-dtls

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c: ext: server_name: move name length check
	prior to IDN convertion

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c: When an application calls
	gnutls_server_name_set() with a name of zero size disable the
	extension Resolves #2

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/hostname-verify.c: gnutls_x509_crt_check_hostname2: check
	CN for match only if certificate would have been acceptable for
	GNUTLS_KP_TLS_WWW_SERVER

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: Apply DNS name constraints on CN
	field only on certificates acceptable for TLS WWW SERVER purpose Suggested by Fotis Loukos.

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: mini-loss-time is less prone to
	timeouts

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/suppressions.valgrind: tests: added valgrind
	suppressions in cert-tests for libidn

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: eliminated memory leaks on verification

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/email,
	tests/cert-tests/email-certs/chain.exclude.test.example.com,
	tests/cert-tests/email-certs/chain.invalid.example.com,
	tests/cert-tests/email-certs/chain.test.example.com,
	tests/cert-tests/email-certs/chain.test.example.com-2: tests: Added
	email verification tests with certtool

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: added the --email
	option, to use in verification

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/openpgp/compat.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
	lib/x509/Makefile.am, lib/x509/email-verify.c,
	lib/x509/verify-high.c: Added gnutls_x509_crt_check_email(),
	gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: verify that we accept a certificate
	with no name even if its CA has nameconstraints

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: when no name of the
	type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos.

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume-dtls.c: tests: increase the timeout in resume-dtls

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_obj_export3: allow operation when
	raw.data is NULL and we have a public key

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: simplified export of objects That also allows to export public keys, even when a CKA_VALUE with
	the public key is not present. For that we use the key parameters,
	which we encode into a key. Issue reported by Frank Leavis.

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
	build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
	build-aux/useless-if-before-free, build-aux/vc-list-files,
	doc/gendocs_template, gl/Makefile.am, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/ld-version-script.m4, gl/m4/printf.m4,
	gl/m4/stdio_h.m4, gl/m4/time_h.m4, gl/m4/ungetc.m4,
	gl/stdio-impl.h, gl/stdio.in.h, gl/tests/Makefile.am,
	gl/tests/init.sh, gl/tests/test-u64.c, gl/time.in.h, gl/u64.c,
	gl/u64.h, gl/vasnprintf.c, maint.mk: gnulib: removed u64 module

2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/gnutls_int.h: drop
	support for gnulib's u64

2015-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main-openssl: tests: check legacy RC4 in
	testcompat That would prevent losing compatibility without detecting it.  That
	is currently the case since it is no longer enabled by default.

2015-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-record-retvals.c: tests: added check
	to verify the correctness of the record function return values

2015-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/crywrap/crywrap.c, src/tests.c: tools: enable
	compilation with all options disabled

2015-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_auth.c, lib/gnutls_ui.c: enable compilation with
	several options disabled

2015-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_auth.c, lib/gnutls_state.c, lib/pkcs11.c,
	lib/pkcs11_privkey.c, lib/x509/crq.c, lib/x509/pkcs7.c: doc: avoid
	mentioning pointers when not needed

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: increase the maximum stack frame the compiler will
	warn for

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c, lib/crypto-api.c, lib/ext/alpn.c,
	lib/ext/etm.c, lib/ext/ext_master_secret.c, lib/ext/heartbeat.c,
	lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
	lib/ext/server_name.c, lib/ext/session_ticket.c,
	lib/ext/signature.c, lib/ext/srtp.c, lib/ext/status_request.c,
	lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_db.c,
	lib/gnutls_dh.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
	lib/gnutls_pcert.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
	lib/gnutls_privkey_raw.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
	lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_srp.c, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
	lib/pkcs11x.c, lib/system-keys-win.c, lib/system_override.c,
	lib/tpm.c, lib/verify-tofu.c, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
	lib/x509/hostname-verify.c, lib/x509/name_constraints.c,
	lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/output.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_openssl.c,
	lib/x509/privkey_pkcs8.c, lib/x509/verify-high.c,
	lib/x509/verify-high2.c, lib/x509/x509.c, lib/x509/x509_ext.c,
	lib/x509/x509_write.c: doc: avoid using structure for opaque types

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-extension.c: tests: include gnutls_ext_s/get_data into
	tests of mini-extension

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_extensions.c: updated documentation on non-return value
	of gnutls_ext_set_data

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls0-9.c: tests: fixed buffers in mini-dtls0-9

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/srp.c, lib/ext/alpn.c, lib/ext/etm.c,
	lib/ext/heartbeat.c, lib/ext/max_record.c,
	lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
	lib/ext/session_ticket.c, lib/ext/signature.c, lib/ext/srp.c,
	lib/ext/srtp.c, lib/ext/status_request.c, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_int.h, lib/gnutls_str.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: added
	gnutls_ext_set_data() and gnutls_ext_get_data() As a side effect the type which holds private data was reduced from
	union to void * pointer. That simplifies the exported API without
	reducing the options in the internal API.

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: set GNUTLS_DTLS_VERSION_MIN to be
	DTLS0.9 That allows standard DTLS ciphersuites to be used with DTLS0.9

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-dtls0-9.c: tests: added test for
	DTLS 0.9

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-extension.c: tests: updated mini-extension

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: mention the new functionality briefly in
	documentation

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_supplemental.c: mention that
	the registration functions are not thread safe

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h: store a copy of
	the extensions name

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: deinitialize supplemental data on deinit

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: removed
	unused epoch change callback

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/gnutls_supplemental.c,
	lib/gnutls_supplemental.h: deinitialize supplemental data on deinit

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.h, lib/gnutls_supplemental.c: reduce warnings

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_supplemental.c: added documentation for the new functions

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-supplementaldata.c: tests: remove warnings in
	mini-supplementaldata.c

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in, tests/mini-supplementaldata.c: 
	updated types

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2015-03-19  Thierry Quemerais <tquemerais@awox.com>

	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, tests/Makefile.am, tests/mini-supplementaldata.c: 
	Added a way to add custom supplemental data from public API.  Signed-off-by: Thierry Quemerais <tquemerais@awox.com>

2015-03-19  Thierry Quemerais <tquemerais@awox.com>

	* tests/mini-extension.c: Fixed extension test.  Signed-off-by: Thierry Quemerais <tquemerais@awox.com>

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.h, lib/includes/gnutls/gnutls.h.in,
	tests/Makefile.am, tests/mini-extension.c: renamed gnutls_buffer_st
	-> gnutls_buffer_t

2015-03-19  Thierry Quemerais <tquemerais@awox.com>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_int.h, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/mini-extension.c: Added a way to add custom extensions from
	public API.  Signed-off-by: Thierry Quemerais <tquemerais@awox.com>

2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2015-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h: 
	gnutls_x509_crt_import_pkcs11_url moved to pkcs11.h as it was always
	defined there

2015-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/inet_ntop.c: inet_ntop replacement: include sys/socket.h

2015-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/inet_ntop.c, lib/system.h: inet_ntop replacement: do not
	depend on socklen_t

2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: tests: link cipher tests directly with
	nettle when needed

2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: tests: mini-dtls-record: increase
	timeouts to avoid failure of test due to slow system

2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: tests: mini-dtls-record: removed the
	need for 64-bit number

2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: tests: increase verbosity of
	mini-dtls-record

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-crypto.texi: document the cipher override API

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/mac-override.c,
	tests/slow/override-ciphers: added test suite for overriden digests
	and MACs

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/cryptodev.c, lib/accelerated/x86/x86-common.c,
	lib/crypto-backend.c, lib/crypto-backend.h,
	lib/includes/gnutls/crypto.h, lib/libgnutls.map: Added API to
	register MAC and digest algorithms.

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/cipher-override.c,
	tests/slow/override-ciphers: added test suite for overriden ciphers

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
	lib/accelerated/x86/x86-common.c, lib/crypto-backend.c,
	lib/crypto-backend.h, lib/includes/gnutls/crypto.h,
	lib/libgnutls.map: Added API to register AEAD and legacy ciphers.

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/cryptodev-gcm.c: cryptodev: provide the new AEAD
	API

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: Added environment variable which can override
	automatic global initialization

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c, lib/crypto-backend.h: removed unused
	functions

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: configure: fail compilation if the minimum required
	libtasn1 is not present

2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/long-session-id.c: tests: long-session-id uses the test
	framework

2015-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/pkcs11.c: depend on p11-kit 0.23.1 to conform to
	draft-pechanec-pkcs11uri-21

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-record.c: tests: fixed shadowed variable in
	mini-dtls-record

2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/long-session-id.c, tests/mini-dtls-fork.c,
	tests/mini-dtls-pthread.c, tests/mini-dtls-rehandshake.c,
	tests/mini-handshake-timeout.c, tests/utils.c, tests/utils.h: tests:
	use nanosleep for sleeping

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: README-alpha: move valgrind to testing tools

2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.md: updated README-alpha

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_supplemental.c: Fixed handling of supplemental data
	with types > 255.  Patch by Thierry Quemerais.

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: doc update

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: gnutls_priority_init: document that
	priorities can be NULL

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11.softhsm: testpkcs11: disallow softhsm
	2.0.0b1 from being used to test PKCS #11

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/mini-eagain2.c: tests: mini-eagain2: call
	gnutls_handshake_set_timeout() at the proper time

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: added libasan as dependency

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: corrected self test for 3DES

2015-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: correctly set the size of type

2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: combined the fill for object attributes set

2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: only set ID and label when both size and
	data are set

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: exit with non-zero reason if no objects are
	found

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: tests: added checks for p11tool --set-id
	and --set-label

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: added --set-id and --set-label options

2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.c, lib/pkcs11_int.h: added
	gnutls_pkcs11_obj_set_info() This function allows setting information such as the CKA_ID and the
	CKA_LABEL of an object.  Resolves #1

2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
	tests/cert-tests/invalid-sig.pem: Added check for GNUTLS-SA-2015-1

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-chains.h: tests: removed test with invalid DER encoding
	in chainverify These certificates are now rejected earlier.

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/strict-der.c: tests: added a check for
	certificates with invalid DER encodings

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
	lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_ext.c: 
	x509: use libtasn1's strict DER decoding rules in network obtained
	structures

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, m4/hooks.m4: depend on libtasn1 4.3

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: rearranged internal documentation

2015-03-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
	src/socket.c: tools: added ftp as a starttls protocol

2015-03-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: gnutls-cli: starttls and starttls-proto can't
	mix

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: expand on SECURE256 being an alias to
	SECURE192

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-polarssl: tests: do not run polarssl
	interop test on VIA

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-common: use common license in all
	testcompat scripts

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: removed unused function

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: doc update

2015-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README-alpha => README.md: README-alpha is README.md
	on repository It contains information for developers.

2015-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README.md => README: Revert "auto-generate README
	from README.md" This reverts commit aff4b2151b42c6a59e490c3714d3e1e64d2921dd.

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: cleaned up licensing

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am, README => README.md: auto-generate README from
	README.md

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: Revert "added README.md as link to README" This reverts commit 041d4f947eb6937d4af62eb35055668825c36833.

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md: added README.md as link to README

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README.md => README, README-alpha.md => README-alpha: Revert
	"renamed README files" This reverts commit 05b4fa46667d3f5972f6de6ac61ff959382c67a5.

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha => README-alpha.md, README => README.md: renamed
	README files

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README, README-alpha: README: converted to mark-down

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: corrected check of certificate
	chain order

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509cert.c: tests: added small test to verify that
	GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable
	unsupported TLS protocols as soon

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: cli sockets: check for a digit prior using atoi

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: a cert list of size 1 is always
	sorted

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: gnutls-cli-debug: do not warn multiple times about
	unknown protocols

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-support.texi: updated documentation on FIPS140-2

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl: tests: speed up testcompat
	check by remove less important options

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/softhsm.h: tests: updated paths for softhsm detection

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: README: mention nodejs

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: check for /usr/share/dns/root.key as well
	for dns root key

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: README: mention dependency on dns-root-data

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: tests: don't perform the overflow
	check in 32-bit systems

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-date.pem,
	tests/cert-tests/template-date.tmpl: tests: date parsing test was
	modified to work in 32-bit systems

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: in 32-bit systems use PRIu64 to
	print 64-bit values

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: exit when there is an overflow in
	parsing days

2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha: README: mention that openssl and polarssl will be
	used for interop testing

2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-test: Revert "tests: increased the
	retries with datefudge cert generation" This reverts commit a381fd148d2e181e19aad9ab9a9c5993080ce869.

2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-basic.pem,
	tests/cert-tests/template-basic.tmpl,
	tests/cert-tests/template-test: Revert "tests: template-test: added
	a baseline check to detect slow systems" This reverts commit b7ef1265810ec55d0912db2e3fa4204d8c412377.

2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-basic.pem,
	tests/cert-tests/template-basic.tmpl,
	tests/cert-tests/template-test: tests: template-test: added a
	baseline check to detect slow systems

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: tests: increased the retries with
	datefudge cert generation There are slow systems that are not always capable of generating the
	certificate within a single second.

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: add bison as a dependency

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: build documentation last That allows the examples to depend on libgnu_gpl.la

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: list unbound dependency for DANE

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: tests: removed dane hosts which don't behave
	well

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: updated instructions for installed packages

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/cover.tex: latex doc: updated copyright dates

2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: updated copyright date

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c,
	lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c,
	m4/hooks.m4: use asn1_decode_simple_ber if available

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-library.texi: corrected typo

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-library.texi: mention libidn

2015-03-04  Ilya V. Matveychikov <i.matveychikov@securitycode.ru>

	* tests/suite/asn1random.pl: asn1random.pl: generate simple tags
	only Do not emit tags with numbers greater than or equal 31 as they must
	be encoded an octet sequence (ref X.690-0207 # 8.1.2.4) Signed-off-by: Ilya V. Matveychikov <i.matveychikov@securitycode.ru>

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: doc update

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
	tests/cert-tests/invalid-sig2.pem,
	tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid
	X.509 certificate signatures

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: added the change of priority string NORMAL
	in documentation

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-library.texi: document the usage of a PKCS #11 trust
	module for verification

2015-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: tests: updated the suite to
	account for the removal of DSA by default

2015-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa, tests/openpgp-callback.c, tests/openpgpself.c,
	tests/priorities.c: tests: updated the suite to account for the
	removal of DSA by default

2015-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main-openssl,
	tests/suite/testcompat-main-polarssl,
	tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl: 
	cross-implementation test suite was relicensed to 3-clause BSD That way the suite can be used by projects with other licenses.

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: DSA signatures and DHE-DSS are disabled by
	default DSA was an algorithm that was never deployed on the Internet and
	had, until very recently, several limitations such as restriction of
	its keys to 1024 bits, SHA1-only etc. Given that there are literally
	0 internet (HTTPS) certificates using DSA, there is no point to
	enable it by default and increase our attack surface.

2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-cipher.c: gnutls-cli: include AES_128_CCM in
	benchmark-ciphers

2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session.c: doc update

2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: doc update

2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/inet_ntop.c, lib/system.c, lib/system.h,
	lib/x509/output.c: bundle inet_ntop in systems that don't have it

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/abstract.h: removed
	gnutls_pubkey_get_verify_algorithm from abstract.h

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: corrected typo in gnutls_handshake(),
	spotted by Andris Mednis

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_session.c: doc update: document that session_get_data()
	must be used in non-resumed sessions

2015-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: doc update

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c, lib/gnutls_handshake.c: added
	comments

2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/pkcs11.c: Use p11_kit_uri_get_pin_value() if
	available in p11-kit

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: removed unnecessary check and
	optimized function

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: corrected check which prevented
	client to sent an unacceptable for the version ciphersuite

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-key-material.c: tests: mini-key-material: avoid memory
	leak

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-lowmtu.c, tests/mini-overhead.c,
	tests/mini-record.c: tests: require DTLS 1.2 when using GCM

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: handle GNUTLS_E_INT_CHECK_AGAIN

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/gnutls_handshake.c: check the negotiated TLS/DTLS version prior
	to offering a ciphersuite a server

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: remove unnecessary assert

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: doc update

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cve-2009-1415.c, tests/x509sign-verify.c: tests: modified
	tests with obsolete APIs with their replacement API

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: doc: added deprecated functions into upgrade
	plan

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert-tl.c: tests: added checks for
	gnutls_x509_crt_get_signature_algorithm and
	gnutls_x509_crt_get_preferred_hash_algorithm

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_pubkey.c, lib/libgnutls.map, lib/nettle/pk.c,
	lib/x509/verify.c, lib/x509/x509.c: removed
	gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/x509.c: 
	removed gnutls_x509_crt_get_verify_algorithm()

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: removed gnutls_pubkey_verify_hash() and
	gnutls_pubkey_verify_data()

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.h: certtool: use unsigned for bits

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, src/p11tool.c: certtool/p11tool: avoid cast to
	function call

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: allow specifying
	a purpose and a hostname for chain verification

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/x509cert-invalid.c: tests: added check
	for invalid X.509 certificate

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-key-material.c: tests: added check
	for gnutls_record_get_state()

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_constate.c: removed unused constants

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: memcpy fix in gnutls_record_get_state

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* ltmain.sh: removed ltmain.sh from root

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_record_get_state() and
	gnutls_record_set_state() These functions allow to export the key material and sequence
	numbers.  That allows offloading the sending and receiving of
	individual records.

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: fixed sequence number copy

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_handshake_set_hook_function: will provide the raw handshake
	data

2015-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: use explicit casts to unsigned
	int in the CURVE_TO_BITS et al

2015-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12_encr.c: use cast in _gnutls_hash_fast

2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: when importing a certificate ensure that the
	signature parameters match

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in
	x86

2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/cli.c: gnutls-cli: added --save-cert option

2015-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: added missing prototypes

2015-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: handle differently OCSP responses that are revoked and
	of unknown status

2015-02-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: compilation fix with return on void function;
	reported by David Marx

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: doc update

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: set the appropriate direction when
	_gnutls_io_write_flush() is called

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-pthread.c: tests: added check
	for operation under different threads and DTLS

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-fork.c: tests: added check for
	operation under different processes and DTLS

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: Revert "doc update" This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7.

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Revert "Added gnutls_record_is_async()" This reverts commit 2232822aabe473d124f924d64ff52981d685fd41.

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: documented using a session with fork or
	multiple threads

2015-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_record_is_async() That function indicates whether gnutls_record_recv() and
	gnutls_record_send() can be used independently and in parallel.

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: print errno in a more uniform way

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/system.c: doc update

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c,
	lib/system.h, lib/system_override.c: exported
	gnutls_system_recv_timeout()

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the
	total length

2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/kbnode.c, lib/opencdk/read-packet.c: opencdk: small
	fixed to reduce warnings

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: doc update

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be
	so verbose about the OCSP nonce; it is universally unsupported

2015-01-17  Tim Ruehsen <tim.ruehsen@gmx.de>

	* src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: on certificate import check whether the two
	signature algorithms match

2015-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: use 3.3.12

2015-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/key_decode.c: doc update

2015-01-12  Luke Dashjr <luke-jr+git@utopios.org>

	* Makefile.am, configure.ac, doc/manpages/Makefile.am: Added
	configure option --disable-tools

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/errors.c: corrected typos Reported by Guido Kroon.

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of
	obsolete versions That prevents using these versions as record version numbers, unless
	they are the only protocol supported. This avoids the issues with
	servers that have banned SSL 3.0 record versions.

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool: follow the documented process for
	gnutls_x509_crt_get_authority_info_access

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc
	update

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool-common: iterate through all AIA
	items prior to decidig the OCSP server

2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: use a FIPS key that agree's with fedora's fipshmac

2015-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: DCO: Added Luke Dashjr

2015-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: simplified text for inline-commands-prefix

2015-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added
	--starttls-proto option

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: cleanup the name of types

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/softhsm.h: tests: updates in softhsm detection

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: when importing a public key, import it's
	data as well (version 2 fix)

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: doc update

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: do not ignore the failure to
	write a trusted CA

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: removed gnutls_pubkey_get_pk_* from the
	exported function list

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-import-export.c: tests: key-import-export: enhanced to
	test gnutls_pubkey_*_ecc_x962

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: gnutls_pubkey_t: allow the import of another
	parameter set without a leak

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: removed ABI-compatibility functions

2015-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc update

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11.softhsm: testpkcs11: modified to support
	both softhsmv1 and v2

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: when importing a public key, import it's
	data as well

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-import-export.c: tests: enhanced key-import-export to
	check output of pubkeys

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-callback.c: tests: eliminated leaks

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: doc update

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/key-import-export.c: tests: added checks
	for private key import/export functions

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: doc update

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/openpgp-callback.c: tests: Added test
	case for openpgp keys loaded by callback

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP
	from a client, the server verifies if it supports the extension’s
	contents in _gnutls_session_cert_type_supported().  This function
	checks for cred->get_cert_callback but not cred->get_cert_callback2.
	As a result, servers setup for OpenPGP certificate credential
	callback with gnutls_certificate_set_retrieve_function2() are unable
	to use the OpenPGP certificate type.  The solution is to consider cred->get_cert_callback2 alongside
	cred->get_cert_callback in _gnutls_session_cert_type_supported().  Patch by Rick van Rein.

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not
	release the cached value

2015-01-08  Ludovic Courtès <ludo@gnu.org>

	* NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both
	during expansion and at run time.  Fixes <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>.  * guile/modules/gnutls.in: Wrap '%libdir' definition and   'load-extension' call in 'eval-when'.

2015-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS
	record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712

2015-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-record-asym.c: tests: updated
	mini-dtls-record-asym

2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record-asym.c: tests: better documentation of
	mini-dtls-record-asym purpose

2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-mtu.c, tests/utils.c, tests/utils.h: tests: moved
	udp_socketpair to utils

2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record-asym.c: tests: corrected asymmetric MTU
	test for DTLS and added caching

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-record-asym.c: Added test case
	for DTLS handshake packet reconstruction when it exceeds MTU https://savannah.gnu.org/support/?108712

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: simplified _gnutls_dgram_read()

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: danetool: only compile when dane is enabled

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: in DTLS don't combine multiple packets which
	exceed MTU Resolves: https://savannah.gnu.org/support/?108715

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: Added more precise check of push functions
	availability

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
	lib/system.h: Revert "in DTLS don't use writev() when multiple
	packets which exceed MTU are queued" This reverts commit 43082a67c7514d65301d157fb567a133138a85ab.

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: Revert "Give precedence to vector push
	function" This reverts commit cb4ea413569803cbbf291abb27d30d14bfa971c5.

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: Give precedence to vector push function

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
	lib/system.h: in DTLS don't use writev() when multiple packets which
	exceed MTU are queued That change requires the system_write() to be registered
	unconditionally, even when writev() is available.  Resolves:
	https://savannah.gnu.org/support/?108715

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-mtu.c: tests: added check to
	ensure that DTLS handshake packets will not exceed MTU

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: warn when setting a certificate's
	expiration longer than the CA's expiration

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: detect softhsm2

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c,
	tests/record-sizes.c: tests: account for disabling of ARCFOUR where
	needed

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: modified check for READ_NUMERIC

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: use 64-bit type for CRL serial
	number

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: check for overflows when reading
	serial numbers

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as
	type for integers read

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: gnutls-cli-debug: more precise handling of SMTP
	protocol Patch by Andreas Metzler.

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c,
	gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c,
	gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c,
	gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c,
	gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c,
	gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4,
	gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4,
	gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
	gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
	gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
	gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
	gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4,
	gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
	gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4,
	gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
	gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
	gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4,
	gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
	gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
	gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
	gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
	gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
	gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
	gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
	gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
	gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4,
	gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4,
	gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
	gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
	gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
	gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
	gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
	gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
	gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
	gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
	gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
	gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
	gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
	gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h,
	gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h,
	gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
	gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h,
	gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c,
	gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
	gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
	gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h,
	gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c,
	gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h,
	gl/tests/signature.h, gl/tests/test-alloca-opt.c,
	gl/tests/test-base64.c, gl/tests/test-binary-io.c,
	gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
	gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
	gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
	gl/tests/test-float.c, gl/tests/test-fputc.c,
	gl/tests/test-fread.c, gl/tests/test-fstat.c,
	gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
	gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
	gl/tests/test-ftello4.c, gl/tests/test-func.c,
	gl/tests/test-fwrite.c, gl/tests/test-getdelim.c,
	gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
	gl/tests/test-iconv.c, gl/tests/test-init.sh,
	gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
	gl/tests/test-memchr.c, gl/tests/test-netdb.c,
	gl/tests/test-netinet_in.c, gl/tests/test-read-file.c,
	gl/tests/test-snprintf.c, gl/tests/test-stdalign.c,
	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
	gl/tests/test-stdint.c, gl/tests/test-stdio.c,
	gl/tests/test-stdlib.c, gl/tests/test-string.c,
	gl/tests/test-strings.c, gl/tests/test-strnlen.c,
	gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
	gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
	gl/tests/test-sys_wait.h, gl/tests/test-time.c,
	gl/tests/test-u64.c, gl/tests/test-unistd.c,
	gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
	gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h,
	gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
	gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h,
	src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
	src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c,
	src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
	src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
	src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
	src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
	src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c,
	src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
	src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
	src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
	src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c,
	src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c,
	src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c,
	src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4,
	src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
	src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
	src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
	src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
	src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
	src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4,
	src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4,
	src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4,
	src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4,
	src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
	src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
	src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
	src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
	src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
	src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4,
	src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4,
	src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
	src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4,
	src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4,
	src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4,
	src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4,
	src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4,
	src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4,
	src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4,
	src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4,
	src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4,
	src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4,
	src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4,
	src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4,
	src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4,
	src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4,
	src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
	src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
	src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
	src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
	src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
	src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c,
	src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
	src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h,
	src/gl/parse-datetime.y, src/gl/printf-args.c,
	src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
	src/gl/progname.c, src/gl/progname.h, src/gl/read-file.c,
	src/gl/read-file.h, src/gl/realloc.c, src/gl/recv.c,
	src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c,
	src/gl/setenv.c, src/gl/setsockopt.c, src/gl/shutdown.c,
	src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
	src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
	src/gl/stdalign.in.h, src/gl/stdbool.in.h, src/gl/stddef.in.h,
	src/gl/stdint.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
	src/gl/stdlib.in.h, src/gl/strdup.c, src/gl/strerror-override.c,
	src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
	src/gl/sys_select.in.h, src/gl/sys_socket.in.h,
	src/gl/sys_stat.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h,
	src/gl/sys_uio.in.h, src/gl/time.in.h, src/gl/time_r.c,
	src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c,
	src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h,
	src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c,
	src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c,
	src/gl/xsize.h: updated gnulib

2015-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c: gnutls-cli-debug: corrected the skip of ignored
	checks

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: use explicit casts in the dummy ip conversion
	functions

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	lib/gnutls_priority.c: ARCFOUR-128 is disabled by default

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system-keys-win.c: system-keys-win: use LoadLibraryA to load
	ncrypt.dll

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, devel/abi3.4.xml: Updated abi-compliance-checker for
	3.4 API

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, symbols.last: updated export symbols list (due to ABI
	breakage)

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: doc: updated auto-generated files

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/doc.mk, doc/manpages/Makefile.am: generate manpages for urls.h
	and system-keys.h

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-get-issuer.c: tests: added check for
	gnutls_x509_trust_list_get_issuer_by_dn()

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: updated libgnutls.map for new functions

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: doc:
	updated auto-generated files and added urls.h

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests:
	added checks for the new --key-id and --fingerprint certtool options

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: Added
	--fingerprint and --key-id options

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: --pubkey-info will load a public key
	from stdin

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.h: include netinet/in.h if present to access ipv6
	related structures Based on patch by Rumko.  https://savannah.gnu.org/support/?108713

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: VERS-ALL adds all protocols if used with
	'+'

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: priority strings
	VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding
	protocols That introduces VERS-ALL which behaves as VERS-TLS-ALL previously.

2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: made DTLS protocol
	version numbering distinct

2014-12-30  Matthias-Christian Ott <ott@mirix.org>

	* lib/gnutls_cipher_int.c: Don't call _gnutls_cipher_encrypt2 with
	textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher,
	_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
	textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in
	this case and thus does not need to be called.

2014-12-30  Matthias-Christian Ott <ott@mirix.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-padlock.c: Handle zero length plaintext for
	VIA PadLock functions If the plaintext is shorter than the block size of the used cipher,
	_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
	textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that
	the plaintext length (last parameter) is greater than zero and
	segfault otherwise. The assembler code for both functions is
	automatically generated and imported from OpenSSL, so to ease
	maintenance the length should be validated in the functions that
	call padlock_ecb_encrypt or padlock_cbc_encrypt.

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: use backslashes in windows path

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-keyring.c: tests: enhanced openpgp-keyring test

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c: openpgp: properly print names in oneline
	output as well

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c: updates in openpgp DSA key printing

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c: properly print openpgp names

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/Makefile.am: opencdk: print all warnings on
	compilation

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: opencdk: eliminated warning from armor.c

2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/keydb.c: removed cache support for opencdk's keydb It's implementation looked buggy.

2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated guile comments

2014-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/common.c, src/tests.c: tools: use OCSP
	functions only when OCSP is enabled

2014-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and
	gnutls_pubkey_import_ecc_x962().

2014-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/p11tool-args.def: tools: document the
	available curves

2014-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
	tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
	tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
	tests/suite/testpkcs11.softhsm: PKCS #11 tests: ported to softhsmv2 The C programs still rely on softhsmv1 since there are issues with
	softhsmv2 and CKA_TRUSTED.
	https://bugzilla.redhat.com/show_bug.cgi?id=1177086

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/safe-memfuncs.c: updated documentation of gnutls_memcmp()

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, lib/x509/x509.c: use everywhere the new name
	of gnutls_x509_crt_import_pkcs11_url

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: better cleanup in
	gnutls_pkcs11_privkey_import_url and allow reuse

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, src/Makefile.am, src/gl/Makefile.am,
	src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: completely
	separated the two gnulibs to avoid conflicts

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
	gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/printf.m4,
	gl/m4/stdalign.m4, gl/m4/stddef_h.m4, gl/m4/stdio_h.m4,
	gl/stdalign.in.h, gl/stddef.in.h, gl/tests/test-fcntl-h.c,
	gl/tests/test-stddef.c, gl/unistd.in.h, gl/vasnprintf.c,
	src/gl/Makefile.am, src/gl/m4/extensions.m4,
	src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/printf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stddef_h.m4,
	src/gl/m4/stdio_h.m4, src/gl/parse-datetime.y,
	src/gl/stdalign.in.h, src/gl/stddef.in.h, src/gl/timespec.h,
	src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/urls.c,
	lib/urls.h, lib/x509/x509.c: dropped the sanitize URL approach

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c: 
	Instead of sanitizing URLs, use hints to support incomplete PKCS#11
	URIs

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509.c: 
	gnutls_x509_crt_import_url replaces
	gnutls_x509_crt_import_pkcs11_url

2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: use p11_kit_uri_get_pin_source instead of
	p11_kit_uri_get_pinfile

2014-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-pkcs11-list.c: ex-pkcs11-list.c: updated for new
	API

2014-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/x509/verify-high.c, lib/x509/verify-high2.c: combined
	gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags That was done in an API-backwards compatible way. That introduces
	gnutls_pkcs11_obj_list_import_url3() and
	gnutls_pkcs11_obj_list_import_url4().

2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
	lib/x509/verify-high2.c: first attempt to unify obj_attrs with
	obj_flags

2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-is-known.c: tests: pkcs11-is-known checks
	whether the import of PKCS #11 objects as trusted certs works

2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
	tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
	tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
	tests/suite/testpkcs11.softhsm: Added softhsm.h to share code in
	softhsm detection

2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_int.h, lib/x509/verify-high2.c: Directly import PKCS
	#11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a
	token URL, but rather a direct reference to specific objects.

2014-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_psk.c: PSK: added sanity check on PSK key size set

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: gnutls-cli-debug: removed ARCFOUR-40 from the ciphers
	to use It is no longer supported.

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: _gnutls_buffer_append_data returns zero on
	success

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c: corrected documentation
	for the cork/uncork functions Reported by Jaak Ristioja.

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: doc update

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/protocols.c: Added more precise version check in
	_gnutls_version_lowest

2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: corrected documentation of gnutls_cork()

2014-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: Added 32-bit overflow protection in
	_gnutls_buffer_append_data()

2014-12-17  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/gnutls_str.c: Remove redundant condition in
	align_allocd_with_data().  At all call-sites of align_allocd_with_data() dest->data is
	non-NULL.  Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>

2014-12-17  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/gnutls_str.c: Deduplicated some code in
	_gnutls_buffer_append_data().  Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>

2014-12-17  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/gnutls_str.c: Explicitly marked some variables const in
	_gnutls_buffer_append_data().  Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>

2014-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: DCO: added Jaak Ristioja

2014-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/cipher-test.c: test-ciphers: do not fail on processor
	which don't have the AES-NI instructions

2014-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: _gnutls_buffer_*: moved common operations to
	function

2014-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: _gnutls_buffer_append_data: moved common code
	outside the if-clause

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-polarssl: tests: disable SSL 3.0
	checks with polarssl It seems that SSL 3.0 is disabled in Debian's polarssl.

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: testdane: removed www.vulcano.cl from good
	hosts

2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509cert-tl.c: tests: enhanced x509cert-tl Verify gnutls_x509_trust_list_verify_crt2() in combination with
	gnutls_x509_trust_list_add_named_crt().

2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: use
	gnutls_x509_trust_list_verify_named_crt in
	gnutls_x509_trust_list_verify_crt2

2014-12-12  Ludovic Courtès <ludo@gnu.org>

	* NEWS: Update 'NEWS'.

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/random.c: gnutls_rnd: doc update

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: doc update

2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: improved documentation on dane

2014-12-11  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/openpgp-keyring.scm: guile: Open binary file in binary
	mode, for the sake of MinGW.  Reported by Eli Zaretskii <eliz@gnu.org>.  * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead
	  of 'open-input-file'.

2014-12-11  Ludovic Courtès <ludo@gnu.org>

	* guile/src/Makefile.am: guile: Link with '-no-undefined'.  Fixes builds on MinGW.  Reported by Eli Zaretskii <eliz@gnu.org>.  * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add   -no-undefined.

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: p11tool: use Sleep() in windows

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: ensure that default_serial_int is
	64-bits or more

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: use select() instead of alarm for better portability Based on patch by Eli Zaretskii.

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross.mk: updated for 3.3.11

2014-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c: Allow a random generator with the same
	priority to re-register That corrects an issue where the library is deinitialized, and
	reinitialization wouldn't register the same rnd module.  Reported by
	Stanislav Zidek.

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert.c: tests: x509cert: verify that length returned
	from gnutls_x509_crt_get_dn matches strlen

2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: testcompat: corrected usage
	of null cipher

2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: added the .check function in FIPS140-2 code

2014-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: corrected typo

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: added option --without-idn

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c: accelerated: added required
	casts

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: the priority string
	EXPORT is no more

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-ccm-x86-aesni.c: aesni-ccm: removed unused
	struct entries

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-ccm-x86-aesni.c,
	lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/x86-common.c: 
	added AESNI accelerated CCM

2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c: more nettle3 related
	changes

2014-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: dane: use the new _gnutls_buffer_to_datum

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp.c: tests: corrected the expected lengths in ocsp

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/gnutls_session_pack.c, lib/gnutls_str.c,
	lib/gnutls_str.h, lib/openpgp/output.c, lib/pkcs11.c, lib/tpm.c,
	lib/x509/dn.c, lib/x509/ocsp_output.c, lib/x509/output.c: 
	_gnutls_buffer_to_datum: includes code for exporting strings

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: when the trusted list contains a non-CA
	certificate warn via the audit log

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: modified the CCM ciphersuite's name
	to match the one in the IANA registry

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/ciphersuite/scan-gnutls.sh,
	tests/suite/ciphersuite/test-ciphers.js: ciphersuite test: enhanced
	check for correct ciphersuites

2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/ciphersuite/scan-gnutls.sh: ciphersuites tests: add
	missing includes

2014-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/scan-gnutls.sh: ciphersuite tests: define
	HAVE_CONFIG_H

2014-12-04  Ludovic Courtès <ludo@gnu.org>

	* guile/src/Makefile.am: guile: Build with warnings.  * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra   -Wno-unused-parameter.

2014-12-04  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/Makefile.am, guile/modules/gnutls.in,
	guile/modules/gnutls/build/priorities.scm, guile/src/Makefile.am,
	guile/src/core.c, guile/src/make-session-priorities.scm,
	guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: 
	guile: Remove the deprecated priority API.  * guile/modules/gnutls/build/priorities.scm: Remove.  * guile/src/make-session-priorities.scm: Remove.  * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly.  * guile/src/Makefile.am (EXTRA_DIST): Likewise.    (GENERATED_BINDINGS): Remove 'priorities.i.c'.    (priorities.i.c): Remove target.  * guile/src/core.c: Don't include it.    (scm_gnutls_set_default_priority_x): Remove.  * guile/modules/gnutls.in (gnutls): Adjust export list.  * guile/tests/session-record-port.scm: Use
	'set-session-priorities!'.  * guile/tests/x509-auth.scm: Likewise.

2014-12-04  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi, guile/modules/gnutls.in,
	guile/modules/gnutls/build/smobs.scm, guile/src/core.c,
	guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile:
	Remove RSA parameters and related procedures.  * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob):
	  Remove.  (%gnutls-smobs): Remove it.  * guile/src/core.c (scm_gnutls_make_rsa_parameters,   scm_gnutls_pkcs1_import_rsa_parameters,   scm_gnutls_pkcs1_export_rsa_parameters,   scm_gnutls_set_certificate_credentials_rsa_export_params_x):
	  Remove.  * guile/modules/gnutls.in: Adjust export list.  * guile/tests/openpgp-auth.scm (import-rsa-params): Remove.    Remove references to it and to   'set-certificate-credentials-rsa-export-parameters!'.  * guile/tests/x509-auth.scm: Likewise.  * doc/gnutls-guile.texi (Representation of Binary Data): Remove   references to RSA parameters.  Adjust example accordingly.    (OpenPGP Authentication Guile Example): Likewise.

2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: updated TODO list

2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: removed several of the unneeded exported
	internal symbols

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: doc: corrected typo

2014-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: use unsigned long in gcm_cast_st

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: corrected issue in AES-256-GCM

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/test-ciphers: tests: enhanced
	cipher check to include all ciphers.

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: simplified abstractions over nettle based on
	Niels' comments.

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: API doc update

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: Added test vectors for CCM mode

2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: CCM: corrected AEAD decryption

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: CCM mode moved to the lowest priority

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-aead.h: aes-gcm-aead.h: generalized

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: gnutls-cli: added benchmark for CCM

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/priorities.c, tests/suite/testcompat-main-polarssl: tests:
	updated for AES-128-CCM ciphersuites

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cipher.c: use the new AEAD API in gnutls_cipher.c

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/cipher.c: Added definitions for CCM ciphersuites

2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-crypto.texi, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-gcm-aead.h,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/crypto-api.c,
	lib/crypto-backend.h, lib/crypto-selftests.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/includes/gnutls/crypto.h, lib/libgnutls.map,
	lib/nettle/cipher.c: Modified crypto backend to accomodate for the
	CCM ciphersuites

2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c, lib/nettle/pk.c: More nettle2 updates
	(in FIPS140-2 mode)

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.h,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am,
	lib/nettle/cipher.c, lib/nettle/int/gcm-camellia.c,
	lib/nettle/int/gcm-camellia.h, lib/nettle/pk.c, m4/hooks.m4,
	tests/dsa/testdsa: ported to nettle 3.0

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: reduced current soversion

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-upgrade.texi, lib/libgnutls.map: documented the
	removal of deprecated functions

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: corrected comparison

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
	lib/gnutls_priority.c, lib/gnutls_state.c,
	lib/includes/gnutls/compat.h: removed the old gnutls_retr_st
	compatibility functions

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/gnutls_rsa_export.c,
	lib/gnutls_ui.c, lib/includes/gnutls/compat.h, m4/hooks.m4: Removed
	binary compatibility with RSA-EXPORT using applications

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c, lib/includes/gnutls/compat.h: removed the
	old priority functions That is: gnutls_cipher_set_priority gnutls_mac_set_priority
	gnutls_compression_set_priority gnutls_kx_set_priority
	gnutls_protocol_set_priority gnutls_certificate_type_set_priority

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/compat.h, lib/x509/x509.c: removed
	gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data()

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/gnutls_int.h, lib/gnutls_sig.c,
	lib/includes/gnutls/compat.h: gnutls_sign_callback_set() and
	gnutls_sign_callback_get() were removed

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: renumbered fields in gnutls.h

2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, m4/hooks.m4: increased gnutls' soversion

2014-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/random.h: if the rnd structure doesn't provide check,
	_gnutls_rnd_check() will succeed

2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/x509-verify-with-crl.c: tests: Added
	check for verification using CRLs

2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: Reorganized, and eliminated memory leak in
	_gnutls_x509_crt_check_revocation() Reported by Tim Rühsen.

2014-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/systemkey.c: systemkey: updated for new
	gnutls_system_key_iter_get_info

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/system-keys.h, lib/system-keys-dummy.c,
	lib/system-keys-win.c: gnutls_system_key_iter_get_info() allows
	restricting results to a specific certificate type

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: removed unneeded variable

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h: doc
	update

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: added recommendation to use the higher
	level functions to load keys

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: avoid gcc warnings

2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
	check for whether %NO_EXTENSIONS is required

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_session_get_desc: allow proper printing of
	the NULL KX

2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_session_get_desc will return NULL if
	initial negotiation is not complete

2014-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-chain-unsorted.c: tests: small fix in
	mini-chain-unsorted

2014-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pcert.c, lib/gnutls_x509.c, lib/x509/common.c,
	lib/x509/common.h, lib/x509/x509.c: 
	GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from
	gnutls_pcert_import_x509_list That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT
	is specified.

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pcert.c: gnutls_pcert_import_x509_list: only sort the
	lists it can sort

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system-keys-win.c: simplified windows URLs

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system-keys-win.c: system-keys-win: include urls.h

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-cert-status.c,
	tests/mini-chain-unsorted.c: tests: added mini-chain-unsorted

2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pcert.c, lib/gnutls_x509.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/common.c, lib/x509/common.h,
	lib/x509/verify-high.c, lib/x509/x509.c: Added flag
	GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import* That also allows automatically sorting input chains to the
	gnutls_certificate_credentials_t structure.

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/set_x509_key_file.c: tests: Added check
	for memory leaks when a file cannot be loaded.

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: gnutls_certificate_set_x509_key_*: eliminated
	memory leak when certificate could not be parsed Reported by Georg Richter.

2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: libdane: undef gnutls_assert() before redefining
	it

2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: gnutls-cli-debug: do not print error on unknown
	protocols

2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/set_x509_key_mem.c: tests: added leak
	check for gnutls_set_x509_key_mem2()

2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: documented the limitations of the loading
	functions

2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: corrected memleak in read_key_mem() Patch by Georg Richter.

2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
	check for sorted certificate chain

2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_db.c: do not allow the resumption of a session which
	switches the state of ext_master_secret

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/rfc2253-escape-test: tests: run rfc2253-escape-test under
	valgrind

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/custom-urls.c: tests: enhanced custom-url check

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_x509.c: sanitize URLs at the
	proper place

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: corrected freeing of custom URL

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, lib/includes/gnutls/urls.h: doc update

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/suppressions.valgrind, tests/suppressions.valgrind: 
	Added memxor_different_alignment into suppressions

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, lib/gnutls_x509.c,
	lib/includes/gnutls/urls.h, lib/urls.c, lib/urls.h: Allow the
	construction of chains with custom URLs

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated ignored files

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/{systemkey-tool.c => systemkey.c}: renamed
	systemkey-tool to systemkey, and don't install it by default

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/custom-urls.c: tests: added check for
	registration of custom URLs

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/urls.h, lib/libgnutls.map, lib/urls.c: export
	gnutls_register_custom_url

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: correctly handle non-pkcs11 URLs in
	read_cert_url

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-tokens.texi, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/Makefile.am, lib/includes/gnutls/urls.h,
	lib/system-keys-win.c, lib/urls.c, lib/urls.h, lib/x509/x509.c: 
	Added the ability to register application specific URLs for keys and
	certs

2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system-keys-win.c: system-keys-win: use macros for the URL

2014-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: doc update

2014-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-rehandshake-2.c: tests: added test
	for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake

2014-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_record.c: treat
	GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is
	complete This corrects a regression introduced in
	b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship.
	https://savannah.gnu.org/support/?108690

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: removed old news

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/protocols.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: The
	record version in the client Hello will be set to the lowest
	supported protocol There should have been no harm in keeping it SSL 3.0 but
	unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked
	as MUST NOT do that. That will be fixed in a later revision but
	since then there are servers not accepting SSL 3.0 as a valid record
	version (note that this is about the record version, which describes
	the format of the packet, nothing to do with the negotiated
	version).

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: Revert "The priority modifier
	%LATEST_RECORD_VERSION is now the default" This reverts commit 66c419cc6336ea9a2747574588ffee77458b838f.

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are
	done when it is required only.

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_priority.c,
	lib/includes/gnutls/gnutls.h.in, src/cli.c: 
	gnutls_priority_string_list: allow printing the special keywords as
	well.

2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: simplified code involving getrandom() and
	getentropy()

2014-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: detect android system and define a
	variable

2014-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/system-keys-dummy.c, lib/{system-keys.c =>
	system-keys-win.c}: separated system-keys implementations

2014-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: removed redundant local

2014-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: tests: added check for the abbreviated
	URLs which don't contain object information

2014-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_x509.c, lib/pkcs11_privkey.c,
	lib/urls.c, lib/urls.h, lib/x509/x509.c: prior to importing objects
	with URLs sanitize them That allows to use out of band information to complete missing parts
	in URLs (e.g., object-type=cert, when there is a certificate).

2014-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system-keys.c: compilation fixes

2014-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_x509.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/system-keys.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/system-keys.c, lib/system-keys.h,
	lib/x509/Makefile.am, lib/x509/x509.c, src/Makefile.am,
	src/systemkey-args.def, src/systemkey-tool.c: Added API to
	read/write/delete key-cert pairs (limited to windows for now)

2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: NORMAL priority: prioritize the less than
	256-bits curves at the lowest level

2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: certtool: Allow to set the nonRepudiation,
	keyAgreement and dataEncipherment flags

2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def: list the OIDs in the certtool cfg file
	documentation

2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c, lib/fips.h, lib/gnutls_global.c: properly reset the
	zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879

2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: doc update

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: partially reverted
	999d221fd2241ff73f884bf33d8cbe6eb8299184 That change allows to use the intermediate certificates in chains as
	OCSP anchors.

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: print message when the system trust is
	used

2014-11-14  David Weber <dave@veryflatcat.com>

	* src/cli.c, src/serv.c: Fixed SRTP profile configuration in cli.c
	and serv.c.  I have tested the fix in 3.3.10. This commit is UNTESTED as i am
	unable to compile gnutls (./configure complains about gl_INIT and
	ggl_INIT).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ocsp.c: tests: ocsp: added the signature in check

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp_output.c: only print about additional certificates
	if they are present

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: ocsp: fix DN decoding in
	gnutls_ocsp_resp_get_responder_raw_id

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp.c: tests: ocsp: added check with a long response

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: use the original DER/BER data when verifying an
	OCSP response

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: _pkcs1_rsa_verify_sig() simplify hashing

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: ocsp: eliminated duplicate code

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: clarified the multiple paths printing of
	the verify options

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: allow printing the certificates in OCSP
	responses when --print-cert is specified

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c, lib/x509/ocsp.c: updated OCSP verification code
	to better use the trust list, and the KeyHash

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp_output.c: OCSP printing: Add header in front of
	certificates

2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
	lib/pkcs11.c, lib/x509/verify-high.c: added
	gnutls_pkcs11_get_raw_issuer_by_dn and
	gnutls_x509_trust_list_get_issuer_by_dn

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: check
	for OCSP status response

2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/crq: corrected crq test case; reported by Andreas
	Metzler

2014-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN
	callback

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
	lib/x509/ocsp_output.c, tests/ocsp.c: replaced
	gnutls_ocsp_resp_get_responder_by_key with
	gnutls_ocsp_resp_get_responder_raw_id In addition reverted gnutls_ocsp_resp_get_responder() to the old
	buggy behavior of returning 0 if the element was missing.

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: make sure that GNUTLS_PKCS_PLAIN is set
	when no password should be asked

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: gnutls_x509_privkey_import2: will not use a
	callback if GNUTLS_PKCS_PLAIN is specified

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: the FIPS140-2 testing mode is disabled after
	self-checks

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp.c: updated OCSP tests to account for the new key ID

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: doc update and gnutls_ocsp_resp_get_responder()
	will always initialized output data

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: _rnd_get_event: use memset to avoid
	valgrind complaints

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: print the OCSP response in verbose mode

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/ocsp.c: corrected documentation of OCSP response
	verification

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
	lib/x509/ocsp_output.c: Added
	gnutls_ocsp_resp_get_responder_by_key()

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/dn.c: dn parsing: return
	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli.c, src/common.c: gnutls-cli: added
	option to save the OCSP response

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_sig.c,
	lib/includes/gnutls/abstract.h: added the notion of preferred sign
	algorithm in a private key This can be set for keys imported with gnutls_privkey_import_ext3()
	with the info callback. It is only considered for client side keys
	in TLS sessions.

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/ext/ext_master_secret.c,
	lib/gnutls_int.h, lib/gnutls_priority.c, lib/priority_options.gperf: 
	Added priority string %NO_SESSION_HASH to prevent advertising the
	extended master secret extension

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c: certificate status requestion response
	is optional according to RFC6066

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, src/common.c: 
	Added flag GNUTLS_OCSP_SR_IS_AVAIL for
	gnutls_ocsp_status_request_is_checked

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.h: rnd: removed the packed attribute from
	event_st That prevents a SIGBUS on solaris sparc systems.  Reported by Thomas
	Thorberger.

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: The priority modifier
	%LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version
	number from the first packet of the record protocol.

2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: added check for servers
	that disallow the SSL 3.0 record version

2014-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: gnutls-cli: print whether status request has been
	checked

2014-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: doc update

2014-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/pin.c, lib/pin.h, lib/pkcs11.c, lib/tpm.c,
	lib/x509/privkey.c, lib/x509/x509_int.h: Enable PIN support to
	gnutls_x509_privkey_t

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c, lib/system.h, lib/x509/common.c,
	lib/x509/x509_ext.c: _gnutls_ucs2_to_utf8() can handle little endian
	strings.

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/crypto-api.c, lib/ext/session_ticket.c,
	lib/gnutls_cipher.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/{safe-memset.c => safe-memfuncs.c}: Added
	gnutls_memcmp() and exported it.

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/abstract.h: indentation fix

2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
	lib/x509/pkcs12_bag.c: added gnutls_pkcs12_bag_set_privkey() Conflicts:         lib/libgnutls.map

2014-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/abstract_int.h, lib/gnutls_privkey.c,
	lib/includes/gnutls/abstract.h: dropped unused copy_func

2014-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/gnutls-idna.h: silence warning

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, tests/cert-tests/Makefile.am, tests/cert-tests/crq: 
	Added check with the invalid crq sent by Sean Burford

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ecc.c: when exporting curve coordinates to X9.63
	format, perform additional sanity checks on input Reported by Sean Burford.

2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: doc update

2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext/session_ticket.c, lib/gnutls_mem.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: exported
	gnutls_memset()

2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc: updated text
	on session tickets

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: tools: include arpa/inet.h in socket.c

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-dtls.c: doc: use the same port for DTLS
	client and server

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: pass the correct user type to protected
	authentication login

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: corrected values for INSECURE level

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c: 
	pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags

2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c: 
	pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: pkcs11: perform reauth at the appropriate
	state

2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h: pkcs11_login: set the correct user
	type on reauthentication

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/unistd.in.h, src/gl/unistd.in.h: applied patch by A. Klitzing
	to improve compatibile with some apple systems Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
	force login on tokens that require it

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: always set slot_info

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-openssl: testcompat-openssl: disable
	SSL 3.0 as it is not supported on debian

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main-polarssl: fixed polarssl compatibility
	checks on debian

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.c: 
	pkcs11: eliminated the need for struct token_info

2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: added
	support for PKCS #11 keys that require reauthentication and
	simplified pkcs11_login

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c: gnutls-cli-debug: clarified text

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/{testcompat-main =>
	testcompat-main-openssl}, tests/suite/testcompat-main-polarssl,
	tests/suite/{testcompat => testcompat-openssl},
	tests/suite/testcompat-polarssl: tests: separated the two testcompat
	tests (openssl/polarssl)

2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c: added missing comma

2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: gnutls-cli-debug: corrected heartbeat check

2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
	negatives

2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
	negatives

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main: tests: added interoperability tests
	with openssl's PSK

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_constate.c, lib/gnutls_int.h: corrected calculation for
	max send data and other uses of _gnutls_cipher_type()

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphers.c: modernized cipher table

2014-11-05  Chen Hongzhi <hongzhi.chen@me.com>

	* lib/x509/pkcs12.c: Fix double-free in gnutls_pkcs12_simple_parse() Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cipher.c: simplified checks for EtM

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/anonself.c: tests: enhanced test to check the return value
	of gnutls_record_send()

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509-2.c: tests: Added unit tests for
	gnutls_certificate_get_ours in mini-x509-2

2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_session.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/includes/gnutls/gnutls.h.in: introduced
	GNUTLS_MAX_SESSION_ID_SIZE

2014-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/mytexi2latex: mytexi2latex: handle na@"ive

2014-11-04  Chris Barry <chris@barry.im>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi,
	doc/cha-cert-auth2.texi, doc/cha-errors.texi, doc/sec-tls-app.texi: 
	Cleaning up some awkward phrasings.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-record-failure.c: tests:
	Added test for MAC verification checks

2014-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/etm.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: EtM
	fixes: it only applies to block ciphers

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c: gnutls-cli-debug: reorganized output

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c: moved the HTTPS server name outside
	of verbose tests; only run when the HTTPS protocol is used

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/common.c, src/common.h, src/tests.c: enhanced
	gnutls-cli-debug verbose output (uses files for mass text)

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
	tests for EtM and extended master secret support In addition reworked the output for existing tests.

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: tools: only warn of an error if it is fatal

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main, tests/suite/testcompat-polarssl: 
	testcompat: increased the number of test cases checked

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/alpn.c: updated text

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-polarssl: testcompat-polarssl: try to run
	the test only if polarssl binaries are available

2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-common, tests/suite/testcompat-polarssl: 
	testcompat: check the PSK ciphersuite interoperability against
	polarssl

2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/testcompat,
	tests/suite/testcompat-common, tests/suite/testcompat-main,
	tests/suite/testcompat-polarssl: testcompat: added interop tests
	with polarssl

2014-11-03  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/system_override.c: doc: Added missing reference for EMSGSIZE
	to inline documentation of gnutls_transport_set_errno().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-03  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/system_override.c: doc: Fixed typo in inline comment of
	gnutls_transport_set_errno().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/ext/Makefile.am, lib/ext/etm.c,
	lib/ext/etm.h, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_constate.c, lib/gnutls_extensions.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_session_pack.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/priority_options.gperf, src/common.c: Added support for RFC7366
	(encrypt then authenticate) It implements a revised version of RFC7366, to avoid
	interoperability issues:
	http://www.ietf.org/mail-archive/web/tls/current/msg14349.html This
	is currently enabled by default, unless %NO_ETM, or %COMPAT is
	specified.

2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/crypto-api.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_int.h, lib/gnutls_range.c: Made AEAD type an alternative
	to stream and block That way the terminology becomes closer to the TLS rfc.

2014-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: updated the text for
	GNUTLS_E_UNSUPPORTED_VERSION_PACKET

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/pkcs11-privkey.c: tests:
	Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11
	+ PIN

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: when calling gnutls_x509_crt_get_subject_key_id
	set the id_size

2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: deinitialize the temporary spki data

2014-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/init_fds.c: tests: added test for
	gnutls_global_init after all descriptors are closed

2014-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/random.h: 
	corrected check for urandom fd

2014-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: tests: dtls-stress: fix issues in the
	suite

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: Do not require a PIN callback in the
	certificate credentials when a password is specified

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: doc update

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: corrected exit state from gnutls_global_init

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: updated text for gnutls_fd_in_use() to
	account the new behavior

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/nettle/rnd-common.c: dropped
	gnutls_fd_in_use, it is no longer necessary

2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.h, lib/gnutls_global.c,
	lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c,
	lib/random.h: When gnutls_global_init() is called manually from the
	application check the urandom fd for validity That addresses the issue where a server closes all open file
	descriptors and then calls gnutls_global_init().

2014-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac, lib/nettle/rnd-common.c: Added support for
	getentropy() and reworked getrandom support

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: _gnutls_dh_generate_key() will account the q_bits

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dh.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_dh_params_import_raw2(), which
	allows to specify the number of bits for key size

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/nettle/rnd-common.c: use Linux' getrandom() when
	available

2014-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: use the random rnd context when refreshing the
	nonce context That avoids frequent reads from /dev/urandom.

2014-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: do not explicitly refresh rnd state on session
	deinit It is already being refreshed during the session lifetime.

2014-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: doc update

2014-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: increase the reseed time

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-selftests.c: tests: enhance cipher test to include tag
	verification error

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: better documented the new API

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: harmonise variable names

2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: disable hardware acceleration by default in solaris

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h: Improved support of
	draft-ietf-tls-session-hash-02.  Now the session hash is calculated correctly even when a client
	certificate is sent. That is, the session hash now does not take
	into account the CertificateVerify message.

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: doc update

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-crypto.texi: doc: list the AEAD API

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/crypto-api.c, lib/crypto-selftests.c,
	lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
	lib/libgnutls.map: Added a new simple to use AEAD API

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, m4/hooks.m4: the openssl compatibility library isn't built
	by default

2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/cpuid-x86.s,
	lib/accelerated/x86/elf/cpuid-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: do not use the ifdef
	directive in assembly files, as it isn't portable

2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cipher.c: eliminate IV size usage in TLS
	encryption/decryption; it was a remnant of salsa20

2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ext_master_secret.c: corrected likely macro usage Spotted by Manuel Pégourié-Gonnard.

2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.h, tests/mini-overhead.c: removed support for
	SALSA20 and for stream ciphers with IV The proposal was not adopted by the TLS WG, and the AEAD path will
	be used.

2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/priority_options.gperf: Added priority string %NO_TICKETS that
	disables session ticket support This is implied by the priority string PFS.

2014-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ext_master_secret.c, lib/gnutls_kx.c: do not negotiate nor
	use the 'extended master secret' in SSL 3.0 According to Alfredo Pironti support for that protocol will be
	dropped from the draft.

2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: compile 3.3.9 by default

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: always send the mandatory extensions (even
	in SSL 3.0) The only way to force no extensions and usage of SCSVs is the
	%NO_EXTENSIONS priority string.

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ext_master_secret.c: EXT MASTER SECRET moved to mandatory
	extensions

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am: check and use libnsl (used in
	solaris)

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/cpuid-x86.s,
	lib/accelerated/x86/elf/cpuid-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
	sources

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl: updated perl asm sources

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk: use the GNU-stack note in linux systems

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/gnulib-common.m4,
	gl/m4/manywarnings.m4, gl/m4/stdlib_h.m4, gl/m4/threadlib.m4,
	gl/m4/unistd_h.m4, gl/stdlib.in.h, gl/tests/fcntl.in.h,
	gl/unistd.in.h, gl/vasnprintf.c, maint.mk, src/gl/Makefile.am,
	src/gl/error.c, src/gl/getpass.c, src/gl/m4/extern-inline.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/stdlib_h.m4,
	src/gl/m4/unistd_h.m4, src/gl/parse-datetime.y, src/gl/stdlib.in.h,
	src/gl/sys_select.in.h, src/gl/unistd.in.h, src/gl/vasnprintf.c: 
	updated gnulib

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-get-issuer.c: tests: check the issuer value
	validity of gnutls_x509_trust_list_get_issuer

2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: corrected bug in
	gnutls_x509_trust_list_get_issuer() when used without the
	GNUTLS_TL_GET_COPY flag

2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: tests: include minitasn1 when needed

2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: use HAVE_DANE ifdef for unused functions

2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported gnutls_fd_in_use

2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: document gnutls_fd_in_use()

2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: gnutls_fd_in_use: mention version

2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: corrected FIND_OBJECT loop when the token
	func is used

2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/rnd-common.c, lib/random.h: added gnutls_fd_in_use() to
	check whether a file descriptor is in use

2014-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.h: added prototype to avoid compiler warning

2014-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: fips140-2: limit the FIPS code in fips mode

2014-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: fips140-2: use the FIPS algorithms only when in
	FIPS140-2 mode

2014-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/dtls-stress.c: dtls-stress: reindented code

2014-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/dtls-stress.c: tests: dtls-stress: only replay when
	send succeeds

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testsrn: testsrn: do not assume that SSL 3.0 is
	enabled by default

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
	test that checks the fallback from TLS 1.6

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/libgnutls.map: added _gnutls_hello_set_default_version() which
	allows to override the clienthello version

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: gnutls-cli: prevent the combination of the -p
	and --list options As -p may be mistaken for --priority that would prevent wrong
	outputs.

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: avoid d from getting out of scope

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/udp-serv.c: gnutls-serv: avoid possible buffer overrun

2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: avoid memory leak on
	gnutls_x509_privkey_generate() failure

2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli.c: gnutls-cli: added option
	--priority-list

2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: added gnutls_priority_string_list(), a function
	to iterate all priority strings

2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: put all priority strings into a table

2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: updated documentation for SSL 3.0 removal

2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: SSL 3.0 is no longer on the default
	priorities list

2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: in FIPS140-2 mode only disable
	1024-bit DSA parameters when generating

2014-10-14  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: guile: Remove trailing zero in
	'gnutls_server_name_set' call.  In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17),
	'set-session-server-name!' would pass a trailing nul character on
	the wire after the server name, which would thus be rejected by
	servers.

2014-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am: corrected libopt's Makefile.am reported by Marius Schamschula.

2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: use _gnutls_hash_fast() in DSA/ECDSA
	verification

2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/provable-prime.c,
	lib/nettle/int/rsa-keygen-fips186.c: FIPS140-2 RSA key generation
	changes to account for seed starting with null byte

2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/sha-x86-ssse3.c: corrected the SSSE3 optimized
	SHA224

2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: simplified getrusage code; the failure
	check code wasn't needed

2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/rsa-keygen-fips186.c: use lcm(p-1,q-1) instead of
	phi(n) for RSA key generation in FIPS-140-2 mode

2014-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509-extensions.c: tests: added check for import failure of
	v1 certificate with extensions

2014-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: do not allow importing X.509 certificates with
	version < 3 and extensions present

2014-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: update the guile manual along the C one

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.h, src/libopts/autoopts/options.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/intprops.h, src/libopts/m4/libopts.m4,
	src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c,
	src/libopts/option-value-type.h,
	src/libopts/option-xat-attribute.c,
	src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
	src/libopts/proto.h, src/libopts/stdnoreturn.in.h,
	src/libopts/version.c: updated to libopts 5.18.4

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c: place all rusage variables into
	HAVE_GETRUSAGE block

2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c: rnd: if RUSAGE_THREAD fails try
	RUSAGE_SELF

2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: removed last remnants of
	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE

2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-combo.c: tests: pkcs11-combo: use unique db
	file

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c: forbid heartbeat messages during a handshake

2014-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: 
	added internal variable to track handshake status

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool: avoid shadowing a global variable

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: removed flag
	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-is-known.c: tests: updated time in
	pkcs11-is-known

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: handle errors from override_cert_exts as
	fatal

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
	tests/test-chains.h: tests: allow running specific chainverify tests
	on fixed dates

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: _gnutls_check_valid_key_id: corrected
	activation/expiration check

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11:
	simplified and optimized loop

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-crypto.texi: mention nettle as the recommended crypto
	backend

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/pkcs11-combo.c: tests: Added
	check to ensure that trust list combination with extra certificates
	works

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: when both a trust module and additional
	CAs are present account the latter as well That solves an issue in openconnect which used the system trust
	module, plus additional certificates.

2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c, lib/x509/verify-high.h: simplify the
	handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not
	given

2014-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: tools: print the status of safe renegotiation and
	extended master secret

2014-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-x509.c, tests/resume.c: tests: check whether the
	extended master secret is negotiated by default

2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/Makefile.am, lib/ext/ext_master_secret.c,
	lib/ext/ext_master_secret.h, lib/gnutls_constate.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_session_pack.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added support
	for the extended master secret calculation That is performed implicitly unless GNUTLS_NO_EXTENSIONS is
	specified.  The implementation follows
	draft-ietf-tls-session-hash-02.

2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: corrected assignment

2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: corrected the name of exported function

2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-dtls-discard.c: tests: added check
	for gnutls_record_discard_queued()

2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_record_discard_queued() That function allows to discard queued data in DTLS.

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: corrected test for v1 cert signing
	(removed bogus authorityIdentifier)

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: only set the authority key identifier,
	if there is a corresponding subject key identifier

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: do not shortcut checks when
	GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: always
	check for a valid subjectKeyIdentifier match That way, expired certificates can co-exist with their replacements.

2014-10-06  Armin Burgmeier <armin@arbur.net>

	* tests/suite/pkcs11-chainverify.c: Add a test for PKCS11 CA
	iteration Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-10-06  Armin Burgmeier <armin@arbur.net>

	* lib/x509/verify-high.c: Also iterate over the CA certificates in a
	PKCS11 token Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-10-06  Armin Burgmeier <armin@arbur.net>

	* lib/x509/verify-high2.c: Return an error if multiple PKCS11 URLs
	are added to a trust list Before, the new URL would overwrite the old URL, and the memory of
	theold URL would be leaked. It is documented that only one URL can
	be used, so it should be safe to reject any attempt to add another
	one.  Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: when
	no CKA_ID can be relied on fallback on checking the
	SubjectKeyIdentifier Patch by David Woodhouse.

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 ECDH
	verification functions

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: removed unused definition

2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 DH
	verification functions

2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-is-known.c: tests: corrected check with
	gnutls_x509_trust_list_get_issuer

2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high2.c: corrected remove_pkcs11_url()

2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: address memory leak in gnutls_pkcs11_crt_is_known()

2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/pkcs11-is-known.c: tests:
	check gnutls_pkcs11_crt_is_known() when multiple same DNs are
	present

2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: when checking for presence do not give up on
	the first mismatch

2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high2.c: doc update: clarifications in
	gnutls_x509_trust_list_add_trust_file

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: corrected compilation for non-pkcs11;
	reported by David Woodhouse.

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: avoid calls in gnutls_init()

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_state.c: the handshake function has a timeout value by
	default

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/session_ticket.c: use wait and retransmit when receiving
	session tickets

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dtls/dtls, tests/dtls/dtls-stress.c: tests: added -r option
	to dtls-stress That allows it to replay messages in a kind of arbitrary way.

2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: report the FIPS140-2 mode

2014-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-get-issuer.c, tests/x509cert.c: tests: added
	check for GNUTLS_TL_GET_COPY

2014-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
	lib/x509/ocsp.c, lib/x509/verify-high.c: Added GNUTLS_TL_GET_COPY
	flag and documented the limitations of
	gnutls_x509_trust_list_get_issuer()

2014-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/stream.h: opencdk: changed filter_fnct_t to match the
	actual function prototypes

2014-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated news entry

2014-09-30  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: guile: doc: Remove erroneous @ifnottex.

2014-09-30  Ludovic Courtès <ludo@gnu.org>

	* NEWS: Add NEWS entry for Guile changes.

2014-09-30  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: guile: doc: Make it clear that the bindings
	are part of GnuTLS.

2014-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: if receiving a ChangeCipherSpec fails,
	return GNUTLS_E_UNEXPECTED_PACKET That is more precise than the current
	GNUTLS_E_UNEXPECTED_PACKET_LENGTH

2014-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.c: use __hidden in solaris to
	provide the hidden visibility attribute

2014-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.h: no need to define
	_gnutls_x86_cpuid_s

2014-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cipher.c, lib/nettle/cipher.c: use
	MAX_CIPHER_BLOCK_SIZE more consistently

2014-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow
	GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: gnutls_x509_trust_list_add_system_trust() will not
	allow duplicate entries

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c, src/tpmtool.c: more compiler warning fixes

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: enabled more warnings

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_dtls.h,
	lib/gnutls_privkey.c, lib/openpgp/output.c, lib/random.c,
	lib/system.c, lib/x509/ocsp_output.c, lib/x509/pkcs12.c,
	src/certtool.c, src/cli.c: fixed compilation warnings

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high2.c: use _DIRENT_HAVE_D_TYPE to detect
	d->d_type

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: corrected type

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: don't both with checks for padlock in
	non-x86

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, lib/libgnutls.map,
	symbols.last: updated auto-generated files

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README-alpha, devel/abi.xml, devel/abi3.2.xml: run
	abi-compliance-checker prior to release

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: indented symbols

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: 
	protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an
	infinite loop on handshake

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: removed unused error values

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h: 
	restrict the number of non-fatal errors gnutls_handshake() can
	return

2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: optimized gnutls_error_is_fatal() by
	splitting the errors to two tables

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
	tests/openpgp-auth.c, tests/x509cert.c: use unsigned types in
	prototypes

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: enable gcc warnings by default

2014-09-23  Armin Burgmeier <armin@arbur.net>

	* tests/openpgp-auth.c, tests/x509cert.c: Check the credentials
	getter functions as part of the unit tests

2014-09-18  Armin Burgmeier <armin@arbur.net>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/verify-high.c: Add an interface to iterate the trusted CA
	certificates in a trust list Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-18  Armin Burgmeier <armin@arbur.net>

	* lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
	lib/openpgp/gnutls_openpgp.c: Add getter functions for openpgp keys
	and certificates Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Add functions to obtain X.509 keys and
	certificates from certificate credentials Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: enabled gnutls_privkey_export_pkcs11

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: Add functions to export X.509 and OpenPGP private
	keys from the abstract type Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map: 
	Add a function to obtain the trust list of a
	gnutls_certificate_credentials_t Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: doc update

2014-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h: removed
	gnutls_pcert_get_type()

2014-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: only enable crywrap if libidn is present

2014-09-22  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: guile: Restore cross-reference in
	'set-session-priorities!' docstring.  This had been destroyed in 32d90395.

2014-09-22  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm,
	guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add
	bindings for 'gnutls_server_name_set'.  This adds the 'set-session-server-name!' procedure and the
	'server-name-type' enum type.

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c, tests/suite/certs/create-chain.sh,
	tests/suite/pkcs11-chainverify.c, tests/test-chains.h: tests: Added
	checks for key purpose verification

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, lib/x509/common.h,
	lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: 
	Verify key purpose on intermediate certificate if
	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE is specified That introduces the verification flag
	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE, and the verification
	result GNUTLS_CERT_PURPOSE_MISMATCH. The reason that this
	verification test must be explicitly enabled is because it is only
	defined in CA Forum's Baseline requirements 1.1.9 but not any IETF
	document.

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: certtool: updated the extended key usage
	documentation

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: added missing prototype

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/abstract_int.h, lib/gnutls_privkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: introduced
	gnutls_privkey_import_ext3() That function allows copying an external specified private key, as
	well as allow variability on the capabilities of an external key.

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross.mk

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: when printing a certificate request also print
	its signature algorithm

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c: 
	added gnutls_x509_crq_get_signature_algorithm()

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h: Added missing prototype

2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/pkcs11_privkey.c: Added gnutls_pkcs11_privkey_cpy()

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Add gnutls_certificate_get_verify_flags Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: Add API to retrieve a X.509 or OpenPGP
	certificate from a gnutls_pcert_t Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-18  Armin Burgmeier <armin@arbur.net>

	* lib/x509/verify-high.c: Memory leak fix on certificate copy
	failure Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_ui.c: Fix a documentation typo Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, lib/accelerated/x86/files.mk: regenerated files.mk

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: libdane: do not require the CA to be a direct CA

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/scripts/common.sh, tests/suite/testpkcs11: tests: enhanced
	test suite to pass more of the PKCS #11 API under valgrind

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv-args.def, src/serv.c: gnutls-serv: added the --provider
	option

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: tools: corrected pin entry

2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: cleaned up memory deallocation in
	read_cert_url() That caused unexpected results when loading PKCS #11 URLs.  Reported
	by Joseph Peruski.

2014-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/certtool.cfg: updated certtool.cfg

2014-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: added checks with modified certificate This tests whether a modified of a DER certificate, that is
	cancelled out while we parse it, would result to a good signature.

2014-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: require explicit disabling of PKCS #11 in configure

2014-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: Added Armin's DCO

2014-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c, lib/x509/verify.c: updated details on
	certificate verification

2014-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: depend on p11-kit 0.20.7

2014-09-16  Armin Burgmeier <armin@arbur.net>

	* lib/x509/verify.c, tests/test-chains.h: Check for all error
	conditions when verifying a certificate This allows to check for all possible flaws with a certificate chain
	with a single call to gnutls_x509_crt_list_verify and friends.  Signed-off-by: Armin Burgmeier <armin@arbur.net>

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/pkcs11x.h: depend on p11-kit 0.20.6

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: removed unneeded set of status

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: pkcs11: when a signer isn't found in PKCS #11
	force the verification of the chain That allows obtaining any additional flags from the chain such as
	insecure algorithms or expirations.

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/psk.c: psktool: corrected resource leak on failure

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: added sanity check on cleanup

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/verify-tofu.c: removed unused variable

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: corrected typo in printing error

2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: correctly reallocate the read buffer Report and patch by David Woodhouse.

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-cert-auth.texi: updated documentation on PKCS #11 trust
	module verification

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c: 
	unified the key purpose checks functions

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/common.h,
	lib/x509/verify-high.c, lib/x509/verify.c: check for CAs with the
	same key in gnutls_x509_trust_list_add_cas That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA
	will overwrite any previous one with the same name and key.

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: hostname and key purpose checks were moved
	above CRL checks

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c, lib/x509/x509_ext.c: doc update

2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c: corrected gnutls_x509_crl_get_raw_issuer_dn()

2014-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/scripts/common.sh: tests: use the PID number in RPORT The shell's RANDOM isn't that random.

2014-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c: updated libtasn1

2014-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: documented the environment variables

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/pkcs11.c, lib/pkcs11x.c, lib/pkcs11x.h: simulate
	pkcs11x.h when it doesn't exist

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/crlverify.c: tests: Added crlverify to
	check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/certs/create-chain.sh: create-chain.sh: generate CRL

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
	invalid status Reported by Armin Burgmeier.

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always
	set the invalid status" This reverts commit a922ee10c5f3902988e5730a1e6fbf77b033058c.

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
	invalid status Reported by Armin Burgmeier.

2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: doc update

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11x.c: added missing file

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: print Attached Extensions, instead of
	extensions

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: when adding a duplicate certificate, keep
	the last entry

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.h,
	lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h: added
	gnutls_pkcs11_copy_attached_extension()

2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-get-issuer.c: pkcs11-get-issuer: do not
	hardcode the chain number, use its name

2014-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: Revert
	"corrected planned version number" This reverts commit 5e44f432580f8b9533223acc3060db26446f0e96.

2014-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509-ext.h, lib/libgnutls.map,
	lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
	src/pkcs11.c: fixes in the extension handling

2014-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: will print trust module extensions if
	present

2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: 
	check the key purpose of the CA certificate when in pkcs11 cert
	validation

2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.c, lib/pkcs11_int.h, lib/x509/common.h,
	lib/x509/output.c, lib/x509/x509_ext.c: allow retrieving extensions
	in a trust module using
	GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT

2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/verify-tofu.c, lib/x509/common.h, lib/x509/extensions.c,
	lib/x509/ocsp.c: export x509_crt_to_raw_pubkey() in x509/common.h
	and prefixed s/get_extension with _gnutls

2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: doc update

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: corrected
	planned version number

2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/verify-high.c: gnutls_x509_trust_list_verify_crt2 is in par
	with gnutls_certificate_verify_peers That is, it accepts a list of gnutls_typed_vdata_st and allows for
	flexibility.

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_ext.c: doc update

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c,
	lib/x509/x509.c: Added gnutls_x509_crt_get_extension_by_oid2() and
	gnutls_x509_crq_get_extension_by_oid2()

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/verify-high.c: Added
	gnutls_x509_trust_list_verify_purpose_crt()

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tpmtool.c: tpmtool: corrected key password read

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/danetool.c: set umask prior to calling mkstemp

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: initialize verification output to zero

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: dtls: when discarding packet, discard the
	correct number of bytes

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/hostname-verify.c: check_ip: initialize ret

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/tpm.c: gnutls_tpm_privkey_generate: initialize input values to
	null to prevent any issue

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: do not dereference find_data->p_list in pkcs11
	callback

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: corrected issue in fips RNG

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: added comment to clarify check

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/literal.c: opencdk: corrected unsigned comparison

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/tpm.c: fixes in loop for SRK password input

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: apps: corrected GNUTLS_PIN reading

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_dir:
	corrected CRL loading error

2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: corrected copy+paste error

2014-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/suppressions.valgrind, tests/suppressions.valgrind: 
	tests: simply valgrind suppressions for libidn

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dsa/testdsa, tests/openpgp-certs/testcerts,
	tests/scripts/common.sh, tests/suite/testcompat-main,
	tests/suite/testpkcs11, tests/suite/testsrn: use random ports in
	tests, unless a port is provided

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: corrected usage of readdir_r()

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool: better error message

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: reentrant fixes for
	gnutls_x509_trust_list_add_trust_dir() handle unknown file types

2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc update

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: optimized escaped comma handling

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4, tests/ocsp.c: require libtasn1 3.9 or later That is because of the ocsp fix.

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/crq_apis.c: tests: extended crq API checks

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_write.c: doc update

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: when setting a DN properly handle spaces and
	escaped commas

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: simplified _gnutls_x509_get_signed_data()

2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/x509.c: The get_raw_dn() functions were modified to work
	even if the certificate is generated (not imported)

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dtls.c: Disallow zero fragments in DTLS for packets
	which have data.  Reported by Manuel Pégourié-Gonnard.

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/mini-dtls-lowmtu.c: tests: Check the
	behavior of a DTLS server in a low-mtu scenario.  http://permalink.gmane.org/gmane.network.gnutls.general/3582

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/vasprintf.c: steal openconnect's vasprintf()
	implementation

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff
	Lee

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
	libtasn1

2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/ocsp.c: tests: Added tests on the invalid OCSP response

2014-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: fips140: check the integrity of GMP

2014-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.h, lib/x509/verify.c: when comparing an
	end-certificate with the trusted list compare the entire certificate

2014-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test-chains.h: tests: Added test for amazon.com chain with
	new verisign CA.

2014-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crl.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h: when comparing a CA
	certificate with the trusted list compare the name and key That is to handle cases where a CA certificate was superceded by a
	different one with the same name and the same key. That can happen
	when an intermediate CA certificate is replaced by a self-signed
	one.

2014-09-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/fips.h, lib/gnutls_global.c,
	lib/nettle/int/dsa-fips.h: perform the FIPS140-2 self tests in two
	rounds One round is before the AES acceleration is registered, and the
	second is after. That is to allow testing of the AES implementation
	used in the DRBG. That is a hack until nettle handles all cipher
	acceleration.

2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: do not check CN
	when a DNSname is available

2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.h: 
	drbg-aes: added checks in the error handling of the functions That coverts the instantiate and generation functions.

2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: fips140: fail on encryption test failure

2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c: drbg-aes: if the continuous test fails,
	put the library into error state

2014-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, doc/cha-upgrade.texi, doc/latex/cover.tex: 
	small doc updates

2014-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-tokens.texi, doc/latex/cover.tex: doc:
	fixes in sectioning for p11tool and tpmtool invocation

2014-08-29  Tristan Matthews <le.businessman@gmail.com>

	* lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: p11tool: allow printing multiple types of tokens

2014-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/hostname-verify.c: remove text not applicable in that
	version

2014-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/hostname-verify.c: refer to rfc6125

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: additional sanity check in RSA key generation
	testing in FIPS-140-2 mode The encrypted data are checked to differ from the plaintext, to
	prevent any issues with an accidental null encryption.

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: when in FIPS140-2 mode switch the library to
	error state if key generation fails

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new
	allocations and keep a pointer to the DER data for DN

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when
	importing a CRL keep the DER data

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when
	importing a certificate, keep the DER data

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/session_ticket.c: doc update

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk, configure.ac, devel/openssl,
	lib/accelerated/x86/Makefile.am, lib/accelerated/x86/x86-common.c: 
	added configuration option --disable-padlock That allows keeping hardware acceleration in x86 but without support
	for padlock.

2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Revert "updated
	asm sources" This reverts commit 97895066e18abc5689ede9af1a463539ea783e90.

2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: when listing tokens, list their type as
	well

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c: hide _gnutls_x86_cpuid_s

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
	sources

2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2() will import
	data in a single pass

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/suppressions.valgrind: tests: added more idna valgrind
	suppressions

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: when reading PKCS #11 objects, read multiple
	objects at a time That improves the performance significantly when reading from tokens
	with a significant number of objects. Reported by David Woodhouse.

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: do not fail the entire operation if a single
	object cannot be imported

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: allow objects without label or without ID

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/test-chains.h: tests: updated name constraints checks to not
	include a CN

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/name-constraints-err.pem,
	tests/cert-tests/name-constraints-err.pem.out,
	tests/cert-tests/verify-test: Revert "tests: Added a nameconstraints
	test based on the CN bypass" The bypass check was included in
	chainverify.  This reverts commit c9417bcc0614aaa2668486d294f5759b4082a23a.

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c, lib/x509/x509.c: doc update

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: only check name constraints in non-CA
	certificates

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: ignore constraints for different type
	than the checked

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/name-constraints-err.pem,
	tests/cert-tests/name-constraints-err.pem.out,
	tests/cert-tests/verify-test: tests: Added a nameconstraints test
	based on the CN bypass That was discussed in:
	http://permalink.gmane.org/gmane.comp.encryption.openssl.devel/26660

2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: when verifying name constrains
	enforce the single CN rule

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cross.mk: cross.mk: compile gnutls without p11-kit by default

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cross.mk: cross.mk: do not delete the pkgconfig directory

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/DCO/people-dco.txt: Added Alon's DCO link

2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/autoopts.h: check for stdnoreturn.h presence

2014-08-24  Alon Bar-Lev <alon.barlev@gmail.com>

	* tests/Makefile.am, tests/x509cert-tl.c: build: tests: x509cert-tl:
	support separate builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2014-08-24  Alon Bar-Lev <alon.barlev@gmail.com>

	* lib/gnutls_privkey.c: build: condition pkcs11 block Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: record: tolerate a finished packet with
	errors in DTLS

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: record: in DTLS discard only messages that
	cause unexpected packet errors

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/suppressions.valgrind: tests: suppress more libidn
	warnings

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: danetool: ensure the temporary file is always
	removed

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/server_name.c, lib/includes/gnutls/gnutls.h.in: the
	server_name extension will convert input and output names to IDNA.

2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/socket.c: tools: use idna_to_ascii_8z() to
	convert internationalized hostnames

2014-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/gnutls-idna.h, lib/x509/hostname-verify.c,
	lib/x509/output.c: hostname-verify: use idn_free()

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.c: doc update

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: prevent 1024-bit DSA
	parameter generation only when FIPS-mode is enabled.

2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: Revert "removed pbits=1024,
	qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter
	generation." This reverts commit 110527d9bb9ca70a66ae8173769067f133fd3cf7.

2014-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c: use the windows API in windows even if iconv is
	available

2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: win32: updated Makefile and added the ability build
	openconnect

2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for the correct version of libidn

2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/hostname-check.c: tests: Added case sensitive checks in
	hostname verification

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/suppressions.valgrind: tests: copied valgrind
	suppressions to suite

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c: updated libtasn1

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suppressions.valgrind: tests: suppress valgrind warnings due
	to libidn

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/gnutls-idna.h,
	lib/x509/hostname-verify.c, lib/x509/output.c: 
	gnutls_x509_crt_print() will print the IDNA A-label names as well.

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/hostname-check.c: tests: added UTF-8 hostname comparison
	checks

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/x509/hostname-verify.c: Added
	support for RFC6125 hostname comparison That adds the dependency on libidn.

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/{rfc2818_hostname.c =>
	hostname-verify.c}: renamed rfc2818_hostname to hostname-verify The file no longer follows RFC2818.

2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c: updated minitasn1

2014-08-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/x509.c, lib/x509/x509_int.h: Safer reinitialization of
	structures on re-import to avoid memory leaks.  That also adds the gnutls_pkcs7_t structure into the list of allowed
	to re-import.

2014-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: doc update

2014-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: doc update

2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h: 
	Re-initialize the ASN.1 structures on every import That allows to import a key/certificate on a structure even if the
	previous import failed.

2014-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli.c: gnutls-cli: added --fips140-mode
	command line option That option will report the status of the FIPS140-2 mode in the
	library.

2014-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: The environment variable GNUTLS_FORCE_FIPS_MODE can be
	used to force the FIPS-140-2 mode

2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: gnutls-cli/danetool: corrected check on ipv6 IPs

2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c: Follow the rfc6125 requirement that a
	single CN must be present for hostname verification.  Follow up on the original commit that simplifies checking for more
	than a single hostname.

2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/cli.c, src/common.h, src/danetool.c: 
	gnutls-cli/danetool: added a common check for hostname being an IP

2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Follow the
	rfc6125 requirement that a single CN must be present for hostname
	verification.

2014-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/hostname-check.c: tests: check that
	gnutls_x509_crt_check_hostname() will correctly use the last CN when
	multiple

2014-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c: when checking the hostname of a
	certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David
	Woodhouse.  https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-cipher.c: gnutls-cli: more organized printing of
	cipher benchmark output

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: gnutls-cli: removed salsa20 from the
	benchmarked ciphers

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: bumped current and age version to allow 3.3.x
	releases with new symbols

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12_encr.c: _gnutls_pkcs12_string_to_key(): enforce a
	block size of 64-bytes

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/mac.c, lib/libgnutls.map: 
	mac_to_entry -> _gnutls_mac_to_entry

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: gnutls_pkcs11_obj_flags_get_str: mention UNWRAP

2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12.c: pkcs12: added check for null OID in
	gnutls_pkcs12_generate_mac2

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12_encode.c: tests: check gnutls_pkcs12_generate_mac2()

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
	lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_generate_mac2() That allows a choice on the MAC algorithm to be used.

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: --p12-info will provide information on
	the MAC algorithm

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
	lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_mac_info to obtain
	information on the MAC

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to
	keys tests for new internal API

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12: 
	tests: test the decoding of a PKCS #12 structure with SHA256 MAC

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow
	verification with structures that support other than HMAC-SHA1 MACs.

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/gc.c: tests: remove test for nettle's pbkdf2; this is tested
	in nettle

2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12.c: updated doc for gnutls_pkcs12_simple_parse()

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: testdane: re-enabled DANE checks and added
	checks on SMTP

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: danetool: obtain certificate only once

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
	modified prototype and doc to be recognized by doc parser

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug-args.def, src/danetool-args.def, src/socket.c: 
	danetool/gnutls-cli-debug: added support for imap starttls

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug-args.def, src/cli-debug.c: gnutls-cli-debug:
	supports SMTP starttls

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h: 
	danetool: supports SMTP starttls

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool-args.def, src/danetool.c, src/socket.c: danetool:
	improvements in information presentation

2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: libdane: disable debugging mode

2014-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: updated documentation for
	gnutls_handshake()

2014-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli.c, src/danetool.c,
	src/ocsptool-common.c, src/socket.c, src/socket.h,
	tests/suite/testdane: danetool: if the certificate to verify against
	is not provide it try to obtain it

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c,
	lib/x509/pbkdf2-sha1.h, lib/x509/privkey_openssl.c,
	lib/x509/privkey_pkcs8.c, tests/gc.c: pbkdf2: removed internal
	implementation, use nettle's

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pk.c: protect _gnutls_params_get_rsa_raw() from
	crashing when exporting an RSA public key That could happen in case of PKCS #11 abstract keys.

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: corrected typo

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: added --info parameter That allows obtaining information on a specific object.

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: pkcs11: added
	GNUTLS_PKCS11_OBJ_ATTR_MATCH flag This flag allows listing only the tokens that match the URL.  That
	is, this performs an object URL comparison, rather than a token URL
	usage.

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool.c: p11tool: only print the debugging message in
	debuglevel > 4

2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: check CKA_UNWRAP as well for enabling
	GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP

2014-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: removed reference to UMAC

2014-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: removed references to SALSA20

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: doc update

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: rearranged checks to avoid
	wrong deletions

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: simplified pkcs11_privkey handling A PKCS #11 always holds an open session to the key.

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	src/pkcs11.c: gnutls_pkcs11_flags_get_str ->
	gnutls_pkcs11_obj_flags_get_str

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-get-issuer.c: 
	tests: ensure that no environment variables confuse softhsm

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: test the trusted and ca flags
	being set

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/p11tool.c, src/pkcs11.c: 
	pkcs11: added new functions to query the object's flags gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags,
	and gnutls_pkcs11_flags_get_str() allows printing them.

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h: pkcs11.h: introduced
	gnutls_pkcs11_obj_flags

2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: exit if
	export_pubkey_of_privkey fails

2014-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: simplify the passing of flags and pass the key wrapping
	flag

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: README: removed gmplib 4.2.2 reference

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: gnutls-cli: TLS benchmark parameters were
	updated

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: 
	_gnutls_privkey_get_mpis: extended to work for PKCS #11 keys

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_privkey.c: doc update

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/pkcs11_privkey.c, src/pkcs11.c: changed semantics of
	gnutls_pkcs11_privkey_get_pubkey; named
	gnutls_pkcs11_privkey_export_pubkey

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_get_pubkey: return
	GNUTLS_E_INVALID_REQUEST on invalid params

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool.c: p11tool: activate the --batch option

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: Test the export of public key

2014-08-06  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	add public key export to p11tool Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

2014-08-04  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/pkcs11_privkey.c: add pubkey export from private key in pkcs11
	subsystem There are cases where we need to export the public key of private
	key at a later time. Previously, the public key was only available
	immediately after creation of a key pair. This patch allows to
	retrieve the public key of a private key at any time after creation.  Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: documented flags format

2014-08-04  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: improve
	compatibility in pkcs11 key generation * add key wrap/unwrap key usage * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and
	CAMELLIA to the list of default ciphers

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: mention profile in security parameters
	table

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/DCO/people-dco.txt: Added people who have sent a DCO for
	gnutls

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: pkcs12: fixes in decryption with null
	password

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: free unused variables

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs8-decode/Makefile.am,
	tests/pkcs8-decode/suppressions.valgrind: added missing file

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: print more information on PKCS #12
	structures.  use gnutls_pkcs12_bag_enc_info to print more information on
	encrypted PKCS #12 structures.

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
	lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
	lib/x509/x509_int.h: added new function to obtain information on a
	PKCS #12 encrypted bag New function: gnutls_pkcs12_bag_enc_info()

2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: doc update

2014-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: default pkcs-cipher is now 3des as in
	PKCS #12

2014-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/privkey_pkcs8.c,
	src/certtool.c: gnutls_pkcs8_info: will return OID value even on
	unsupported structures

2014-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c, lib/x509/x509.c: doc: replaced non-0 with
	non-zero

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/certtool-args.def: doc update

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: simplified decrypt_data() and initialize
	parameters on decryption

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: further increase iteration count

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c, tests/pkcs8-decode/Makefile.am,
	tests/pkcs8-decode/openssl-3des.p8.txt,
	tests/pkcs8-decode/openssl-aes128.p8.txt,
	tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8: 
	certtool: improved PKCS #8 information printing

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs8-decode/Makefile.am,
	tests/pkcs8-decode/openssl-3des.p8,
	tests/pkcs8-decode/openssl-3des.p8.txt,
	tests/pkcs8-decode/openssl-aes128.p8,
	tests/pkcs8-decode/openssl-aes128.p8.txt,
	tests/pkcs8-decode/openssl-aes256.p8,
	tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8: 
	tests: added more PKCS #8 decoding tests

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: small fixes and
	optimizations in PKCS #8 information

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: added --p8-info
	option

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: added new functions
	to obtain information on PKCS #8 structures.  Added gnutls_pkcs8_info(), gnutls_pkcs_schema_get_name(), and
	gnutls_pkcs_schema_get_oid().

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: PKCS #8 encryption
	support was made more compact and manageable

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12.c: pkcs12: increased the number of iterations for
	MAC

2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/atfork.c: removed debugging info

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/atfork.h, lib/nettle/rnd-common.c, lib/system.h,
	lib/x509/verify-high2.c: several windows compilation fixes

2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: use _SYM_EXPORT to
	export other than function symbols

2014-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
	src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.c, src/libopts/autoopts.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
	src/libopts/check.c, src/libopts/compat/compat.h,
	src/libopts/compat/windows-config.h, src/libopts/configfile.c,
	src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
	src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
	src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
	src/libopts/load.c, src/libopts/m4/libopts.m4,
	src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c,
	src/libopts/nested.c, src/libopts/numeric.c,
	src/libopts/option-value-type.c, src/libopts/option-value-type.h,
	src/libopts/option-xat-attribute.c,
	src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
	src/libopts/parse-duration.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
	src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
	src/libopts/stack.c, src/libopts/streqvcmp.c,
	src/libopts/text_mmap.c, src/libopts/time.c,
	src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c: 
	updated to libopts 5.18.3

2014-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath, build-aux/gendocs.sh,
	doc/gendocs_template, gl/m4/gnulib-common.m4, gl/m4/intl.m4,
	gl/m4/po.m4, gl/m4/printf.m4, gl/m4/valgrind-tests.m4,
	gl/tests/fcntl.in.h, maint.mk, src/gl/error.c, src/gl/m4/dup2.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/printf.m4, src/gl/mktime.c,
	src/gl/select.c, src/gl/xalloc.h: updated gnulib

2014-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs12.c: updated documentation for
	gnutls_pkcs12_simple_parse

2014-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac: master now holds the 3.4.0 release

2014-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/atfork.c, lib/atfork.h,
	lib/gnutls_global.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c,
	lib/pkcs11.c: Use pthread_atfork() and variants to detect fork

2014-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/inet_pton.c, lib/system.h,
	lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and
	inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of
	the library.

2014-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-cert-auth.texi: Added text on PKCS #11 verification

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/ocsp.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/x509.h: removed comma at the end of enumerations That patch allows compilers that don't support C99 syntax to compile
	applications that use a header of gnutls. Report and patch Ryan
	Schmidt.

2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, doc/Makefile.am: check for sed in
	configure.ac and use the output variable in Makefiles

2014-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: doc update

2014-07-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dane.c: tests: dane: add flag DANE_F_IGNORE_LOCAL_RESOLVER
	to dane_state_init That prevents unbound from complaining in systems where no DNSSEC
	functionality is present.

2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: doc update

2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: added libdane/includes to includes dir

2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.3.6

2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Added
	missing functions

2014-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: bumped library version

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: libdane: simplified initialization of variables.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: libdane: bogus and secure values are always
	initialized in dane_query_to_raw_tlsa

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/dane.c: tests: eliminated leak from dane check

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: libdane: use gnutls_malloc() and doc update

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/dane.c: Added self test for DANE raw
	functions

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/danetool-args.def, src/danetool.c: danetool: added option to
	print the raw entries.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: doc update

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: moved _gnutls_prf_raw to FIPS140 symbols

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-padlock.c: Added sanity check on padlock AES
	IV set.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c, lib/libgnutls.map: fips140-2: Added
	_gnutls_prf_raw() which can calculate the TLS PRF without depending
	on a session structure.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: fips140-2: do not check the libtasn1's integrity

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: RSA-PSK ciphersuites are only
	allowed in TLS 1.0.  That is because they implement the EncryptedPreMasterSecret encoding
	according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding,
	and there can be ambiguities when using that over SSL 3.0.  See:
	http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: gnutls_priority_init: set err_pos prior to
	any action That allows a valid err_pos, even on a memory allocation error.
	Reported by Dan Fandrich.

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: updated TODO

2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: minimum version was changed to TLS
	1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines
	usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when
	returned on reinitialization

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/x509cert-dir/ca.pem, tests/x509cert-tl.c: 
	tests: x509cert-tl checks gnutls_x509_trust_list_add_trust_dir()

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: doc update

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_certificate_set_x509_trust_dir()

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c,
	lib/x509/verify-high2.c: Added
	gnutls_x509_trust_list_add_trust_dir() This essentially exports the functionality to read from a directory
	with trusted certificates.

2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/system.c: Allow specifying a directory as trust
	store

2014-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-07-10  Simon Arlott <sa.me.uk>

	* libdane/dane.c, libdane/includes/gnutls/dane.h,
	libdane/libdane.map: libdane: add function dane_query_to_raw_tlsa This function converts a dane_query_t into the parameters needed for
	dane_raw_tlsa() to make it easy to copy the results of the
	(synchronous) lookup query from one process to another.  This code allocates an unnecessary extra NULL entry for
	dane_data_len to avoid trying to malloc 0 bytes if q->data_entries
	is 0 (it is possible for malloc/calloc to return NULL when requested
	to allocate 0 bytes).  Signed-off-by: Simon Arlott

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: FIPS140-2 tests: no need for MD5 check

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: FIPS140-2 tests: removed redundant checks We keep on check per cipher which is required, and avoid multiple
	(and time-consuming) tests.

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c: Allow specifying
	GNUTLS_CPUID_OVERRIDE in either hex or decimal.

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c: Added option to disable any cpu
	optimizations

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c,
	lib/accelerated/x86/x86-common.h: simplified housekeeping of CPUID
	registers

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/x86-common.c: Allow overriding the detected
	CPUID using the GNUTLS_CPUID_OVERRIDE environment variable

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: FIPS140-2 tests: Added pairwise consistency
	check for RSA encryption

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with DSA-2048
	and DSA-3072 bit keys, as well as SHA256.

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with RSA-2048
	and RSA-3072 bit keys

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: tests: check RSA with SHA256

2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: FIPS140-2 mode: test whether RSA
	encrypted data differ from plaintext

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: FIPS140-2 mode: enforce the minimum GCM IV
	size required by SP800-38D (section 8.2)

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c, src/p11tool-args.def,
	src/p11tool.c: p11tool/certtool: Added --curve parameter.  The curve parameter allows to explicitly specify the curve to use
	when generating a key.

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set
	CKA_EC_PARAMS when generating an ECDSA key

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: only print warning about key sizes in RSA
	keys

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: make brief output more brief

2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/mpi.c, lib/nettle/pk.c: mpi: use zeroize_key() instead
	of memset()

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: dane: Skip DANE entries that may contain unknown
	info That would allow skipping any future entries without failing.
	Reported by Simon Arlott.

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain.  Reported by
	Simon Arlott.

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv-x509.c: examples: mention that
	gnutls_global_init() is optional

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc: mention and link to trust storage module

2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-tokens.texi: doc update

2014-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as
	a sanity check for valid keys.  There can be keys where the id or label is empty and thus with zero
	length.

2014-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: Increased number of attributes

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: try to restart on session errors, to avoid
	having a failed call.

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: corrected pkcs11 reinitialization

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: If we get a PKCS #11 session error,
	invalidate the cached session.

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: set the maximum value when printing
	library_description

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_privkey.c: On fork invalidate the PKCS
	#11 privkey cached session

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted
	and private objects, and there is no one-size fits all policy. Thus
	allow a proper failure and warn the user that so-login may be
	required.

2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: Try to write the trusted
	object both by so-pin and normal pin

2014-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: tests: testpkcs11: temp parameters are
	deleted after generation

2014-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am: tests: added testpkcs11.sc-hsm

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/pkcs11.c: p11tool: use GNUTLS_PIN and
	GNUTLS_SO_PIN when setting the PINs of an initialized token.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/gendh.c: tests: gendh: increased the DH prime size to
	allow usage under FIPS140-2 mode

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: tools: when in batch mode and no PIN, print a note
	about using the environment variables

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq_key_id.c: tests: crq_key_id: increased generated DSA key
	size and changed hash to SHA256 That allows the test to operate under the FIPS140-2 mode.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq_key_id.c: tests: improved error reporting in crq_key_id

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-upgrade.texi: doc: properly terminate table

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: removed pbits=1024, qbits=160
	from the acceptable bit sizes in FIPS140-2 DSA parameter generation.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c, src/common.c, src/common.h, src/danetool.c,
	src/pkcs11.c, src/serv.c: tools: PIN callback will respect batch
	mode and will not ask for PIN.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
	src/p11tool.h, src/pkcs11.c: p11tool: Ask for label if not
	specified.  Added --batch parameter to disable interaction.

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: If there is
	only a single token available, don't bother complaining about
	specifying the correct URL

2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.h: updated comment

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: certtool: document that URLs are supported

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: document GNUTLS_SO_PIN env variable

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/testpkcs11,
	tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
	tests/suite/testpkcs11.softhsm: tests: improved testpkcs11 suite

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: 
	gnutls_pkcs11_privkey_generate2(): corrected public key extraction
	(for ECDSA keys)

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading
	security officer's PIN

2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
	src/pkcs11.c: p11tool: added options --set-pin and --set-so-pin These allow for an non-interactive --initialize process.

2014-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4
	and IPv6 address matching.

2014-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/long-session-id.c: tests: long-session-id: ignore SIGPIPE

2014-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: doc: Added text on upgrading to 3.3.x from
	3.2.x

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/rfc2818_hostname.c: do not exit the loop in case a name
	doesn't fit into our buffer.

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/rfc2818_hostname.c: when verifying an IP, also verify it
	as a hostname There are several misconfigured servers that placed their IP as a
	DNS name. Pointed out by David Woodhouse.

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: supress warnings

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/x509/rfc2818_hostname.c: check of inet_pton
	instead for AF_INET6

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP
	addresses.  The old dumb code is used in systems that don't have that function.

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/hostname-check.c: tests: Added test cases for IPv4/6
	matching.

2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname()
	checks text ip addresses as well.  That aligns the documentation with the implementation. Reported by
	David Woodhouse.

2014-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: initialize str to NULL

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c: fixed documentation

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/aki, tests/cert-tests/pathlen,
	tests/cert-tests/pem-decoding, tests/suite/crl-test,
	tests/suite/invalid-cert, tests/suite/testcompat-main,
	tests/suite/testrandom: tests: better replacement of LIBTOOL
	variable in scripts

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: tests: ship certs/

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: added new
	symbols

2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2014-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-args.def, src/serv.c: gnutls-serv: removed the
	--print-cert option; the cert was anyway being printed.

2014-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: doc update

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: corrected typo

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c: minitasn1: updated to version 4.0

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: updated documentation

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: Warn when no --outfile has been specified
	on key generation

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs12-decode/pkcs12: tests: Added new tests on PKCS #12
	structure generation and decoding.

2014-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c: certtool: allow specifying
	the friendly name on the command line and use the
	load-ca-certificate

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: warn in more operations if --login is not
	specified

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/pkcs11.c: p11tool: No longer assume a default URL for
	operations.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: p11tool: Do not allow a newline as PIN.

2014-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: avoid callig _gnutls_bin2hex() when length
	is zero.

2014-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* THANKS: updated thanks file

2014-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: clarified license text

2014-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: Do not try to load the system CA trust if
	--insecure is specified.

2014-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_srp.c: doc: more consistent use of pointer star.

2014-06-16  Attila Molnar <attilamolnar@hush.com>

	* lib/gnutls_srp.c: doc: Explain post-callback deallocation behavior
	for the SRP server callback Signed-off-by: Attila Molnar <attilamolnar@hush.com>

2014-06-16  Attila Molnar <attilamolnar@hush.com>

	* doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: doc:
	Correct comment about ignoring certs in the SRP server example Point readers to another example for a way to validate certificates
	in both the SRP and the X.509 server example Signed-off-by: Attila Molnar <attilamolnar@hush.com>

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_record.c, lib/gnutls_record.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	src/benchmark-tls.c, tests/anonself.c: gnutls_packet_get() was
	introduced to avoid exporting a structure on the API.  That change will allow exporting more info associated with a packet
	in the future.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: treat the _gnutls_user_hello_func() output
	the same on resumed sessions.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-chainverify.c: Test the return code of
	gnutls_x509_trust_list_add_trust_file() when loading a PKCS #11
	token.  Check whether the return code of
	gnutls_x509_trust_list_add_trust_file() is non-zero when
	certificates are present.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_file():
	returns the number of certificates present when loading a PKCS #11
	URL.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	p11tool: Allow marking a certificate as a CA.

2014-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: Added flag
	GNUTLS_PKCS11_OBJ_FLAG_MARK_CA.  That flag allows to mark a certificate in the token as a CA
	(category==CA)

2014-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE: coding style: update the DCO text

2014-06-15  Attila Molnar <attilamolnar@hush.com>

	* lib/gnutls_state.c: doc: Corrections for
	gnutls_handshake_set_hook_function()

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-intro-tls.texi: doc: updated text for the ALPN
	experimental protocols

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-intro-tls.texi: doc: Avoid listing the extensions as they
	are duplicated in the section index.

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/eagain-common.h,
	tests/mini-x509-callbacks-intr.c: tests: Added check for the
	interrupted post client hello.

2014-06-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/gnutls_v2_compat.c: handshake: Allow the post client hello
	callback to put the handshake on hold That is, when the callback returns GNUTLS_E_AGAIN or
	GNUTLS_E_INTERRUPTED the handshake will return GNUTLS_E_INTERRUPTED,
	and can be resumed when needed.

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: use the new API for receiving data

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/anonself.c: Adapted test to check
	gnutls_record_recv_packet().

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_record_recv_packet() and gnutls_packet_deinit() These functions allow for a faster variant of gnutls_record_recv(),
	i.e., a variant that eliminates the data memcpy().

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: Use proper HTTP request

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: When decoding of a DN string fails, treat it as
	unknown string and print its hex value.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: Print errors but avoid being verbose on
	stderr

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: avoid sizeof() on lbuffer

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: certtool: ensure that allocated buffer has
	a minimum size of 64kb.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: Added option
	--stdout-info

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: initialize iterator.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c: corrected the allocation size for CRL iterator.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/crl-test,
	tests/suite/crl/long.pem: Added test for CRL decoding.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c,
	lib/x509/x509_int.h: Made gnutls_x509_crl_iter_crt_serial()
	thread-safe by making the iterator explicit.

2014-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/suite/Makefile.am, tests/suite/invalid-cert,
	tests/suite/testcompat-main, tests/suite/testrandom: Pass the
	LIBTOOL variable into test scripts That allows using the detected libtool in scripts.  That corrects an
	issue on OS X systems that ship a different libtool. Reported by
	Daniel E. Macks.

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c: renamed
	gnutls_x509_crl_get_crt_serial2 to gnutls_x509_crl_iter_crt_serial.

2014-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.h: define NN_HASH unconditionally

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crl.c,
	lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_int.h: Added
	gnutls_x509_crl_get_crt_serial2(), a faster variant of
	gnutls_x509_crl_get_crt_serial().  The new function caches pointers to allow working faster in CRL
	structures with lots of entries (e.g., 50000+ entries).

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c, src/certtool-common.h, src/certtool.c,
	src/danetool.c: certtool: When an external file is used increase out
	maximum buffer accordingly.

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Abort printing on error.

2014-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: tie the weak DH warning to the very weak security
	parameter.

2014-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: m4/hooks.m4: use enableval rather than fixed values.  That should resolve issue #108592 at
	http://savannah.gnu.org/support/?108592

2014-06-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_v2_compat.c: handshake: Prevent memory leak on invalid
	SSLv2 hello length.

2014-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2014-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2014-05-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* devel/openssl, lib/accelerated/x86/coff/aes-ssse3-x86.s,
	lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Updated asm
	sources

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated windows makefile

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: update
	files for gnutls_credentials_get()

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2014-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/long-session-id.c: Added test for memory
	corruption issue in server hello.  Related to the 688ea6428a432c39203d00acd1af0e7684e5ddfd commit.

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/gstr.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h: updated libtasn1

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: avoid cleanup when there are no allocations in
	_gnutls_x509_der_encode().

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ecc.c: cleanup resources on
	_gnutls_ecc_ansi_x963_export() failure.

2014-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-args.def, src/serv.c: Added the --print-cert option to
	gnutls-serv.

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-extras.c: certtool: correct size calculation when
	loading privkey

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: re-indented messy table.

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: Removed unused function.

2014-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: document the symbol version bump needed in a .so
	version bump.

2014-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Prevent memory corruption due to server
	hello parsing.  Issue discovered by Joonas Kuorilehto of Codenomicon.

2014-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: only try to copy session ID if there is a
	session ID.

2014-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-29  Kurt Roeckx <kurt@roeckx.be>

	* lib/x509/x509_ext.c: Fix capitalisation of ia5String Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: increased the maximum certificate size buffer in the
	PKCS #11 subsystem.

2014-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c: re-enabled config path discovery code, and check the
	return code of getpwuid_r().  Reported by Viktor Dukhovni.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-cipher.c, src/benchmark.h, src/cli-args.def,
	src/cli.c: gnutls-cli's benchmark-soft-ciphers is no more.  It could not be emulated with the new library.

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/accelerated.c: removed old check for nettle

2014-05-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/safe-memset.c: safe_memset: allow memset of zero bytes.

2014-05-27  Hani Benhabiles <kroosec@gmail.com>

	* lib/x509/verify-high.c: Fix unused variable warning without
	PKCS#11 support.  Signed-off-by: Hani Benhabiles <hani@linux.com>

2014-05-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool: Include path in ocsp request.  This resolves #108582 (https://savannah.gnu.org/support/?108582),
	reported by Matt McCutchen.

2014-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/protocols.c, lib/gnutls_handshake.c: 
	_gnutls_version_get() returns GNUTLS_VERSION_UNKNOWN on error
	instead of negative.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: Allow wildcard comparison of options.

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: Warn when invalid configuration
	options are set into a template.

2014-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: Do not allow null strings to be read from ASN.1
	structures.  This corrects a null pointer dereference when parsing some specially
	crafted certificates. Issue discovered using the Codenomicon TLS
	test suite.

2014-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: removed redundant null termination

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h: removed _gnutls
	prefix from static functions.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: Do not call the user_hello_func multiple
	times when performing ticket resumption.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: doc update

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_get_extension_data: will return
	zero if data is NULL and memory buffer size is not sufficient.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: 
	When assigning the TLS version, double check that it is valid.

2014-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: Prevent a crash by ensuring that
	there is a valid negotiated version.  Issue discovered by Joonas Kuorilehto of Codenomicon.

2014-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: Added aliases for unit and organization.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: use a signed value for bits.

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: certtool: allow multiple organizations and
	organizational unit names to be specified in a template.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: increased the number of allowed elements in
	a priority string.

2014-05-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: simplify break_comma_list().

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: gnutls_x509_crt_get_signature() will use the
	internal _gnutls_x509_get_signature().  That prevents unnecessary replication of its code.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/x509.c: more sanity checks on
	signature size

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/p11tool-args.def, src/tpmtool-args.def: 
	tools: Replace normal sec-param with medium in documentation.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/cleanup-autogen.pl: invoke-*.texi generation: do not
	print the bug reports line from autogen.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
	lib/safe-memset.c: do not yet export gnutls_memset().

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-05-15  Michał Górny <mgorny@gentoo.org>

	* tests/slow/Makefile.am: tests/slow: add -I flags necessary for
	out-of-source builds.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-05-15  Michał Górny <mgorny@gentoo.org>

	* tests/Makefile.am: tests: pass PKCS12PATH to fix tests in
	out-of-source builds.  The set_pkcs12_cred used to default to looking for input files in a
	subdirectory of the current working directory. When an out-of-source
	build is performed, the files reside in a subdirectory of source
	directory instead. Set PKCS12PATH to that directory in order to fix
	the build.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa: changed port of DSA test

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: gnutls_x509_crt_get_signature() will return the
	correct signature size rather than the max.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c: Print the openpgp DN only when
	gnutls_openpgp_crt_get_name() failed appropriately.

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: initialize string in
	gnutls_x509_ext_import_basic_constraints().

2014-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: corrected error checking in
	gnutls_x509_crt_get_extension_data()

2014-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: Allow null list_size argument in
	gnutls_certificate_get_peers()

2014-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: certificate verification is performed asynchronously.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/danetool-args.def: enhanced the danetool usage instructions.

2014-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: Do not use autogen's file option for input
	parameters.  Instead use a string. We check the file for validity and autogen's
	check was imposing rules such as normal file (as opposed to a
	device), that were not needed.

2014-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c: certtool: check for null prior to checking
	for empty passwd

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdhe.c: cleanup in the initialization of ECDH
	parameters.

2014-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: Eliminated memory leak on failed curve
	assignment.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: gnutls-cli: if dane verification is used but not PKIX
	only check the end certificate.

2014-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: doc update

2014-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509.c, lib/gnutls_priority.c: use
	gnutls_set_default_priority() in examples.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h,
	libdane/libdane.map: Revert "Added dane_verify_crt_raw2() which
	allows verifying against the certificate name." This reverts commit d19ac66361300aaf188bc69ae64d5fcd7e89b0f6.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: Revert "corrected
	prototypes for dane_verify_crt_raw2()." This reverts commit b065ea137a6bcb49c3755886cb1ff30ca5e8f9e3.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: corrected
	prototypes for dane_verify_crt_raw2().

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_mem.h, lib/includes/gnutls/gnutls.h.in,
	lib/safe-memset.c: export gnutls_memset().

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h,
	libdane/libdane.map: Added dane_verify_crt_raw2() which allows
	verifying against the certificate name.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: Improved dane_verify_session_crt(), which now
	attempts to create a full chain.  This addresses points from
	https://savannah.gnu.org/support/index.php?108552

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
	lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
	lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
	lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
	lib/ext/srp.c, lib/ext/status_request.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_cert.c, lib/gnutls_handshake.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/gnutls_x509.c: removed legacy code.

2014-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_auth.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_credentials_get().

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-args.def, src/serv.c: Added gnutls-serv option
	--verify-client-cert.  That option allows forcing verification of the provided certificate
	even if it is not required to present one. In that case the
	connection will be closed with a fatal alert.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/status_request.c: Addressed memory leak in status request
	extension handling during rehandshake.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dh_common.c, lib/auth/ecdhe.c: Addressed memory leaks in
	DHE and ECDHE rehandshakes.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross compilation Makefile.

2014-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/safe_renegotiation.c: Avoid memory leak in safe
	renegotiation extension handling.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c: 
	Small cleanups in packet receive as well as a memory leak error.  The memory leak was uncovered by the Codenomicon TLS suite.

2014-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2014-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: updated documentation on library
	initialization to reflex the changes in 3.3.0.

2014-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/locks.c: re-enabled gnutls_global_set_mutex().

2014-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Do not run autogen twice to generate the header
	files.

2014-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am: Ship suppressions.valgrind

2014-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2014-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/gnutls_int.h: Ensure that there is no
	remainders in the TLS handshake packets.  The issue was discovered using the codenomicon TLS suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srp.c: Account the length byte in SRP extension.  Issue identified using valgrind and the Codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: Do not set "NORMAL" as default priority string.  That is, allow the library to select the appropriate default.

2014-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: fixed typo

2014-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
	lib/includes/gnutls/x509.h, lib/priority_options.gperf,
	lib/x509/verify.c: Added the 'very weak' certificate verification
	profile.  This profile corresponds to a 64-bit security level (e.g., RSA
	parameters of 768 bits).

2014-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/x509/cert-ecc.pem,
	doc/credentials/x509/clicert-ecdsa.pem,
	doc/credentials/x509/clikey-ecdsa.pem,
	doc/credentials/x509/key-ecc.pem: test ECC keys were upgraded to
	secp256r1

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/certtool.c: When generating ECDSA keys,
	generate 256-bit keys by default.  Curves with less than 256 bits (i.e., SECP192R1 and SECP224R1) are
	not widely supported.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/x509/clicert-ecdsa.pem,
	doc/credentials/x509/clikey-ecdsa.pem: Added ECDSA example keys.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c: Corrected an off-by-one error.  The issue was discovered using the codenomicon TLS suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srp.c: initialize to null the SRP extension data on
	allocation.  Issue identified using valgrind and the Codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testrng: Modified the testrng for Debian's dieharder.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/sign.c: Better check for null signature method.  Issue identified using valgrind and the Codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ecc.c, lib/ext/safe_renegotiation.c, lib/ext/signature.c: 
	More precise packet length checking.  Issue discovered using valgrind and the Codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk_passwd.c: Eliminated password file descriptor leak.  Issue discovered using codenomicon TLS test suite.

2014-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: Added a timeout to close inactive sessions.

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: Send the appropriate alert when a certificate is
	required but not present.

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: use __sun definition to detect solaris.

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: Cleaned up server process.  This eliminates an infinate loop triggered by unexpected client
	disconnections.

2014-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: Added support for constructors and
	destructors in solaris CC.

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testrng: Updated dieharder tests.

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha: doc update

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/cipher-test.c: include header for self-test functions

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testrng: Allow testrng test to run with older versions
	of dieharder.

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
	casting to mpz_t using __mpz_struct and cleaned up mpz_t access.

2014-05-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/gnettle.h, lib/nettle/mpi.c, lib/nettle/pk.c: simplify
	casting to mpz_t using __mpz_struct.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h,
	lib/minitasn1/version.c: updated included libtasn1.

2014-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: Do not return from void functions. Reported by
	dev [at] cor0.com.

2014-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: removed return from void function.

2014-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/rng.c, tests/suite/testrng: updated prng test

2014-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/suite/Makefile.am, tests/suite/rng.c,
	tests/suite/testrng: Test the random generators in gnutls using the
	dieharder tool.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/pkcs11-get-issuer.c: use different db file for
	pkcs11-get-issuer.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/pkcs11-get-issuer.c: Added
	test to verify whether gnutls_x509_trust_list_get_issuer() operates
	correctly under PKCS #11 trust list.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/x509/verify-high.c: 
	gnutls_x509_trust_list_get_issuer() will work correctly with a PKCS
	#11 trust list.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_write.c: initialize the size value

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, lib/crypto-selftests.c, lib/fips.c: 
	Include the correct header for the self tests functions

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/safe_renegotiation.c: removed redundant code. Reported by
	David Binderman.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: increased MAX_DATA_ENTRIES to 100.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: rearranged code

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: only fail DANE verification if status is non-zero

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: Accept a
	certificate using DANE if there is at least one entry that matches
	the certificate.  This corrects the previous behavior that was rejecting the
	certificate if there were multiple entries and one couldn't be
	validated. New flag DANE_VERIFY_UNKNOWN_DANE_INFO is synonymous to
	DANE_VERIFY_NO_DANE_INFO. Patch by simon@arlott.org.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: Do not deinitialize in gnutls_global_deinit()
	if the call to gnutls_global_init() failed.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c, lib/nettle/rnd.c: Alternative fix for the
	initialization of random generator. Reported by Martin Kletzander.

2014-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd.c: Revert "Avoid dual initialization of random
	generator. Reported by Martin Kletzander." This reverts commit 43a71114dfdb6aa5c28a1378102a935c68951eed.

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-cbc-x86-aesni.c,
	lib/accelerated/x86/aes-cbc-x86-ssse3.c,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-x86-ssse3.c,
	lib/accelerated/x86/x86-common.c, lib/accelerated/x86/{x86.h =>
	x86-common.h}: x86.h was renamed to x86-common.h to avoid clashes
	with system headers.

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: Avoid dual initialization of random generator.
	Reported by Martin Kletzander.

2014-04-19  Kurt Roeckx <kurt@roeckx.be>

	* lib/fips.c: Test for the existance of the /etc/system-fips file We don't read it, the existance of the file is enough to say in what
	mode we are.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-04-19  Kurt Roeckx <kurt@roeckx.be>

	* lib/fips.c: Add _gnutls_fips_mode_enabled() return values.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-04-19  Andreas Metzler <ametzler@bebt.de>

	* lib/gnutls_cert.c: Typo fix: overriden -> overridden Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp_sb64.c: Use unsigned type for encode(). Based on
	suggestion by Shawn (sth0r2046 [at] gmail.com).

2014-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.c: tolerate NULL in strdup(). Patch by shawn
	(sth0r2046 [at] gmail.com).

2014-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Allow exporting a CRL in DER format.

2014-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, THANKS: cleaned up authors and thanks file.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/invalid-cert,
	tests/suite/suppressions.valgrind, tests/suite/testcompat-main,
	tests/suite/testrandom: More script tests run under valgrind

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/cert-tests/suppressions.valgrind: Run scripts under valgrind.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: Treat othername as printable (i.e., null
	terminate it), as the XMPP printing code assumes that.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: cleanups in output

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/src/core.c: do not override gnutls' allocation functions That was not being done using the API, and overriding them is no
	longer possible in 3.3.x.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: relased 3.3.1

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: changed port to allow parallelization

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: gnutls_secure_malloc() is no
	longer part of the API (though it remains in the ABI).

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.c, lib/libgnutls.map, symbols.last: revived
	gnutls_secure_malloc() to avoid breaking ABI.  gnutls_secure_calloc() is no longer exported as it was never in any
	public header.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: removed file from Makefile that doesn't exist

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: gnutls-cli will no longer allow the session to proceed
	if DANE verification fails.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
	tests/cert-tests/xmpp-othername.pem: Added test certificate with
	multiple XMPP othername SAN fields.

2014-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/output.c,
	lib/x509/x509.c: Corrected decoding of XMPP SAN othername.  This also corrects the semantics of the get_*_othername_oid()
	functions, such as gnutls_x509_crt_get_subject_alt_othername_oid().

2014-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: always initialize size values

2014-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: copy_string() and copy_data() are more
	resilient on null input

2014-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/scripts/common.sh: increased server startup wait time.  That is because we now check for key/certificate match via a
	sign/verify request that may take longer in some systems. Based on
	patch by Andreas Metzler.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_ext.c: fix issue in gnutls_subject_alt_names_get().  That caused a null pointer dereference when extracting names from a
	certificate that contained an OtherName. Reported and investigated
	by Kirill A. Shutemov.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/rsa_psk.c, lib/gnutls_mem.c, lib/gnutls_mem.h: Removed
	the already unused secure alloc functions.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_mem.c, lib/gnutls_mem.h,
	lib/safe-memset.c: Use a harder to optimize out memset().

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: fix typo

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/srp_rsa.c: corrected get_auth_info() for SRP-RSA.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pskself.c: include hint into psk test.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/psk.c, lib/auth/psk.h: Avoid dual generation of key.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-rsa-psk.c: Enable hint in the rsa-psk test.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/rsa_psk.c: use custom proc_server_kx for RSA-PSK

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_psk.c: eliminated the leak of hint when deallocating
	the credentials.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_auth.c: _gnutls_auth_info_set() will decide the
	replacing of auth info based on the provided credentials type.  This avoids issues with discrepances in server and client mode.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/auth/dhe_psk.c, lib/auth/psk.c,
	lib/auth/rsa.c, lib/auth/rsa_psk.c, lib/auth/srp.c,
	lib/auth/srp_rsa.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_cert.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c,
	lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/gnutls_x509.c: Made _gnutls_get_auth_info() safer to use.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli.c: Both DANE and PKI verification are
	advisory when --tofu is being used.

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: When checking for data to be received use
	the 'transport_recv_ptr' This affects cases where there is different send and recv pointers.
	Reported and investigated by JMRecio.

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: doc update

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: documentation update.

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: Do not print certificates twice.  That will improve the visibility of messages of the various
	verification methods.

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: Updated TOFU documentation. Suggested by Jens
	Lechtenboerger.

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool.c: added newlines to p11tool error messages

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: corrected uninitialized value

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: removed conditionally exported functions.

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/self-test.h: Added self check functions to
	self-test.h.

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, m4/hooks.m4: bumped versions

2014-04-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
	tests/test-chains.h: use MAX_CHAIN definition to avoid overflow
	issues in the future

2014-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: increased the space available for
	certificates.  That avoids a crash in sparc64; reported by Andreas Metzler.

2014-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: doc update

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c, src/certtool.c: several bug fixes in certtool.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: use the same cflags for included programs as with
	library.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: Corrected dane_verify_crt() to not deinitialize
	any input state.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c, lib/ext/heartbeat.c, lib/gnutls_db.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_pk.c,
	lib/gnutls_priority.c, lib/gnutls_range.c, lib/gnutls_record.c,
	lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/nettle/egd.c,
	lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c, lib/tpm.c,
	lib/verify-tofu.c: several bug fixes due to coverity.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c,
	lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_ext.c: several bug
	fixes due to coverity.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/armor.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
	lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/stream.c: Corrected bugs
	reported from coverity in opencdk.

2014-04-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: correctly check for message upper limit.

2014-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: Allow a null ca file; i.e., allow setting
	only CRLs in gnutls_x509_trust_list_add_trust_file().

2014-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-04-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: Added the PFS priority string.

2014-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected Peter's name!

2014-04-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/key-tests/Makefile.am, tests/key-tests/key-ecc.p8,
	tests/key-tests/key-ecc.pem, tests/key-tests/openssl-key-ecc.p8,
	tests/key-tests/pkcs8: Added self tests for ECC PKCS #8 files.

2014-04-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/x509/key_decode.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: Allow decoding PKCS
	#8 files with ECC parameters from openssl.  These files do not contain the curve information with the private
	key (ECPrivateKey), but they rather contain it in the
	privateKeyAlgorithm.

2014-04-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/heartbeat.c: More strict checking of heartbeat padding
	size boundaries.  This will let us enforce RFC6520 minimum size for padding. Suggest
	by Peter Williams; initially investigated by Frank Li.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.h: unconditionally zeroize temporal keys.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk, doc/examples/Makefile.am: link examples to GPL gnulib.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-global-load.c: Avoid unneeded
	dependency

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-selftests-pk.c, lib/crypto-selftests.c: Do not include
	the FIPS140-specific functions into the main documentation.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-tests/Makefile.am: Added missing file

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated documentation

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map, symbols.last: updated exported symbols table.

2014-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
	lib/libgnutls.map: mark functions that are only available under
	FIPS140 mode

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files.

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/rfc2818_hostname.c: doc update

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: Enhanced _gnutls_check_key_cert_match() This function now performs a sign/verify test to check whether the
	public and private keys match.

2014-04-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: doc update

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cross.mk: update gmplib location

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am: removed double entry

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rsa-encrypt-decrypt.c, tests/x509sign-verify.c: win32
	updates

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files to ignore

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: Prevent gnulib from replacing strdup as we don't
	include this gnulib module.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am: do not build ecore when cross-compiling
	for windows.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/gl/Makefile.am, src/gl/bind.c, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-comp.m4: Added bind gnulib module.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/gl/Makefile.am, src/gl/connect.c, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-comp.m4: Added connect gnulib module.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/getdelim.c, gl/getline.c, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/tests/Makefile.am, gl/tests/test-getdelim.c,
	gl/tests/test-getline.c: Added getline() in gnulib.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: corrected configure test for pthread_mutex_lock

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c, lib/x509/x509.c: updated documentation

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/certs/create-chain.sh: updated test cert generator.

2014-04-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-cert-auth.texi, doc/examples/ex-client-x509.c,
	doc/examples/verify.c, lib/gnutls_cert.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
	src/common.c, src/common.h, src/serv.c, tests/mini-x509-2.c,
	tests/mini-x509.c: Replaced gnutls_certificate_verify_peers3() with
	the extendable gnutls_certificate_verify_peers().  That will allow adding new functionality to verification without the
	need to add new functions.

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
	doc/examples/ex-client-x509.c, doc/examples/verify.c,
	lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/mini-x509.c: Added gnutls_certificate_verify_peers4 which will
	verify in addition to hostname, the purpose of the end-certificate.

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: bumped version

2014-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: simulate gnutls_certificate_verify_peers2()
	using gnutls_certificate_verify_peers3().

2014-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: doc update

2014-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/heartbeat.c: doc update

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: modify to conform to the documentated
	level.

2014-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated makefile

2014-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am: avoid checking or linking with
	libpthread in windows

2014-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: Corrected check for softhsm shared object.

2014-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: Allow multiple spaces into priorities file.

2014-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c: 
	The "SYSTEM" initial keyword was replaced with the more generic
	"@KEYWORD" The @KEYWORD string will open the pre-configured system priority
	file and will expand the KEYWORD, to the priority string set in the
	file.  The file should have the following format:
	KEYWORD=PRIORITY_STRING

2014-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: Use the IANA assigned padding extension number.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: skip the test if softhsm doesn't exist

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/suite/testpkcs11: Use separate softhsm databases
	and config in tests to allow parallel runs.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: added softhsm dependency for testsuite

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c,
	tests/suite/testpkcs11: Converted the PKCS #11 test suite to use
	softhsm That allows us running it in the normal test suite.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c, src/cli-args.def,
	src/cli.c, src/p11tool.c: Allow using the --provider parameter in
	gnutls-cli and certtool to specify a PKCS #11 module.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-chainverify.c: updated test to run in more
	systems.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: set the same flags in the second search

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: ignore the softhsm test suite files.

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testpkcs11: fixed bashisms

2014-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/certs/create-chain.sh: depend on bash for the
	create-chain script

2014-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-x509.c: Enhanced test to check that the correct number
	of certificates is received

2014-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: corrected check for sorted server certificate
	chain.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: The GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED flag
	is specific to p11-kit trust modules.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/pkcs11-chainverify.c: Perform
	the certificate verification tests in PKCS #11-based verification
	using softhsm.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Perform time check when removing a certificate
	in _gnutls_pkcs11_verify_crt_status() This brings the function in par with _gnutls_verify_crt_status().

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/x509/verify.c: When verifying, check for the
	same certificate in the pkcs11 trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
	certificate, and the self-signed isn't in our pkcs11 trusted list,
	make sure that we search for the non-self-signed as well. This
	affects, gnutls_x509_trust_list_verify_crt() when used with a PKCS
	#11 trust module.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: Allow manually loading a 'trusted' module.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: Do not try to deinitialize the PKCS #11
	libraries from the destructor.  If we do and the PKCS #11 modules are already being unloaded, we may
	crash.  If the deinitialization of the PKCS #11 subsystem is
	required then, gnutls_pkcs11_deinit() must be explicitly called.

2014-04-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/chainverify.c, tests/test-chains.h: split
	test chains from chainverify program.

2014-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/{key-id =>
	key-tests}/Makefile.am, tests/{key-id => key-tests}/README,
	tests/{key-id => key-tests}/ca-gnutls-keyid.pem, tests/{key-id =>
	key-tests}/ca-no-keyid.pem, tests/{key-id =>
	key-tests}/ca-weird-keyid.pem, tests/key-tests/key-ca-1234.p8,
	tests/key-tests/key-ca-empty.p8, tests/key-tests/key-ca-null.p8,
	tests/{key-id => key-tests}/key-ca.pem, tests/{key-id =>
	key-tests}/key-id, tests/{key-id => key-tests}/key-user.pem,
	tests/key-tests/pkcs8: Added self-test for PKCS #8 key conversion
	and reading

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: the chainverify test ensures that there is no
	diverge between different verification functions.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: When verifying check for the same
	certificate in the trusted list, not only the issuer When the certificate list verifying ends in a non self-signed
	certificate, and the self-signed isn't in our trusted list, make
	sure that we search for the non-self-signed in our list as well.
	This affects, gnutls_x509_trust_list_verify_crt() and makes its
	results identical to gnutls_x509_crt_list_verify().

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README-alpha: mention test on smart card support

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* README: Added make check to the make process in README

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c: changed the behavior in
	certtool's PKCS #8 key export with no password By default when no password is specified, an unencrypted key is
	output.  The previous behavior of encrypting using an empty password
	can be replicated using --empty-password.

2014-04-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: Updated documentation on null-password and
	password options of certtool.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testrandom: Added test to check verification with
	randomly generated certificates.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: Combined the code to set CRL next update with
	certificate expiration date.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: corrected typo

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: improved error message

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: When a CRL serial number is not specified, generate
	a time-based one.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-shared-key.texi: doc update

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
	lib/priority_options.gperf: Added priority string
	%DISABLE_WILDCARDS.  This will disable any wildcard matching when comparing hostnames in
	certificates.

2014-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_x509.c, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h,
	lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
	tests/hostname-check.c: Added verification flag to disable wildcard
	checking This adds the verification flag
	GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS, and
	gnutls_x509_crt_check_hostname2(),
	gnutls_openpgp_crt_check_hostname2().

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
	tests/cert-tests/ca-no-pathlen.pem,
	tests/cert-tests/complex-cert.pem,
	tests/cert-tests/no-ca-or-pathlen.pem: updates for accounting the
	SHA256 fingerprint output in certtool

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: doc update

2014-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Print the SHA256 fingerprint of the certificate
	in addition to SHA1.

2014-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: doc update

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: simplified
	gnutls_certificate_client_get_request_status() - no error is
	possible.

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: doc update

2014-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: cleaned up documentation of
	gnutls_record_send()

2014-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: Added test for CVE-2014-0092

2014-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: removed reference to mini_xssl

2014-03-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: Added self checks for various verification
	profiles

2014-03-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-large.c: Added test for gnutls_record_cork() and
	uncork usage under DTLS.

2014-03-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: make gnutls_record_uncork() more DTLS
	friendly.

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: using the SYSTEM priority string will fail
	if there is no system file

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: reformatted NEWS entries

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_int.h,
	lib/gnutls_priority.c: The %COMPAT keyword no longer reduces
	security.  Introduced the LEGACY keyword which will enable the settings used in
	GnuTLS 3.2.x for NORMAL keyword. That is to be used in cases where
	compatibility with weak or misconfigured servers is required.

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/manpages/Makefile.am: replaced wrong manpage generation
	parameter

2014-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/status_request.c, lib/x509/crl.c, lib/x509/crq.c,
	lib/x509/x509.c, lib/x509/x509_write.c: fixed gdoc documentation

2014-03-26  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* README: update README to reflect gmplib licensing change As of version 6.0.0, gmplib moved its licensing from LGPLv3+ to a
	dual-license LGPLv3+/GPLv2+ license.  This licensing change affects the licenses under which versions of
	GnuTLS can be redistributed.  Update the README to reflect this change.

2014-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Fix patch version calculation when it contains
	non-numeric chars

2014-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: print RSA-EXPORT status

2014-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: use isascii instead of isprint for
	internationalized name detection

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: bump so version

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-common.c: fixes for 'medium'
	level

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c: add a check for invalid DH parameters.

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/anonself.c, tests/dhepskself.c: Add checks in tests for the
	DHE prime and exponent size.

2014-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: doc update

2014-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509-extensions.c: fixed test to use the correct function
	names.

2014-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c,
	tests/hostname-check.c: Severely simplified hostname matching.  Now only wildcards only the leftmost position of the string are
	allowed (followed by at least two components), and are only taken
	into account into ascii strings. Non-ascii strings are compared
	byte-by-byte.  That means that wildcards in the form
	bar*foo.example.com are no longer accepted, as well as wildcards of
	the form *.*.*.example.com.

2014-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: 
	use commit suffix for functions that return a status code.

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c, lib/nettle/rnd.c: Simplifications in the
	RNG code.

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: the longer e-mail caused crash in autogen's
	manpage generation

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/Makefile.am, doc/cha-cert-auth.texi,
	doc/manpages/Makefile.am, lib/includes/gnutls/x509-ext.h,
	lib/libgnutls.map, lib/x509/crq.c, lib/x509/extensions.c,
	lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
	lib/x509/x509_ext.c, lib/x509/x509_write.c, symbols.last: renamed
	some of the newly introduced functions

2014-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: set the invalid flag when the owner is
	unexpected.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_str.c, lib/x509/rfc2818_hostname.c,
	tests/hostname-check.c: Changed the behaviour in wildcard acceptance
	in certificates.  Wildcards are only accepted when there are more than two domain
	components after the wildcard. This will prevent accepting
	certificates from CAs that issued '*.com', or 'www.*'.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509-extensions.c: Added more key usage flags in the test
	for x509-extensions.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509-extensions.c: x509-extensions test will fail if an
	unhandled extension is found.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am: ship the gperf file and the generated one.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, Makefile.am, NEWS, cfg.mk, doc/Makefile.am,
	doc/doc.mk, doc/manpages/Makefile.am, symbols.last: doc update

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-cert-auth.texi: documented the new X.509 extension API

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Certtool
	can now write more than a single crl_dist_point.

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/cert-tests/template-test.pem,
	tests/cert-tests/template-test.tmpl,
	tests/cert-tests/template-utf8.pem,
	tests/cert-tests/template-utf8.tmpl, tests/hostname-check.c,
	tests/x509-extensions.c: Added unit tests for new API

2014-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/Makefile.am, lib/includes/gnutls/x509-ext.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crq.c, lib/x509/extensions.c, lib/x509/name_constraints.c,
	lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
	lib/x509/x509_int.h, lib/x509/x509_write.c: Added new API to handle
	X.509 extensions.  This API handles the X.509 extensions in separate, allowing to parse
	similarly formatted extensions stored in other structures. In
	addition functions that simplify the extraction of extensions from
	known structures were added: - gnutls_x509_crq_get_extension_data2() - gnutls_x509_crl_get_extension_data2() - gnutls_x509_crt_get_extension_data2() The old functions were rewritten to use the new API.

2014-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-02-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/extensions.c: Corrected error checking in
	_gnutls_x509_ext_gen_proxyCertInfo

2014-03-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/TODO: doc update

2014-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: initialize pointer

2014-03-12  Luis G.F <luisgf@gmail.com>

	* src/serv.c: serv.c Fix memory leak for *crtinfo pointer. The
	reference is lost if an allocation error occured.  Signed-off-by: Luis G.F <luisgf@luisgf.es>

2014-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: use the number of seconds as serial in 32-bit
	systems

2014-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: Only check PK compatibility in client side but
	also when using openpgp certs.

2014-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/kx.c: corrected initializer

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/cert.c: shortend static function names.

2014-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/kx.c, lib/auth/cert.c: verify
	that the algorithm of the received certificate matches the expected.

2014-03-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-03-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/cha-functions.texi,
	doc/cha-gtls-examples.texi, doc/doc.mk, doc/examples/Makefile.am,
	doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
	doc/manpages/Makefile.am, lib/Makefile.am,
	lib/includes/Makefile.am, lib/includes/gnutls/xssl.h, lib/xssl.c,
	lib/xssl.h, lib/xssl_getline.c, tests/Makefile.am,
	tests/mini-xssl.c: The xssl experimental library was removed.  While the idea of a high level library is nice, there are no
	resources to maintain an additional library.

2014-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/nettle/mpi.c, m4/hooks.m4: Added option to
	enable linking with nettle-mini

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: re-enabled certificate verification

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: ciphersuites that utilize SHA256 or
	SHA384 are only available in TLS 1.0 The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only
	defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated
	under SSL 3.0, it will during MAC initialization.

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/mac.c, lib/algorithms/sign.c,
	lib/crypto-api.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/gnutls_pcert.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
	lib/verify-tofu.c, lib/x509/crq.c, lib/x509/ocsp.c,
	lib/x509/ocsp_output.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
	lib/x509/x509.c: stricter type usage

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-padlock.h,
	lib/accelerated/x86/x86-common.c, lib/algorithms/ciphersuites.c,
	lib/gnutls_hash_int.c, lib/nettle/pk.c: explicit type conversions
	when needed

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
	lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/pkcs11.c,
	lib/x509/key_encode.c, src/certtool-common.c: more fixes due to
	clang

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: silence some warnings

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/opencdk/armor.c, lib/openpgp/pgp.c,
	lib/verify-tofu.c: clang warning fixes

2014-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: removed unused variables.

2014-03-07  Kevin Cernekee <cernekee@gmail.com>

	* src/Makefile.am: Fix build failures on autogen'ed docs autogen needs to be invoked with $(srcdir)/<FOO>-args.def or else it
	will not be able to find the input file if GnuTLS is built out of
	tree, e.g.      mkdir build     cd build     ../configure     make Also, add missing targets for %-args.h, to avoid this error:     make[2]: Entering directory `/home/user/gnutls/src'     autogen srptool-args.def     autogen psk-args.def     make[2]: *** No rule to make target `ocsptool-args.h', needed by
	    `all'.  Stop.  make[2]: Leaving directory
	    `/home/user/gnutls/src' make[1]: *** [all-recursive] Error 1 For portability's sake we will spell out the rule for each target
	instead of using a GNU '%' pattern rule:
	https://www.gnu.org/software/make/manual/html_node/Features.html#FeaturesSigned-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-07  Kevin Cernekee <cernekee@gmail.com>

	* .gitignore, doc/Makefile.am: Fix build failures involving
	doc/invoke-*.texi Several problems were found in this area: 1) Currently, if SRC_DEF_* are undefined, autogen will get invoked
	with no input file and it will hang forever waiting for content from
	stdin:     mv -f enums.texi-tmp enums.texi     mkdir enums     ../../doc/scripts/split-texi.pl enums enum < enums.texi     echo stamp_enums > stamp_enums     cd ../src/ && autogen -Tagtexi-cmd.tpl  && \         rm -f ../doc/invoke-gnutls-cli.texi && \         ../doc/scripts/cleanup-autogen.pl
	        <../src/invoke-gnutls-cli.texi
	        >../doc/invoke-gnutls-cli.texi.tmp && \ mv -f
	        ../doc/invoke-gnutls-cli.texi.tmp ../doc/invoke-gnutls-cli.texi && \
	rm -f ../src/invoke-gnutls-cli.texi     <HANG> Since these documents are @include'd by other documents, it is
	probably a good idea to make sure the targets are buildable in case
	they get listed as prerequisites.  2) SRC_DEF_* used relative paths which are correct for an in-place
	build, but incorrect for an out-of-tree build.  They should use
	something like $(top_srcdir)/src to resolve the ambiguity.  3) cleanup-autogen.pl was also referenced using a relative pathname,
	breaking out-of-tree builds.  4) The non-portable "sed -i" flag was used.  Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-07  Kevin Cernekee <cernekee@gmail.com>

	* README-alpha: README-alpha: Add gperf dependency for building from
	git Without gperf, priority-options.h does not get built and this
	results in a compile error.  Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-07  Kevin Cernekee <cernekee@gmail.com>

	* src/gl/stdint.in.h, src/gl/sys_types.in.h: updated gnulib This pulls in upstream commit cb3c90598 (stdint, read-file: fix
	missing SIZE_MAX on Android).  Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: more type separation

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: use psktool-args

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: more type separation

2014-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: separated types for easier verification

2014-03-06  Kevin Cernekee <cernekee@gmail.com>

	* .gitignore, doc/manpages/Makefile.am, src/Makefile.am, src/psk.c,
	src/{psk-args.def => psktool-args.def}: Rename psk-args.def to
	psktool-args.def Other utilities generate invoke-%.texi from %-args.def, but
	currently invoke-psktool.texi is generated from psk-args.def.  If we
	make psktool conform to the same convention as the other utilities,
	we can use a generic pattern to handle all of them the same way.  Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-06  Kevin Cernekee <cernekee@gmail.com>

	* doc/Makefile.am: doc: Fix enums.texi failure on out-of-tree builds enums.texi is a generated file so we should not look for it in
	$(srcdir).  When we do, chaos ensues:     mv -f enums.texi-tmp enums.texi     mkdir enums     ../../doc/scripts/split-texi.pl enums enum <
	    ../../doc/enums.texi /bin/bash: ../../doc/enums.texi: No such
	    file or directory make[4]: *** [stamp_enums] Error 1     make[4]: Leaving directory `/home/user/gnutls/build/doc'     make[3]: *** [all-recursive] Error 1     make[3]: Leaving directory `/home/user/gnutls/build/doc'     make[2]: *** [all] Error 2     make[2]: Leaving directory `/home/user/gnutls/build/doc'     make[1]: *** [all-recursive] Error 1     make[1]: Leaving directory `/home/user/gnutls/build'     make: *** [all] Error 2 Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/extras.c: Ensure failure when no base64 data have been
	read. Suggested by Ramkumar Chinchani.

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: xssl compilation fix; patch by Colin Leroy

2014-03-05  Jason Spafford <nullprogrammer@gmail.com>

	* lib/opencdk/misc.c: Fixed checking the length of a null string in cdk_strlist_add, it would check the strlen of the 'string'
	parameter before it checked if the parameter was null.  Signed-off-by Jason Spafford nullprogrammer@gmail.com

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, symbols.last: Added symbol check prior to release
	(after discussion with Andreas Metzler)

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: updated doc

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/test-driver, build-aux/ylwrap: updated build-aux files

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: removed no-split as it causes issues in pdf
	building

2014-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/bind.c, gl/connect.c, gl/m4/arpa_inet_h.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4,
	gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/stdint.in.h,
	gl/sys_types.in.h, gl/tests/Makefile.am, gl/tests/test-arpa_inet.c,
	gl/tests/test-bind.c, gl/tests/test-connect.c,
	gl/tests/test-inet_pton.c, gl/tests/test-sockets.c,
	gl/tests/w32sock.h, gl/w32sock.h: removed all networking code from
	libgl

2014-03-05  Nick Alcock <nick.alcock@oracle.com>

	* configure.ac: Overridewq AUTOGEN under --enable-local-libopts only
	if autogen is not needed.  After commit 6addbc3, specifying --enable-local-libopts
	unconditionally replaces the autogen-erated files with their
	distributed copies, and substitutes AUTOGEN to false.  The assumption here is that if --enable-local-libopts is not
	specified, autogen cannot be installed, and that the distributed
	copies necessarily exist.  Neither assumption is always correct.
	e.g. someone building a 32-bit copy of GnuTLS from git with a copy
	of autogen on their system will have a 64-bit copy of libopts, and a
	working /usr/bin/autogen, but not a 32-bit libopts.  Since building
	autogen depends on Guile, this is a rather heavyweight pile of gear
	to require.  (You can force a successful build in this case, but it
	requires providing AUTOGEN=/usr/bin/autogen to make(1), which is
	distinctly inelegant.) So fix things so that if any of the distributed copies do not exist,
	we do not substitute AUTOGEN, so as to let any copy of autogen that
	configure found on the system do its job if necessary, while not
	forcing the user to link against the copy of libopts which came with
	that autogen.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/ext/session_ticket.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_state.c, m4/hooks.m4, src/serv.c: 
	session tickets can be disabled

2014-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/Makefile.am, lib/ext/cert_type.c,
	lib/ext/status_request.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_x509.c: 
	increased code disabled from disable-ocsp and disable-openpgp
	options

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, lib/ext/Makefile.am,
	lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_range.c, lib/gnutls_record.h, lib/gnutls_session_pack.c,
	lib/priority_options.gperf, src/cli-args.def,
	tests/mini-record-2.c, tests/mini-record-range.c,
	tests/mini-record.c: NEW_PADDING has been removed.  This extension did not get accepted by IETF so it is now being
	removed. The gnutls_range API is kept in case length hiding is
	implemented in a different way at some point.

2014-03-05  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: doc: Add indices to the gnutls-guile
	manual.

2014-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: re-introduced rsa-export configure option This broke backwards compatibility. Reported by Andreas Metzler.

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/Makefile.am: examples include both gnulibs

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/gl/Makefile.am, src/gl/fseek.c, src/gl/fseeko.c,
	src/gl/fstat.c, src/gl/getdelim.c, src/gl/getline.c,
	src/gl/getpass.c, src/gl/getpass.h, src/gl/lseek.c,
	src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4, src/gl/m4/fstat.m4,
	src/gl/m4/getdelim.m4, src/gl/m4/getline.m4, src/gl/m4/getpass.m4,
	src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/largefile.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
	src/gl/m4/realloc.m4, src/gl/m4/strdup.m4, src/gl/m4/sys_stat_h.m4,
	src/gl/malloc.c, src/gl/realloc.c, src/gl/stdio-impl.h,
	src/gl/strdup.c, src/gl/sys_stat.in.h: Added getpass in src/gl

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/fseek.c, gl/fseeko.c, gl/getdelim.c,
	gl/getline.c, gl/getpass.c, gl/getpass.h, gl/m4/fseek.m4,
	gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpass.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4,
	gl/strdup.c, gl/tests/Makefile.am, gl/tests/test-fseek.c,
	gl/tests/test-fseek.sh, gl/tests/test-fseek2.sh,
	gl/tests/test-fseeko.c, gl/tests/test-fseeko.sh,
	gl/tests/test-fseeko2.sh, gl/tests/test-fseeko3.c,
	gl/tests/test-fseeko3.sh, gl/tests/test-fseeko4.c,
	gl/tests/test-fseeko4.sh, gl/tests/test-getdelim.c,
	gl/tests/test-getline.c: removed getpass from gl/

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, src/Makefile.am, src/certtool-cfg.c: more gl updates

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: changes for new gnulib in src/

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c: corrent error print in win32

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/system.c: Changes to account for the reduced
	included gnulib

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/crywrap/crywrap.c: added missing declaration

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: removed any dependencies to gnulib network
	stuff

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/egd.c, lib/nettle/rnd-common.c: avoid gnulib's
	insistence to replace strerror

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.c,
	src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/close.c,
	src/gl/dup2.c, src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
	src/gl/float.c, src/gl/float.in.h, src/gl/gai_strerror.c,
	src/gl/getaddrinfo.c, src/gl/getpeername.c, src/gl/inet_ntop.c,
	src/gl/inet_pton.c, src/gl/itold.c, src/gl/listen.c,
	src/gl/m4/arpa_inet_h.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
	src/gl/m4/exponentd.m4, src/gl/m4/float_h.m4,
	src/gl/m4/getaddrinfo.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-comp.m4, src/gl/m4/hostent.m4,
	src/gl/m4/inet_ntop.m4, src/gl/m4/inet_pton.m4,
	src/gl/m4/intmax_t.m4, src/gl/m4/inttypes_h.m4,
	src/gl/m4/math_h.m4, src/gl/m4/memchr.m4, src/gl/m4/mmap-anon.m4,
	src/gl/m4/netdb_h.m4, src/gl/m4/netinet_in_h.m4,
	src/gl/m4/printf.m4, src/gl/m4/select.m4, src/gl/m4/servent.m4,
	src/gl/m4/signal_h.m4, src/gl/m4/size_max.m4,
	src/gl/m4/snprintf.m4, src/gl/m4/socketlib.m4,
	src/gl/m4/sockets.m4, src/gl/m4/socklen.m4, src/gl/m4/sockpfaf.m4,
	src/gl/m4/stdalign.m4, src/gl/m4/stdint_h.m4,
	src/gl/m4/sys_select_h.m4, src/gl/m4/sys_uio_h.m4,
	src/gl/m4/vasnprintf.m4, src/gl/m4/wchar_h.m4, src/gl/m4/wint_t.m4,
	src/gl/m4/xsize.m4, src/gl/memchr.c, src/gl/memchr.valgrind,
	src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/printf-args.c,
	src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
	src/gl/recv.c, src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c,
	src/gl/sendto.c, src/gl/setsockopt.c, src/gl/shutdown.c,
	src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
	src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
	src/gl/stdalign.in.h, src/gl/sys_select.in.h, src/gl/sys_socket.c,
	src/gl/sys_socket.in.h, src/gl/sys_uio.in.h, src/gl/vasnprintf.c,
	src/gl/vasnprintf.h, src/gl/w32sock.h, src/gl/wchar.in.h,
	src/gl/xsize.c, src/gl/xsize.h: All socket options were moved to
	src/gl

2014-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/accept.c, gl/arpa_inet.in.h, gl/close.c,
	gl/dup2.c, gl/fd-hook.c, gl/fd-hook.h, gl/gai_strerror.c,
	gl/getaddrinfo.c, gl/getpeername.c, gl/inet_ntop.c, gl/inet_pton.c,
	gl/listen.c, gl/m4/close.m4, gl/m4/dup2.m4, gl/m4/ftruncate.m4,
	gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdtablesize.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
	gl/m4/inet_ntop.m4, gl/m4/ioctl.m4, gl/m4/lstat.m4,
	gl/m4/mode_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4, gl/m4/perror.m4,
	gl/m4/pipe.m4, gl/m4/select.m4, gl/m4/servent.m4,
	gl/m4/signal_h.m4, gl/m4/stat.m4, gl/m4/strerror.m4,
	gl/m4/strerror_r.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
	gl/m4/sys_select_h.m4, gl/recv.c, gl/recvfrom.c, gl/select.c,
	gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
	gl/signal.in.h, gl/socket.c, gl/sockets.c, gl/sockets.h,
	gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
	gl/sys_select.in.h, gl/tests/Makefile.am, gl/tests/dosname.h,
	gl/tests/ftruncate.c, gl/tests/getcwd-lgpl.c,
	gl/tests/getdtablesize.c, gl/tests/glthread/lock.c,
	gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
	gl/tests/ignore-value.h, gl/tests/ioctl.c, gl/tests/lstat.c,
	gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
	gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/stat.c,
	gl/tests/strerror_r.c, gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
	gl/tests/test-accept.c, gl/tests/test-close.c,
	gl/tests/test-dup2.c, gl/tests/test-ftruncate.c,
	gl/tests/test-ftruncate.sh, gl/tests/test-getaddrinfo.c,
	gl/tests/test-getcwd-lgpl.c, gl/tests/test-getdtablesize.c,
	gl/tests/test-getpeername.c, gl/tests/test-ignore-value.c,
	gl/tests/test-inet_ntop.c, gl/tests/test-ioctl.c,
	gl/tests/test-listen.c, gl/tests/test-lstat.c,
	gl/tests/test-lstat.h, gl/tests/test-open.c, gl/tests/test-open.h,
	gl/tests/test-pathmax.c, gl/tests/test-perror.c,
	gl/tests/test-perror.sh, gl/tests/test-perror2.c,
	gl/tests/test-pipe.c, gl/tests/test-recv.c,
	gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
	gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
	gl/tests/test-select-stdin.c, gl/tests/test-select.c,
	gl/tests/test-select.h, gl/tests/test-send.c,
	gl/tests/test-sendto.c, gl/tests/test-setsockopt.c,
	gl/tests/test-shutdown.c, gl/tests/test-signal-h.c,
	gl/tests/test-stat.c, gl/tests/test-stat.h,
	gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
	gl/tests/test-symlink.c, gl/tests/test-symlink.h,
	gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c: removed
	unused gnulib crap

2014-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/crywrap/crywrap.c: fixed more memory leaks in crywrap

2014-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/crywrap/crywrap.c: addressed memory leak in crywrap.c

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: check the blacklist for certificates
	provided in gnutls_x509_trust_list_verify_named_crt().

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/cha-library.texi, m4/hooks.m4: corrected
	configure option.

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: rsa-export is no more

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: updated option for TPM

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: replace select() on windows

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: print message before failing when the pull
	timeout function isn't replaced.

2014-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Added NULL PSK ciphersuites with
	SHA1; suggested by Manuel Pégourié-Gonnard.

2014-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
	build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
	build-aux/useless-if-before-free, build-aux/vc-list-files,
	doc/gendocs_template, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
	gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
	gl/base64.h, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
	gl/c-ctype.h, gl/close.c, gl/connect.c, gl/dup2.c, gl/errno.in.h,
	gl/fd-hook.c, gl/fd-hook.h, gl/float+.h, gl/float.c, gl/float.in.h,
	gl/fseek.c, gl/fseeko.c, gl/fstat.c, gl/ftell.c, gl/ftello.c,
	gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
	gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/gettext.h,
	gl/gettimeofday.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
	gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/itold.c,
	gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
	gl/m4/absolute-header.m4, gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4,
	gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/close.m4,
	gl/m4/codeset.m4, gl/m4/dup2.m4, gl/m4/errno_h.m4,
	gl/m4/exponentd.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
	gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
	gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4,
	gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
	gl/m4/ftruncate.m4, gl/m4/func.m4, gl/m4/getaddrinfo.m4,
	gl/m4/getcwd.m4, gl/m4/getdelim.m4, gl/m4/getdtablesize.m4,
	gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
	gl/m4/gettext.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
	gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
	gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
	gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
	gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
	gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
	gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/largefile.m4,
	gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
	gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
	gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4,
	gl/m4/manywarnings.m4, gl/m4/math_h.m4, gl/m4/memchr.m4,
	gl/m4/memmem.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
	gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
	gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/open.m4, gl/m4/pathmax.m4,
	gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
	gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
	gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
	gl/m4/signal_h.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
	gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
	gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
	gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strdup.m4,
	gl/m4/strerror.m4, gl/m4/strerror_r.m4, gl/m4/string_h.m4,
	gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
	gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4,
	gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
	gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
	gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
	gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
	gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
	gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
	gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
	gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
	gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
	gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
	gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/recv.c,
	gl/recvfrom.c, gl/select.c, gl/send.c, gl/sendto.c,
	gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/size_max.h,
	gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
	gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
	gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
	gl/strcasecmp.c, gl/strdup.c, gl/strerror-override.c,
	gl/strerror-override.h, gl/strerror.c, gl/string.in.h,
	gl/strings.in.h, gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c,
	gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
	gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
	gl/tests/binary-io.h, gl/tests/dosname.h, gl/tests/fcntl.in.h,
	gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/ftruncate.c,
	gl/tests/getcwd-lgpl.c, gl/tests/getdtablesize.c,
	gl/tests/getpagesize.c, gl/tests/glthread/lock.c,
	gl/tests/glthread/lock.h, gl/tests/glthread/threadlib.c,
	gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/inttypes.in.h,
	gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h,
	gl/tests/open.c, gl/tests/pathmax.h, gl/tests/perror.c,
	gl/tests/pipe.c, gl/tests/same-inode.h, gl/tests/signature.h,
	gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c,
	gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c,
	gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
	gl/tests/test-base64.c, gl/tests/test-binary-io.c,
	gl/tests/test-bind.c, gl/tests/test-byteswap.c,
	gl/tests/test-c-ctype.c, gl/tests/test-close.c,
	gl/tests/test-connect.c, gl/tests/test-dup2.c,
	gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
	gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
	gl/tests/test-float.c, gl/tests/test-fputc.c,
	gl/tests/test-fread.c, gl/tests/test-fseek.c,
	gl/tests/test-fseeko.c, gl/tests/test-fseeko3.c,
	gl/tests/test-fseeko4.c, gl/tests/test-fstat.c,
	gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
	gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
	gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
	gl/tests/test-func.c, gl/tests/test-fwrite.c,
	gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
	gl/tests/test-getdelim.c, gl/tests/test-getdtablesize.c,
	gl/tests/test-getline.c, gl/tests/test-getpeername.c,
	gl/tests/test-gettimeofday.c, gl/tests/test-iconv.c,
	gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
	gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
	gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
	gl/tests/test-ioctl.c, gl/tests/test-listen.c,
	gl/tests/test-lstat.c, gl/tests/test-lstat.h,
	gl/tests/test-memchr.c, gl/tests/test-netdb.c,
	gl/tests/test-netinet_in.c, gl/tests/test-open.c,
	gl/tests/test-open.h, gl/tests/test-pathmax.c,
	gl/tests/test-perror.c, gl/tests/test-perror2.c,
	gl/tests/test-pipe.c, gl/tests/test-read-file.c,
	gl/tests/test-recv.c, gl/tests/test-recvfrom.c,
	gl/tests/test-select-fd.c, gl/tests/test-select-stdin.c,
	gl/tests/test-select.c, gl/tests/test-select.h,
	gl/tests/test-send.c, gl/tests/test-sendto.c,
	gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
	gl/tests/test-signal-h.c, gl/tests/test-snprintf.c,
	gl/tests/test-sockets.c, gl/tests/test-stat.c,
	gl/tests/test-stat.h, gl/tests/test-stdalign.c,
	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
	gl/tests/test-stdint.c, gl/tests/test-stdio.c,
	gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
	gl/tests/test-strerror_r.c, gl/tests/test-string.c,
	gl/tests/test-strings.c, gl/tests/test-strnlen.c,
	gl/tests/test-strverscmp.c, gl/tests/test-symlink.c,
	gl/tests/test-symlink.h, gl/tests/test-sys_ioctl.c,
	gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
	gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
	gl/tests/test-sys_wait.h, gl/tests/test-time.c,
	gl/tests/test-u64.c, gl/tests/test-unistd.c,
	gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
	gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
	gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
	gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/vsnprintf.c,
	gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk,
	src/gl/Makefile.am, src/gl/alloca.in.h, src/gl/c-ctype.c,
	src/gl/c-ctype.h, src/gl/errno.in.h, src/gl/error.c,
	src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
	src/gl/gettext.h, src/gl/gettime.c, src/gl/gettimeofday.c,
	src/gl/intprops.h, src/gl/m4/00gnulib.m4,
	src/gl/m4/absolute-header.m4, src/gl/m4/alloca.m4,
	src/gl/m4/bison.m4, src/gl/m4/clock_time.m4, src/gl/m4/eealloc.m4,
	src/gl/m4/environ.m4, src/gl/m4/errno_h.m4, src/gl/m4/error.m4,
	src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
	src/gl/m4/gettime.m4, src/gl/m4/gettimeofday.m4,
	src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4,
	src/gl/m4/gnulib-comp.m4, src/gl/m4/gnulib-tool.m4,
	src/gl/m4/include_next.m4, src/gl/m4/longlong.m4,
	src/gl/m4/malloca.m4, src/gl/m4/mktime.m4, src/gl/m4/msvc-inval.m4,
	src/gl/m4/msvc-nothrow.m4, src/gl/m4/multiarch.m4,
	src/gl/m4/off_t.m4, src/gl/m4/parse-datetime.m4,
	src/gl/m4/setenv.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4,
	src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4, src/gl/m4/stdio_h.m4,
	src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
	src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
	src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
	src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
	src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
	src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
	src/gl/mktime.c, src/gl/msvc-inval.c, src/gl/msvc-inval.h,
	src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
	src/gl/parse-datetime.h, src/gl/parse-datetime.y,
	src/gl/progname.c, src/gl/progname.h, src/gl/setenv.c,
	src/gl/stdbool.in.h, src/gl/stddef.in.h, src/gl/stdint.in.h,
	src/gl/stdio.in.h, src/gl/stdlib.in.h, src/gl/strerror-override.c,
	src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
	src/gl/sys_time.in.h, src/gl/sys_types.in.h, src/gl/time.in.h,
	src/gl/time_r.c, src/gl/timespec.h, src/gl/unistd.in.h,
	src/gl/unsetenv.c, src/gl/verify.h, src/gl/xalloc-die.c,
	src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c: 
	updated gnulib

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Allow all ciphersuites in SSL3.0
	when they are available in TLS1.0

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: The default priority is reset to NORMAL

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Revert "the default priorities are reset to
	be NORMAL." This reverts commit 9c07f75676b6b70da10e99c409b0cb7dbc245463.

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: mention SHA384 as MAC option

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/serv-args.def: documented the defaults

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: the default priorities are reset to be
	NORMAL.  Reported by Manuel Pégourié-Gonnard.

2014-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-args.def: Add required priorities

2014-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Preinitialize values; suggested by Sebastian
	Krahmer and Tomas Hoger.

2014-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: added doc on is_issuer() checks

2014-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: removed not trusted message; reported by Michel
	Briand.

2014-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: updated for verification updates

2014-02-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Updated verification function

2014-02-22  Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>

	* src/cli-args.def, src/cli.c: New option --stricttofu for
	gnutls-cli With option --tofu, gnutls-cli waits with a yes-no-question upon
	certificate changes.  I added the option --stricttofu that omits the
	question and fails instead.  The contribution is in accordance to the "Developer's Certificate of
	Origin" as found in the file doc/DCO.txt.  Best wishes Jens Signed-off-by: Jens Lechtenbörger <jens.lechtenboerger@fsfe.org>

2014-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: moved priorities check to the first call
	only.

2014-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c: removed duplicate definition; reported by
	Dennis Philipps.

2014-02-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/README.CODING_STYLE: updated coding style

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-nc.pem: added cert

2014-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: corrected check

2014-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h: combined timeout
	values

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testdane: updated

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: When appending a name, ensure that we
	append to the end of the list.

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: use gnutls_free()

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: corrected email in texi

2014-02-20  Attila Molnar <attilamolnar@hush.com>

	* lib/auth/srp.h, lib/auth/srp_passwd.c, lib/gnutls_srp.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: srp: Add
	resistance against guessing usernames When a client tries to authenticate using an unknown username,
	instead of generating a random salt every time, generate the salt
	based on the username and a secret seed.  The seed is settable by the application, allowing servers to re-use
	the same seed after a restart.  A random seed is generated for each newly allocated SRP server
	credentials structure, meaning that applications not using the new
	API to set the seed continue to work and gain limited advantage
	(because they use a different seed after every restart).  For further information see section 2.5.1.3. in RFC 5054.  Signed-off-by: Attila Molnar <attilamolnar@hush.com>

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: small artistic changes

2014-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: check against the success value

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.h, lib/x509/verify.c, lib/x509/x509_int.h: use
	bool types when needed.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: ensure failure when parsing fails.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: allow ip address as constraint

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Added check for IPaddress

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: Added tests for name constraints addition.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: better error printing

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/extensions.c: corrected empty name check

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-nc.pem,
	tests/cert-tests/template-nc.tmpl: Updated test for name constraints
	to include empty constraints names.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: pretty print empty DNSnames

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c, lib/x509/name_constraints.c: 
	_gnutls_x509_read_value() can now read empty values.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/extensions.c: Allow empty names.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c: removed debugging

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/extensions.c: Added check for null

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: If alternative names are found, don't
	bother checking the DN.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/certs/create-chain.sh: Added tool to create a
	certificate chain

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: properly indent name constraints

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: _gnutls_parse_general_name2() will return the
	expected data

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c, tests/cert-tests/Makefile.am,
	tests/cert-tests/template-nc.tmpl, tests/cert-tests/template-test: 
	certtool allows setting name constraints.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c, tests/cert-tests/template-nc.tmpl: removed
	false warnings

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: simplify names

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c, lib/x509/verify.c: Verify name
	constraints.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/name_constraints.c: Added
	gnutls_x509_name_constraints_check_crt This function will check name constraints against all the names in a
	certificate.

2014-02-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c, tests/name-constraints.c,
	tests/suppressions.valgrind: Added support for e-mail constraints.

2014-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/name-constraints.c: Added more constraints tests for
	unsupported structures.

2014-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/name_constraints.c: Corrected check for present
	constraints in unsupported types.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-ocsp-client.c: fix small leak

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool.c: When verifying a response and a signer isn't
	provided assume that the signer is the issuer.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/ocsptool-args.def, src/ocsptool-common.c,
	src/ocsptool-common.h, src/ocsptool.c: When sending a nonce in OCSP
	check if it is available on the reply.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: properly deinitialize name
	constraints structure.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-ocsp-client.c: Verify in example that the sent
	nonce matches the received nonce.  Reported by Benny Baumann.

2014-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/name-constraints.c: Added missing file

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/priority_options.gperf: priority string flag
	VERIFY_ALLOW_X509_V1_CA_CRT is now a dummy

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_state.c: reinitialize the
	handshake timers when gnutls_handshake() is called.

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-rehandshake.c: Improved DTLS rehandshake test to
	catch a timeout issue in handshake().

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: doc update

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
	multiple flags in gnutls_x509_crt_get_name_constraints()

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/name_constraints.c: Do not deinitialize the constraints
	structure when reading the constraints fails.

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c,
	lib/x509/output.c: Allow appending name constraints.

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/name_constraints.c: Allow
	setting a non-critical name-constraints extension.

2014-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/name_constraints.c: better checking of unsupported
	constraints.

2014-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/extensions.c,
	lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/x509.c,
	lib/x509/x509_int.h, tests/Makefile.am: Added support for name
	constraints X.509 extension.  This allows to generate and read the name constraints extension, as
	well as check against the DNSNAME value.

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: depend on p11-kit 0.20.0 or later

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: changed names for clarity

2014-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pcert.c: Corrected bug in
	gnutls_pcert_list_import_x509_raw().  The bug caused gnutls_pcert_list_import_x509_raw() to crash if
	gnutls_x509_crt_list_import() would fail with the provided data.
	Reported by Dmitriy Anisimkov.

2014-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suppressions.valgrind: corrected suppressions file

2014-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h: do not mention
	GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT in documentation

2014-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/x509.h, lib/x509/verify.c, src/certtool.c,
	tests/chainverify.c: removed deprecated flag

2014-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/cover.tex: added Ted

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: Use pre-generated keys for self-tests.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: set value to null after releasing

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/keygen.c: generate keys in the acceptable sizes in
	FIPS140 mode

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/crq_key_id.c: generate 2048 bit keys in RSA mode

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c, lib/x509/x509_int.h: Added
	_gnutls_parse_general_name2()

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: ensure that _gnutls_x509_read_value works as
	documented.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: ensure that the issuer in present in a trusted
	module.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: removed flag
	GNUTLS_PKCS11_TOKEN_TRUSTED_UINT

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
	GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags().

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Use the
	GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE to ensure that only
	trusted modules are used.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h: 
	Added flag GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE.  This flag can be used to ensure that the object request lies on a
	marked as trusted PKCS #11 module. The marking is done on p11-kit
	configuration.

2014-02-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: mark trusted p11-kit modules as trusted.

2014-02-12  Marcus Meissner <meissner@suse.de>

	* src/serv.c: fixed socket existance checking If getaddrinfo returns: ipv4 address, ipv6 address ... and socket()
	for the ipv6 address fails, this loop would fail and abort the
	socket listen code.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Applied part of Ted Zlatanov's patch.

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: Added test for pathlen constraints.

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/chainverify.c: Added check for v1 intermediate CA
	certificate

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: Fix bug that prevented the rejection of v1
	intermediate CA certificates.  Reported by Suman Jana.

2014-02-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/abstract_int.h, lib/gnutls_pubkey.c: removed unused function

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Use longer
	timestamps for serial numbers.

2014-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* maint.mk: updated indent cmd

2014-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cfg.mk: corrected indent parameters

2014-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/accelerated/x86/aes-cbc-x86-aesni.c,
	lib/accelerated/x86/aes-cbc-x86-ssse3.c, lib/accelerated/x86/x86.h: 
	do not redefine the _gnutls_x86_cpuid_s symbol

2014-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Adjusted the
	security levels of PFS, SECURE128 and SECURE192 keywords.

2014-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: reduced security levels of SECURE128 and
	SECURE192 strings.

2014-02-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c: only test libz if it is available

2014-02-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c: check errors from
	gnutls_priority_set_direct().

2014-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc update

2014-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: increased the interval between reading
	/dev/urandom

2014-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* po/cs.po.in, po/de.po.in, po/eo.po.in, po/fi.po.in, po/fr.po.in,
	po/it.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
	po/uk.po.in, po/vi.po.in, po/zh_CN.po.in: Sync with TP.

2014-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c,
	src/danetool.c, src/p11tool.c, src/tpmtool.c: Added --ask-pass
	certtool option to allow asking for passwords even when in batch
	mode.

2014-02-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-common.c: use newlines in error printing

2014-02-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: when using a PKCS #11 module for verification
	ensure that it has been marked a trusted module in p11-kit.

2014-02-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added flag
	GNUTLS_PKCS11_TOKEN_TRUSTED_UINT that can be used to obtain
	p11-kit's P11_KIT_MODULE_TRUSTED flag.

2014-02-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: use macros to set the level.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: updated
	reference manual to remove individual indexes that were not working.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/test-ciphersuites.sh: corrected
	test-ciphersuites.sh test

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: consider the initial keyword set even when
	it's set to NONE.

2014-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: When two initial keywords are specified
	then treat the second as having the '+' modifier.  This will handle SECURE256:SECURE128 the same way as
	SECURE256:+SECURE128.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c, lib/includes/gnutls/x509.h: when setting
	multiple initial keywords in a priority string, the security level
	set is the one of the lowest security.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: better wording

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: corrected bug in DH exponent size calculation.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ecc.c: tolerate servers that included the SUPPORTED ECC
	extension.  This is an extension that is defined to be sent by the client but
	there are servers that include it as well. Most other
	implementations tolerate this behavior so we do.

2014-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: corrected typo

2014-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: reduced the TLS and DTLS version
	requirements for all ciphersuites that are not GCM.

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: return proper error on RSA key generation failure

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey_raw.c, lib/nettle/pk.c, lib/x509/privkey.c: 
	allow a missing u

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_hash_int.c: Added sanity check in hash_init() and
	mac_init().

2014-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd.c: use some kind of key continuity in the nonce
	RNG.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: when importing public keys set the correct
	algorithm.

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/provable-prime.c: allow for seeds larger to the MAX
	by one byte

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: corrected calculation

2014-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: corrected prototype

2014-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/nettle/Makefile.am,
	lib/nettle/int/rsa-fips.h, lib/nettle/int/rsa-keygen-fips186.c,
	lib/nettle/pk.c: Added FIPS184-4 RSA key generation.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_db.c, lib/libgnutls.map: rename function

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_db.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_db_get_cache_expiration()

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c: Added Since flag.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: removed unused variables

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
	gnutls_pubkey_verify_params() and gnutls_privkey_verify_params().

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.h, lib/gnutls_pk.h, lib/nettle/pk.c,
	lib/x509/privkey.c: Allow verification of public and private
	parameters.

2014-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: Handle DSA and ECDSA the same when verifying
	keys.

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/resume.c: Added check for gnutls_db_check_entry_time().

2014-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_db.c: correctly read the magic number and timestamp;
	report and patch by Jonathan Roudiere

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/scripts/getfuncs-map.pl: updated for new functions

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_privkey_raw.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Renamed get_pk
	functions to export.  gnutls_pubkey_export_ecc_x962 replaces gnutls_pubkey_get_pk_ecc_x962
	gnutls_pubkey_export_ecc_raw replaces gnutls_pubkey_get_pk_ecc_raw
	gnutls_pubkey_export_dsa_raw replaces gnutls_pubkey_get_pk_dsa_raw
	gnutls_pubkey_export_rsa_raw replaces gnutls_pubkey_get_pk_rsa_raw

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
	lib/x509/common.h: Added identifiers for DSA-SHA382 and DSA-SHA512

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: exported function needed for fips test

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/abstract_int.h, lib/gnutls_privkey.c,
	lib/gnutls_privkey_raw.c: compile missing file

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: indented

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: eliminated memory leak when generating a
	privvate key using gnutls_privkey_generate().

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_privkey.c, lib/gnutls_privkey_raw.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added functions
	to directly import parameters into a gnutls_privkey_t Added gnutls_privkey_import_ecc_raw, gnutls_privkey_import_dsa_raw,
	gnutls_privkey_import_rsa_raw

2014-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: corrected usage of privkey

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/eagain, tests/suite/mini-eagain2.c: changed port
	number

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: optimized string search in _oid2str table.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c: copyright update

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: fixed null pointer derefence when printing a
	name and an LDAP description isn't present for the OID

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/getfuncs-map.pl, lib/libgnutls.map: added
	gnutls_realloc_fast to false positives Conflicts:         lib/libgnutls.map

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, doc/Makefile.am, doc/scripts/getfuncs-map.pl: Prior
	to release verify that the exported functions in the .map file match
	the headers.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported missing functions

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported function

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
	lib/nettle/rnd-common.h: Do not compile the DRBG-AES-CTR when not in
	FIPS140 mode.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-global-load.c: removed non-working test for static
	linking.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: use two separate mutexes for nonce and main rng.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/rng-fork.c: increased the number of bytes requested by the
	RNG

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c: 
	The AES-CTR-based nonce random number generator was replaced with
	salsa20.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.h, lib/gnutls_srp.c, lib/nettle/mpi.c,
	lib/x509/pkcs12_encr.c, tests/mpi.c: Updated the rest of the MPI
	function prototypes.

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/nettle/mpi.c: updated
	the prototype of _gnutls_mpi_div

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/pkcs12_encr.c: updated
	prototypes of _gnutls_mpi_sub_ui, _gnutls_mpi_add_ui,
	_gnutls_mpi_mul_ui

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_srp.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/x509/privkey_pkcs8.c: updated
	prototype of _gnutls_mpi_powm

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dh_common.c, lib/auth/srp.c, lib/crypto-backend.h,
	lib/crypto-selftests-pk.c, lib/gnutls_dh.c, lib/gnutls_ecc.c,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pubkey.c,
	lib/gnutls_srp.c, lib/gnutls_ui.c, lib/nettle/mpi.c,
	lib/nettle/pk.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c,
	lib/x509/crq.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c: updated
	mpi_scan macros

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: reduced warnings

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
	lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/nettle/mpi.c,
	lib/nettle/pk.c, tests/mpi.c: updated prototypes of _gnutls_mpi_set,
	_gnutls_mpi_set_ui,, _gnutls_mpi_copy

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.c,
	lib/nettle/mpi.c, lib/nettle/pk.c: updated prototype of
	_gnutls_mpi_modm

2014-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_mpi.h,
	lib/gnutls_srp.c, lib/nettle/mpi.c, lib/nettle/pk.c,
	lib/x509/privkey_pkcs8.c: Updated _gnutls_mpi_init prototype and
	added _gnutls_mpi_init_multi

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: reduced the number of system calls made during
	the random generator lock.

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	lib/includes/gnutls/gnutls.h.in: do not set the SYSTEM priority
	string by default in examples (not yet).

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2014-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd-common.c: use RUSAGE_THREAD to obtain rusage stats
	to avoid becoming a bottleneck on processes with many threads.

2014-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: corrected push/pull function setting

2014-01-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: simplified _dsa_generate_dss_g()

2014-01-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: do not impose limits to index

2014-01-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c, lib/nettle/int/provable-prime.c: 
	Fixes in the Shawe-Taylor prime generation routine.

2014-01-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/provable-prime.c: cleanups

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: increased seed length

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/provable-prime.c: cleanups

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/provable-prime.c: indented code

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pk.c, lib/gnutls_privkey.c: ensure that
	_gnutls_pk_params_copy makes a full duplicate.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/abstract.h, lib/nettle/pk.c,
	lib/x509/privkey.c: Added macros to allow specifying a subgroup for
	DSA.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: corrected FIPS140 generation of DSA2 keys.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_datum.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map, lib/openpgp/privkey.c, lib/x509/privkey.c: Added
	new functions to obtain raw private key gnutls_privkey_get_pk_ecc_raw: Added gnutls_privkey_get_pk_dsa_raw:
	Added gnutls_privkey_get_pk_rsa_raw: Added

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map: exported more internal functions

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: use dsa_generate_dss_keypair when generating DSA
	keys.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: Split the generation of keypair from
	the generation of parameters.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: Added _dsa_validate_dss_pq and
	_dsa_validate_dss_g, and other fixes in validation.

2014-01-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c,
	lib/nettle/int/dsa-validate.c: indented files

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: corrected s check in
	_dsa_generate_dss_pq

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/dsa-keygen-fips186.c: fixed copyright

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c: updated DRBG-CTR-AES test
	vectors for the fixed implementation.

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/random.c: register FIPS140 random generator prior to
	initialization

2014-01-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/libgnutls.map, lib/nettle/int/drbg-aes.c,
	lib/nettle/int/drbg-aes.h: Updates in the DRBG-CTR-AES random number
	generator.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: no point to fail on 3DES weak keys.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: Do not restrict the GCM nonce to 12 bytes.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: use a single context for all stream ciphers.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: Added ARCFOUR-128 self test.

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: always set subkey status

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-dtls-record.c: small updates in mini-dtls-record

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/dumbfw.c: dumbfw extension isn't sent on DTLS

2014-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: simplified client hello generation

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: %COMPAT implies %DUMBFW

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/int/drbg-aes.c: fix in DRBG-AES-CTR initialization

2014-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: use a single buffer to generate the client
	hello.

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.h, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
	lib/random.c: The FIPS140 random number generator is enabled
	conditionally when required.

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: removed duplicate function

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
	lib/nettle/int/drbg-aes.h, lib/nettle/rnd-common.c,
	lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c: 
	replaced the ANSI X9.31 RNG with the SP800-90A DRBG-AES-CTR rng.

2014-01-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: use newline

2014-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: when freeing priority_cache make sure it is
	set to NULL

2014-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_x509.c: Clarified version

2014-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/gnutls_global.c, lib/includes/gnutls/compat.h: 
	gnutls_global_set_mem_functions was deprecated

2014-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c, lib/gnutls_record.c: removed unneeded
	warning; all systems we support set this function.

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am: generate info documentation in a single file

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/gnutls_x509.c: The simple bit size check in
	certificates is now replaced by the verification profiles.

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: no need to set profile to LOW as it is already
	the default

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	lib/includes/gnutls/gnutls.h.in: Introduced GNUTLS_DEFAULT_PRIORITY
	macro

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: decreased certificate verification level to
	allow SHA1 as hash.

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/x509/verify.c: When verifying a
	certificate's security level ensure that the hash is within the
	level

2014-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_sec_param_to_symmetric_bits()

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/complex-cert.pem: updated test for level rename

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suppressions.valgrind: updated memxor3 suppression to cope
	with any usage of memxor3

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: The correct priority will be used if SYSTEM
	is not specified.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: do not immediately fail on verification failure
	due to insecure algorithm.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/setcredcrash.c, tests/x509dn.c, tests/x509self.c: use
	gnutls_priority_set_direct() to set a fixed priority string

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: avoid allocation.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c: use default
	priorities based on version number in examples, and add dependency
	on 3.1.0

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	lib/gnutls_priority.c: changes in SYSTEM semantics to allow
	appending rules to the default policy.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/gnutls_priority.c: 
	Added the SYSTEM priority string initial keyword.  That allows a compile-time specified configuration file to be used
	to read the priorities. That can be used to impose system specific
	policies.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: Weak sec-param was replaced with Low.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/sec-params.c: updated sec-params check

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, src/certtool-common.c, src/serv.c: more updates for the
	security param rename

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/sec-params.c, tests/slow/keygen.c: Added
	test to check the expected values of security parameters.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, doc/examples/ex-crq.c: doc update

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/secparams.c: security levels aligned to ENISA and
	other common practice recommendations.

2014-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/algorithms/secparams.c, lib/gnutls_priority.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
	lib/priority_options.gperf, lib/x509/verify.c: 
	GNUTLS_SEC_PARAM_NORMAL was renamed to GNUTLS_SEC_PARAM_MEDIUM That was done to avoid confusion with the NORMAL priority string.
	Also when setting a PROFILE explicitly as priority string the
	session security level is adjusted accordingly.

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc update

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_priority.c,
	lib/priority_options.gperf: Use gperf to find priority string
	options.

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: verification profiles can be set
	individually as well.

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify-high.c: doc
	update

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: increased the overall security level unless
	%COMPAT is specified.

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h, lib/gnutls_priority.c: enforce certificate
	verification profiles when setting priority strings

2014-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/includes/gnutls/x509.h, lib/x509/verify.c: 
	Added certificate verification profiles.

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: simplified _gnutls_verify_certificate2().

2014-01-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: consistency changes.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: gnutls_session_get_desc() returns a more compact
	description.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
	lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
	lib/x509/verify-high.c, lib/x509/verify-high.h: The RDN sequence is
	now kept in trust list instead of the credentials parameters.  This is however not enabled by default. When adding CAs to trust
	list the flag GNUTLS_TL_USE_IN_TLS must be specified to generate the
	RDN sequence. This flag is for now only useful internally in gnutls.

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509dn.c: simplified x509dn

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: doc update

2014-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12-decode/Makefile.am, tests/set_pkcs12_cred.c: enhanced
	set_pkcs12_cred test.

2014-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkcs11.c: doc update

2014-01-08  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/cli-debug.c: gnutls-cli-debug should accept TLS 1.2-only
	servers Without this patch, a TLS 1.2-only server will not be properly
	investigated by gnutls-cli-debug.  e.g. a server like:   gnutls-serv --x509keyfile=server/secret.key
	  --x509certfile=server/x509.pem --priority
	  'NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2' gets this failed analysis: 0 dkg@alice:~$ gnutls-cli-debug --port 5556 localhostrt 5556
	localhost Resolving 'localhost'...  Connecting to '::1:5556'...
	Checking for SSL 3.0 support... no Checking whether %COMPAT is
	required... yes Checking for TLS 1.0 support... no Checking for TLS
	1.1 support... no Checking fallback from TLS 1.1 to... failed
	Checking for TLS 1.2 support... yes Checking whether we need to
	disable TLS 1.2... N/A Checking whether we need to disable TLS
	1.1... no Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1 0
	dkg@alice:~$ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2014-01-06  Nils Maier <maierman@web.de>

	* lib/ext/status_request.c: Fix CERTIFICATE STATUS processing when
	using non-blocking I/O _gnutls_recv_server_certificate_status() must wait for the first
	full packet before setting priv->expect_cstatus = 0, or else
	CERTIFCATE STATUS packets won't be processed in subsequent calls at
	all, leaving them in the buffer and therefore causing later
	connection aborts.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2014-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/x509/common.h, lib/x509/verify.c: gnutls_pkcs11_crt_exists
	renamed to gnutls_pkcs11_crt_is_known Moreover it was modified to fully compare the certificate when
	looking for a trusted certificate.

2014-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: simplified
	gnutls_certificate_set_x509_crl_file/mem.

2014-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: simplified
	gnutls_certificate_set_x509_trust_file/mem.

2014-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high2.c: use gnutls_strdup

2014-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2014-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: mini-record-2 movedto front.

2014-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: removed debugging

2014-01-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c, lib/x509/x509_int.h: When verifying using a
	PKCS #11 module use gnutls_pkcs11_crt_exists() to check for trust
	and distrust (blacklists).

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h: Added gnutls_pkcs11_crt_exists()

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: more sensible names in find data private structures.

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: 
	gnutls_pkcs11_get_raw_issuer() returns only trusted issuers if
	GNUTLS_PKCS11_ISSUER_ANY is not specified.

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c: unified PKCS#11 debug messages

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/x509/verify-high.c, lib/x509/verify-high.h,
	lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h: 
	Updated PKCS #11 support for
	gnutls_x509_trust_list_add_trust_file().  It will now use the PKCS #11 trust URL while verifying instead of
	importing all CAs. That way it allows verification on the spot
	without requiring the gnutls to restart in case of a blacklisted CA.

2014-01-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2014-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def: Added documentation for force autogen to
	generate correct texinfo code.

2013-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume-dtls.c, tests/resume.c: resume tests will not block
	if they fail

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: moved constructor definitions to macros to
	allow easier extensions to other systems.

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/rng-fork.c: perform the iteration check on both rngs.

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suppressions.valgrind: Add suppression for nettle's memxor3

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: updated

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/dumbfw.c, lib/ext/dumbfw.h: adapt padding size based on
	the current size of the client hello.

2013-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/dumbfw.c: doc update

2013-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/dumbfw.c: do not pad when the client hello size is
	sufficiently small.

2013-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/dumbfw.c, lib/gnutls_extensions.c: do not send the dumbfw
	padding if the hello data are already too long.

2013-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: export only xssl symbols; small patch by Andreas
	Metzler.

2013-12-26  Gustavo Zacarias <gustavo@zacarias.com.ar>

	* src/crywrap/Makefile.am: Add LIB_CLOCK_GETTIME to crywrap It's used indirectly thus causing build breakage on versions of
	glibc where it's defined in librt rather than libc directly.  Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

2013-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: limit the size of the DH exponent

2013-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: unified constants

2013-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/fips-test.c: Do not run the fips-test when not in fips mode

2013-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/ext/status_request.c,
	lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mbuffers.h: 
	simplified gnutls_handshake_alloc

2013-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: do not specify a default class when searching
	for objects to delete This fixed issue when trying to delete all the keys in a token by
	using the token URL.

2013-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def, src/p11tool.c, src/pkcs11.c: Added so-login
	flag to force security office login to the card

2013-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: updated txt

2013-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: print warning when no token name is provided

2013-12-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: Added userPrincipalName

2013-12-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/dane.c: pass the correct flag to dane_verify_crt_raw() That doesn't affect anything but logical correctness, as the
	parameter is ignored.

2013-12-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c: corrected key ID size check

2013-12-23  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: Ported Alon's patch to correctly check for librt (et
	al.) This also makes clock_gettime() check independent of the FIPS140
	option.

2013-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def: Added aliases list-privkeys and list-keys

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: undefine select as well in win32

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-large.c, tests/mini-dtls-record.c,
	tests/mini-handshake-timeout.c: corrected some tests to operate
	silently under valgrind

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mpi.c, tests/x509cert-tl.c: corrected leaks

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: do not use the gnulib wrappers in win32

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/cli.c, src/common.h, src/serv.c: explicitly
	set the gnulib functions for recv and send.

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/elf/cpuid-x86_64.s: updated

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: corrected running tests over valgrind It seems that some autotools change has prevented that for some
	time.

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert-tl.c: corrected check

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: removed debugging

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12_s2k.c: corrected paths

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_int.c, lib/pkcs11_int.h, lib/pkcs11_write.c: 
	pkcs11_get_random was renamed

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/coff/aes-ssse3-x86.s,
	lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/cpuid-x86.s,
	lib/accelerated/x86/coff/cpuid-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/cpuid-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/cpuid-x86.s,
	lib/accelerated/x86/macosx/cpuid-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: corrected
	generated files

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: correctly generate asm sources

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: gnu note for stack only used in ELF

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/coff/openssl-cpuid-x86.s,
	lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
	lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
	lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s: removed unused
	files

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/accelerated/Makefile.am,
	lib/accelerated/accelerated.c: Improved nettle check for
	registration of accelerated ciphers.

2013-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am: use the correct sources in win32
	systems

2013-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: simplified deps

2013-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: libtasn1 generated files are set in BUILT_SOURCES Conflicts:         lib/Makefile.am

2013-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testdane: updated danetool

2013-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ecc.c: changed default to 256R1

2013-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: the accelerated library is depending on nettle
	being present

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def: doc update

2013-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-tokens.texi: updated to account the file format p11-kit
	expects

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/openssl: restricted submodule to a specific version

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, cfg.mk: bootstrap will initialize the submodules

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s: Updated asm files

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitmodules, devel/openssl, devel/perlasm/aes-ssse3-x86.pl,
	devel/perlasm/aes-ssse3-x86_64.pl, devel/perlasm/aesni-x86.pl,
	devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl,
	devel/perlasm/cbc.pl.license, devel/perlasm/e_padlock-x86.pl,
	devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
	devel/perlasm/ghash-x86_64.pl, devel/perlasm/openssl-cpuid-x86.pl,
	devel/perlasm/openssl-cpuid-x86.pl.license,
	devel/perlasm/ppc-xlate.pl, devel/perlasm/sha1-ssse3-x86.pl,
	devel/perlasm/sha1-ssse3-x86_64.pl,
	devel/perlasm/sha256-ssse3-x86.pl,
	devel/perlasm/sha512-ssse3-x86.pl,
	devel/perlasm/sha512-ssse3-x86_64.pl,
	devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
	devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
	devel/perlasm/x86nasm.pl: Import perlasm files directly from openssl
	using git submodule

2013-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/system.c: Added configure option
	--with-default-blacklist-file This option allows to specify a file containing blacklisted
	certificates.

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c, lib/x509/verify-high2.c: 
	gnutls_x509_trust_list_remove_cas() and derivatives will utilize a
	black list.  When a CA or certificate is removed from the trusted list, it is
	also added in a blacklist to ensure that it will not be accepted due
	to interdependency (e.g., it is a subordinate CA), or because it is
	not a CA.

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high2.c: Corrected documentation for
	gnutls_x509_trust_list_add_trust_*

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: avoid initializing PKCS #11 modules when not needed
	in gnutls_pkcs11_reinit.

2013-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/mac.c: Avoid verbose logging

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: 
	use better definitions

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-cert-status.c: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_buffers.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
	lib/gnutls_record.c, lib/gnutls_record.h: Align on 16-byte
	boundaries the buffers provided to cryptodev.  When gnutls is compiled with support for cryptodev, the buffers
	provided to crypto backend are ensured to be 16-byte aligned (except
	the ones provided by the user). That increases performance in
	several crypto accelerators.

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-large.c: updated to correspond to new fail()

2013-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
	lib/gnutls_mbuffers.h, lib/gnutls_record.c: simplified
	_mbuffer_alloc

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-cbc-x86-aesni.c,
	lib/accelerated/x86/aes-cbc-x86-ssse3.c,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/hmac-x86-ssse3.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-padlock.h,
	lib/accelerated/x86/sha-x86-ssse3.c, lib/accelerated/x86/sha-x86.h,
	lib/accelerated/x86/x86-common.c: reorganized source files.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h: when
	AESNI is available without PCLMUL, then use AES-NI in GCM.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-x86.c: addressed warning

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-x86.c: give lower priority to SSSE3 over
	AESNI

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am, lib/accelerated/x86/{hmac-x86.c
	=> hmac-x86-ssse3.c}, lib/accelerated/x86/{sha-x86.c =>
	sha-x86-ssse3.c}: use better names for files

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/hmac-padlock.c: zeroize keys

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/{aes-gcm-x86.c => aes-gcm-x86-pclmul.c},
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
	lib/accelerated/x86/hmac-x86.c, lib/accelerated/x86/sha-x86.c,
	lib/accelerated/x86/sha-x86.h: When PCLMUL isn't available use the
	SSSE3 implementation of AES to optimize GCM.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: removed UMAC ciphersuites from benchmark

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: removed the estream ciphersuites from
	benchmarks

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, devel/perlasm/aes-ssse3-x86.pl,
	devel/perlasm/aes-ssse3-x86.pl.license,
	devel/perlasm/aes-ssse3-x86_64.pl,
	devel/perlasm/aes-ssse3-x86_64.pl.license,
	devel/perlasm/aesni-x86.pl.license,
	devel/perlasm/aesni-x86_64.pl.license,
	devel/perlasm/cbc.pl.license, devel/perlasm/cpuid-x86.pl.license,
	devel/perlasm/cpuid-x86_64.pl.license,
	devel/perlasm/e_padlock-x86.pl.license,
	devel/perlasm/e_padlock-x86_64.pl.license,
	devel/perlasm/ghash-x86.pl.license,
	devel/perlasm/ghash-x86_64.pl.license,
	devel/perlasm/license-gnutls.txt, devel/perlasm/license-vpaes.txt,
	devel/perlasm/license.txt, devel/perlasm/md5-x86_64.pl.license,
	devel/perlasm/openssl-cpuid-x86.pl.license,
	devel/perlasm/ppc-xlate.pl.license,
	devel/perlasm/sha1-ssse3-x86.pl.license,
	devel/perlasm/sha1-ssse3-x86_64.pl.license,
	devel/perlasm/sha256-ssse3-x86.pl.license,
	devel/perlasm/sha512-ssse3-x86.pl.license,
	devel/perlasm/sha512-ssse3-x86_64.pl.license,
	lib/accelerated/x86/aes-x86.c, lib/accelerated/x86/aes-x86.h,
	lib/accelerated/x86/coff/aes-ssse3-x86.s,
	lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
	lib/accelerated/x86/coff/aesni-x86.s,
	lib/accelerated/x86/coff/aesni-x86_64.s,
	lib/accelerated/x86/coff/cpuid-x86.s,
	lib/accelerated/x86/coff/cpuid-x86_64.s,
	lib/accelerated/x86/coff/e_padlock-x86.s,
	lib/accelerated/x86/coff/e_padlock-x86_64.s,
	lib/accelerated/x86/coff/ghash-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aes-ssse3-x86.s,
	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
	lib/accelerated/x86/elf/aesni-x86.s,
	lib/accelerated/x86/elf/aesni-x86_64.s,
	lib/accelerated/x86/elf/cpuid-x86.s,
	lib/accelerated/x86/elf/cpuid-x86_64.s,
	lib/accelerated/x86/elf/e_padlock-x86.s,
	lib/accelerated/x86/elf/e_padlock-x86_64.s,
	lib/accelerated/x86/elf/ghash-x86_64.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/files.mk, lib/accelerated/x86/license.txt,
	lib/accelerated/x86/macosx/aes-ssse3-x86.s,
	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/aesni-x86.s,
	lib/accelerated/x86/macosx/aesni-x86_64.s,
	lib/accelerated/x86/macosx/cpuid-x86.s,
	lib/accelerated/x86/macosx/cpuid-x86_64.s,
	lib/accelerated/x86/macosx/e_padlock-x86.s,
	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
	lib/accelerated/x86/macosx/ghash-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Added Mike
	Hamburg's SSSE3 AES implementation.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: doc update

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, devel/perlasm/openssl-cpuid-x86.pl,
	devel/perlasm/sha1-ssse3-x86.pl,
	devel/perlasm/sha1-ssse3-x86_64.pl,
	devel/perlasm/sha256-ssse3-x86.pl,
	devel/perlasm/sha512-ssse3-x86.pl,
	devel/perlasm/sha512-ssse3-x86_64.pl,
	lib/accelerated/x86/Makefile.am, lib/accelerated/x86/aes-padlock.h,
	lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/coff/{appro-aes-x86-coff.s => aesni-x86.s},
	lib/accelerated/x86/coff/{appro-aes-x86-64-coff.s =>
	aesni-x86_64.s}, lib/accelerated/x86/coff/{cpuid-x86-coff.s =>
	cpuid-x86.s}, lib/accelerated/x86/coff/{cpuid-x86-64-coff.s =>
	cpuid-x86_64.s}, lib/accelerated/x86/coff/{padlock-x86-coff.s =>
	e_padlock-x86.s}, lib/accelerated/x86/coff/{padlock-x86-64-coff.s
	=> e_padlock-x86_64.s},
	lib/accelerated/x86/coff/{appro-aes-gcm-x86-64-coff.s =>
	ghash-x86_64.s}, lib/accelerated/x86/coff/openssl-cpuid-x86.s,
	lib/accelerated/x86/coff/openssl-cpuid-x86_64.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86.s,
	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/coff/sha256-avx-x86_64.s,
	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/elf/{appro-aes-x86.s => aesni-x86.s},
	lib/accelerated/x86/elf/{appro-aes-x86-64.s => aesni-x86_64.s},
	lib/accelerated/x86/elf/{cpuid-x86-64.s => cpuid-x86_64.s},
	lib/accelerated/x86/elf/{padlock-x86.s => e_padlock-x86.s},
	lib/accelerated/x86/elf/{padlock-x86-64.s => e_padlock-x86_64.s},
	lib/accelerated/x86/elf/{appro-aes-gcm-x86-64.s => ghash-x86_64.s},
	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/elf/sha256-avx-x86_64.s,
	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/files.mk, lib/accelerated/x86/hmac-x86.c,
	lib/accelerated/x86/macosx/{appro-aes-x86-macosx.s => aesni-x86.s},
	lib/accelerated/x86/macosx/{appro-aes-x86-64-macosx.s =>
	aesni-x86_64.s}, lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86.s,
	lib/accelerated/x86/macosx/cpuid-x86_64.s,
	lib/accelerated/x86/macosx/{padlock-x86-macosx.s =>
	e_padlock-x86.s},
	lib/accelerated/x86/macosx/{padlock-x86-64-macosx.s =>
	e_padlock-x86_64.s},
	lib/accelerated/x86/macosx/{appro-aes-gcm-x86-64-macosx.s =>
	ghash-x86_64.s}, lib/accelerated/x86/macosx/openssl-cpuid-x86.s,
	lib/accelerated/x86/macosx/openssl-cpuid-x86_64.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
	lib/accelerated/x86/macosx/sha256-avx-x86_64.s,
	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s,
	lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/sha-x86.c,
	lib/accelerated/x86/sha-x86.h: Added Appro's SSSE3 SHA
	implementations

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h: 
	Utilize the optimized SHA functions in Padlock HMAC.

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: use a single BUILT_SOURCES

2012-05-03  Patrick Pelletier <code@funwithsoftware.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_state.c,
	lib/gnutls_str.c, lib/includes/gnutls/x509.h, src/certtool-args.def: 
	minor phrasing improvements in docs

2013-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added auto-generated files in BUILT_SOURCES

2013-12-13  Jared Wong <jaredlwong@gmail.com>

	* lib/auth/psk_passwd.c, lib/auth/srp_passwd.c: Fixed check for i <
	line_size.  All checks were being done where the line_size check was done last.
	This allows data to be read from one past teh end of the line
	buffer. In C, accessing data outside of an array is undefined
	behavior and may cause yet known problems. Additionally, the
	compiler may end up making some unreasonable assumptions under the
	pretense that the programmer is never wrong and would not access
	data outside of the array.

2013-12-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/libopts/m4/libopts.m4: Avoid conditional generation of
	Makefile

2013-12-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c: Enforce the DEFAULT_MAX_VERIFY_BITS for DH
	prime size as well.

2013-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported function

2013-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in: Added gnutls_record_check_corked.

2013-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac, doc/manpages/Makefile.am: Avoided
	gnu-ism in Makefiles

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: simplified logic

2013-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: Correctly detect the FIPS140-2 HMAC file.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pkcs11_secret.c, lib/pkcs11_write.c: ensure that all the
	exported pkcs11 functions initialize PKCS #11.

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: fixes in PKCS #11 initialization

2013-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: provide imprecise time as gmt time.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: calling gnutls_pkcs11_reinit() manually will prevent
	auto-reinitialization.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: 
	fully initialize the PKCS #11 subsystem only when it is needed to.

2013-12-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
	lib/gnutls_int.h, lib/gnutls_priority.c, lib/nettle/cipher.c,
	lib/nettle/mac.c: FIPS140 mode is detected on run-time.  That allows a library compiled in FIPS140 mode to operate as the
	full library if the system is not in FIPS mode.

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-global-load.c: Added
	check to verify that gnutls_global_init() is run on the library
	constructor.

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/global-init.c: converted to a simple check for
	gnutls_global_init() as gnutls_global_init2() will not be added.

2013-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: call p11_kit_modules_load() with null argument.

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: only use LT_INIT

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: disable static library build by default

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_global.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: 
	gnutls_global_init2() is no longer exported.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, doc/cha-tokens.texi, lib/pkcs11.c: doc update

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: Added automatic reinitialization on fork() on the
	PKCS #11 subsystem.

2013-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
	lib/pkcs11_int.h: PKCS #11 initialization is delayed until first
	use.

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
	lib/nettle/rnd-common.h, lib/nettle/rnd-fips.c, lib/nettle/rnd.c: 
	Use a DRBG-AES to generate nonces rather than the yarrow RNG.

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: getpid() is conditionally used.

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: deleted
	auto-generated files

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c,
	tests/fips-test.c: removed zombie mode, and no longer use fips140.h

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/Makefile.am, lib/includes/gnutls/fips140.h,
	lib/includes/gnutls/gnutls.h.in: moved gnutls_fips140_mode_enabled
	to gnutls.h

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: simplified func

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/nettle/pk.c: corrected macros

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rng-fork.c: Check whether the RNG can perform many
	iterations without error.

2013-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h,
	lib/nettle/rnd-fips.c: force reseed and rekey on fork and if we
	exceed a number of iterations.

2013-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/locks.h: do not deinitialize a static
	mutex to avoid any side-effects.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/locks.h: re-initialize a deleted staticly initialized mutex

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Added hack for nettle's checks.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: adjusted parameters in normal level
	for DSA to match nettle's abilities.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: added newlines in error reporting

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-selftests-pk.c, tests/slow/cipher-test.c: fix self
	tests when used from slow/cipher-test

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/global-init.c: updated test for the universal lib
	constructor

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: removed deadlock from gnutls_global.c

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c, lib/gnutls_global.c: constructor and destructors were
	moved outside the FIPS140 mode.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/fips-test.c: execute the FIPS-test even
	when not in FIPS140 mode.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c, lib/fips.h, lib/libgnutls.map, tests/fips-test.c: 
	fips140_simulate_error -> lib_simulate_error

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: adjusted subgroup bits to be
	compatible with DSA requirements.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/fips.c, lib/fips.h, lib/gnutls_cipher_int.c,
	lib/gnutls_global.c, lib/gnutls_hash_int.c, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_state.c, lib/nettle/pk.c,
	lib/pkcs11_privkey.c, lib/random.c, lib/x509/crl.c, lib/x509/crq.c,
	lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: The
	library state is used even when not in FIPS mode.  This allows having an error state that blocks the library usage even
	when not in FIPS mode.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : Merged the FIPS140-2 support code.  Conflicts:         lib/gnutls_global.c         tests/mini-overhead.c

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross.mk

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: removed usage of %zu.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-overhead.c: updated mini-overhead to account for the
	removal of salsa20+umac

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.h: Detect the presence of posix locks even without
	linked to libpthread.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug tests
	for camellia-gcm.

2013-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: remove bashism.

2013-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc update

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/reference/gnutls-docs.sgml: Added 3.2 to reference API

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/reference/gnutls-docs.sgml: updated links in reference.
	Reported by Nico R.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/reference/gnutls-docs.sgml: Added 3.2 to reference API

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/reference/gnutls-docs.sgml: updated links in reference.
	Reported by Nico R.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi: 
	updated addresses and URLs. Reported by Nico R.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-preface.texi, doc/cha-support.texi, doc/gnutls.texi: 
	updated addresses and URLs. Reported by Nico R.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/gnutls_global.c: Added destructor and moved both
	*structors to fips.c

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
	by Ben de Graaff.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: Eliminated memory leak in print_aia(). Reported
	by Ben de Graaff.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: Added ECDH known answer test.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, lib/fips.c: Added known answer test for
	Diffie-Hellman key exchange.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: Added check to prevent generating a DH pubkey of
	1.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/gnutls_dh.c, lib/gnutls_dh_primes.c: 
	compacted DH support files.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/ecdhe.c: clear the generated ECDH parameters as soon as
	they are not needed.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: When checking the generated DSA params make
	sure that the data to be signed have the proper size.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/anon.c, lib/auth/dh_common.c, lib/auth/dh_common.h,
	lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/srp.c,
	lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_int.h, lib/gnutls_state.c, lib/nettle/pk.c: DH key
	exchange uses the _gnutls_pk_derive and _gnutls_pk_generate_key
	functions.  This allows handling DH key generation in the crypto backend files.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi, doc/cha-tokens.texi: doc update

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
	lib/nettle/int/drbg-aes.h, lib/nettle/rnd-fips.c: simplified
	DRBG-AES generator by using a counter (with an arbitrary initial
	value) as DT.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: Added pairwise constistency test on key
	generation.

2013-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_mem.c, lib/gnutls_mem.h: use memset in bzero

2013-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/certtool.cfg: updated example certtool.cfg

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_mem.c, lib/gnutls_mem.h: avoid using memset to prevent
	a compiler optimizing out out calls.

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: use _gnutls_pk_bits_to_subgroup_bits() to select
	DH and DSA key q size.

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/secparams.c: corrected params for ULTRA level

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c: Re-run receiving tests on server side, to
	allow any valgrind errors to propagate to exit code.

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: Perform an integrity check on all supporting libraries

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: In FIPS mode the default cipher is AES.

2013-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: Do not link gnutls against librt unlress it is
	really necessary.

2013-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: checks FIPS-140 lib requirements, moved after
	clock_gettime() is checked for.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/armor.c: removed unused function

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/pubkey.c: removed unused variable

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, tests/mini-xssl.c,
	tests/pkcs12_simple.c: Skip tests that require the non-suiteb
	curves.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: 
	_gnutls_privkey_decode_ecc_key() returns integers as error code to
	distinguish error conditions.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/gnutls_priority.c, lib/nettle/pk.c: Added option
	to disable the non-SuiteB curves (i.e., the SECP 192R1 and 224R1
	curves).

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: updated

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/Makefile.am, lib/nettle/int/dsa-fips.h,
	lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
	lib/nettle/int/provable-prime.c, lib/nettle/pk.c,
	tests/cve-2009-1416.c: Use a FIPS140-2 compliant DSA and DH
	parameter generator.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: removed unneeded newlines

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore: more files ignored

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/nettle/Makefile.am,
	lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.c,
	lib/nettle/int/drbg-aes.h, lib/nettle/{ => int}/gcm-camellia.c,
	lib/nettle/{ => int}/gcm-camellia.h, lib/nettle/rnd-fips.c: Added
	DRBG submitted to nettle in gnutls.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-record-2.c: Added deflate compression tests with
	AES-GCM in order to be tested in FIPS mode.

2013-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: corrected comparison

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: Allow MD5 hash in zombie mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.h: fixed bug

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am: don't run openssl (md5) when in fips mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, tests/fips-test.c: separate zombie mode from
	operational fips mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/fips-test.c: modified to account for zombie mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_openssl.c: Use the internal API for MD5 hashing
	in openssl keys.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_openssl.c: beautified table

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: added new functions

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: eliminated memory leak on PK self
	check.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/nettle/rnd-common.c, tests/Makefile.am, tests/global-init.c: 
	Added gnutls_global_init2(). This allows initializing gnutls in a
	constructor in FIPS140 mode

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: Added an audit message in self test failure

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c, lib/nettle/rnd-fips.c: better error
	messages.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c: binary integrity self test moved to end

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_errors.h: simplified debugging levels.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509_b64.c: silence some errors

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: updated

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/fips.c, lib/fips.h, lib/gnutls_global.c: 
	Better handling of FIPS140-2 initialization

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ecc.c, lib/crypto-backend.h, lib/gnutls_pk.h,
	lib/nettle/pk.c: Added curve_exists() to pk-backend. That allows to
	determine which curves are available.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c, lib/fips.h, lib/nettle/rnd-fips.c: 
	gnutls_key_generate() is restricted by the size of the initial RNG
	seed in FIPS140-2 mode.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: Do not allow MD5 in the high level crypto-api in
	FIPS mode.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: when using the rng() with a void option use the
	FIPS state to indicate errors.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-overhead.c, tests/mini-record-2.c, tests/mini-x509.c,
	tests/pkcs12-decode/Makefile.am, tests/pkcs12_encode.c,
	tests/priorities.c, tests/record-sizes.c, tests/set_pkcs12_cred.c: 
	Restrict the number of tests run on FIPS140-2 mode.

2013-11-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/algorithms/mac.c, lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
	lib/gnutls_priority.c, lib/nettle/cipher.c, lib/nettle/mac.c: In
	FIPS140-2 mode disable non-conformant ciphers, MAC and hash
	algorithms.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.h, lib/gnutls_dh_primes.c, lib/nettle/mpi.c: 
	Use nettle for the generation of DH group parameters.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: no need to memset. It should have been
	initialized.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
	tests/cert-tests/ca-no-pathlen.pem,
	tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: Do
	not involve the security level into the certificate comparisons.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/ecdhe.c, lib/crypto-backend.h, lib/gnutls_pk.h,
	lib/nettle/pk.c, lib/x509/privkey.c: Separated pk_generate to
	pk_generate_params() and pk_generate_keys().  This allows using the pk_generate interface to get DH parameters and
	DH keys.

2013-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/secparams.c: restricted combinations of security
	parameters in FIPS mode.

2013-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: removed the initialized static variable.

2013-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-common.c, lib/nettle/rnd-common.h,
	lib/nettle/rnd-fips.c: Corrected _rnd_get_event().

2013-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/srp.c, lib/crypto-backend.h, lib/gnutls_dh.c,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_srp.c,
	lib/libgnutls.map, lib/nettle/mpi.c, lib/nettle/pk.c, tests/mpi.c: 
	Added _gnutls_mpi_random_modp() and _gnutls_mpi_modm() to replace
	_gnutls_mpi_mod().

2013-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rng-fork.c: In rng_fork test all random generators.

2013-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: comments updated to conform to the modified
	version.

2013-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/rnd-fips.c: removed external test functions

2013-11-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitignore, configure.ac, lib/crypto-backend.h, lib/fips.c,
	lib/libgnutls.map, lib/nettle/Makefile.am, lib/nettle/rnd-fips.c,
	lib/nettle/rnd.c, tests/fips-test.c, tests/rng-fork.c: Ported
	libgcrypt's AES-based DRBG.

2013-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/Makefile.am, lib/nettle/rnd-common.c,
	lib/nettle/rnd-common.h, lib/nettle/rnd.c: split some functionality
	of nettle's RNG.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dhe_psk.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
	lib/auth/rsa_psk.c, lib/auth/srp_passwd.c: long term keys are always
	overwritten

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_pkcs8.c: corrected typo

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c: zeroize also ASN.1 structures that hold
	keys.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey_openssl.c: more keys are zeroized

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* m4/hooks.m4: require libtasn1 3.4

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h,
	lib/minitasn1/version.c: updated libtasn1 version

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/pk.c: use the most appropriate nettle function

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
	lib/auth/psk.c, lib/auth/rsa_psk.c, lib/auth/srp_passwd.c,
	lib/gnutls_datum.h, lib/gnutls_kx.c, lib/gnutls_state.c,
	lib/x509/privkey_pkcs8.c: better naming for free_datum functions.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_datum.h, lib/gnutls_int.h, lib/gnutls_mem.h,
	lib/gnutls_mpi.c, lib/x509/key_encode.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: overwrite temp
	buffers of private keys.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/fips.h, lib/gnutls_int.h, lib/nettle/pk.c: zeroize
	ECC secret scalars and points.

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
	lib/auth/psk.c, lib/auth/psk_passwd.c, lib/auth/rsa_psk.c,
	lib/auth/srp.c, lib/auth/srp_passwd.c, lib/gnutls_datum.h,
	lib/gnutls_kx.c, lib/gnutls_state.c, lib/nettle/cipher.c,
	lib/nettle/mac.c: Added zeroization of keys in several parts within
	gnutls.

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_dh.c: doc update

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_datum.c, lib/gnutls_int.h: Added key zeroization
	primitives.

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_mpi.c, lib/gnutls_mpi.h: Simplified
	_gnutls_mpi_release()

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS, build-aux/config.rpath, configure.ac, lib/Makefile.am,
	lib/fips.c, lib/fips.h, lib/includes/Makefile.am,
	lib/includes/gnutls/fips140.h, lib/libgnutls.map, lib/xssl.c,
	tests/Makefile.am, tests/fips-test.c: Updated FIPS140 initialization
	and added a self test for it.

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/fips.c, lib/fips.h: Added binary integrity test

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, lib/fips.c, lib/fips.h,
	lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/gnutls_hash_int.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/pkcs11_privkey.c, lib/random.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c,
	lib/x509/verify-high.c, lib/x509/x509.c, lib/xssl.c: Added support
	for fips states.  This implies that when in FIPS mode and the library is not in
	operational state (i.e., all self checks succeeded), crypto
	functionality of the library will fail.  This includes:         * API functions of gnutls/crypto.h         * API functions of gnutls/abstract.h         * API functions of gnutls/x509.h         * gnutls_init()         * API functions of gnutls/xssl.h

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c, lib/crypto-selftests.c,
	tests/slow/cipher-test.c: indented code

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am, tests/slow/Makefile.am,
	tests/slow/cipher-test.c: Self checks are conditionally included in
	the library.

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests-pk.c: Added pair-wise consistency tests for
	RSA, DSA and ECDSA.

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c: in gnutls_x509_privkey_generate() allow
	specifying an explicit curve.

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: Added gnutls_privkey_generate().

2013-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/crypto-selftests-pk.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/slow/cipher-test.c: Added self tests on RSA, DSA, and ECDSA
	key usage.

2013-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c, lib/includes/gnutls/gnutls.h.in,
	tests/slow/cipher-test.c: Added option to run all available self
	tests per category in a single run.

2013-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c, tests/slow/cipher-test.c: completed
	self-tests by adding digest and MAC tests.

2013-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am, lib/crypto-selftests.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/slow/cipher-test.c: Added self tests

2013-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: check for alternative unbound root key files.

2013-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c: increased buffers

2013-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
	lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
	lib/accelerated/x86/coff/padlock-x86-64-coff.s,
	lib/accelerated/x86/coff/padlock-x86-coff.s,
	lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
	lib/accelerated/x86/elf/appro-aes-x86-64.s,
	lib/accelerated/x86/elf/padlock-x86-64.s,
	lib/accelerated/x86/elf/padlock-x86.s,
	lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
	lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated
	auto-generated asm files. This fixes a valgrind complaint when
	AES-NI is in use.

2013-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/perlasm/aesni-x86.pl, devel/perlasm/aesni-x86_64.pl,
	devel/perlasm/cbc.pl, devel/perlasm/e_padlock-x86.pl,
	devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
	devel/perlasm/ghash-x86_64.pl, devel/perlasm/ppc-xlate.pl,
	devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
	devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
	devel/perlasm/x86nasm.pl: updated perlasm files

2013-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/Makefile.am: Do not link gnutls against librt
	unlress it is really necessary.  Conflicts:         configure.ac         lib/Makefile.am

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: removed the UMAC96 ciphersuites

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated e-mail address

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: use $shell()

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/args-std.def: handle centrally more variables

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/manpages/Makefile.am, doc/scripts/gdoc: Updated
	manpage generation (and information stored to it).

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
	auto-generated doc files.

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
	doc/invoke-psktool.texi, doc/invoke-srptool.texi,
	doc/invoke-tpmtool.texi, src/certtool-args.def, src/certtool.c: 
	certtool's --verify option if not supplied with a CA list, will use
	the system's CA list.

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h: cast the expiration time to time_t

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_write.c: doc update

2013-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/x509.c: Added macro to check
	for the 'no well defined' expiration time.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/{tests => }/strerror-override.c, gl/{tests =>
	}/strerror-override.h, gl/{tests => }/strerror.c,
	gl/tests/Makefile.am: Added strerror module.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/egd.c: better use of errno

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/epub.tex, doc/latex/gnutls.tex,
	doc/scripts/mytexi2latex: use eurosym package for euro symbol

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Corrected check of usage of local libopts when
	autogen isn't present

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-dn-err.tmpl,
	tests/cert-tests/template-test: Verify failure of DN parsing in a
	wrong DN.

2013-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress.c: disallow any compression in DTLS

2013-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-deflate.c, tests/mini-record-2.c: 
	mini-deflate was combined with mini-record-2

2013-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/gnutls_record.h: Corrected bug which affected compressed
	records.  Less space was provided for decryption than the required causing
	disconnection issues when compression was used.  The issue was
	pointed by Frank Zschockelt.  Also replaced the macros MAX_RECORD_RECV_SIZE and MAX_RECV_SIZE with
	max_decrypted_size() and max_record_recv_size().

2013-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c: check return code of gnutls_rnd().

2013-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_int.h: Use AES-GCM to encrypt
	session tickets.

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross.mk

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: fixed for win32

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: added assert to trace errors.

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: link all programs with libgnu_gpl to avoid
	conflicts from header files.

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gl/Makefile.am, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-comp.m4, src/gl/progname.c, src/gl/progname.h: 
	Added progname module which is used by error().

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: safer usage of strerror

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, src/Makefile.am: use the AUTOGEN variable

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/libopts/Makefile.am: use libtool to generate
	libopts

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: corrected libopts patch

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gl/error.c: removed unneed line

2013-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: ignore xssl manpages

2013-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: prioritize any GCM ciphersuite over CBC in
	secure128 level.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: generate ChangeLog after doc/ is checked.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: updated Makefiles

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/getfuncs.pl: made more clever to ignore inline
	function body.

2013-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: removed
	auto-generated files

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: exported gnutls_est_record_overhead_size

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: do not add newline (it's already in the
	printed string)

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: if GNUTLS_DEBUG_LEVEL is specified the log
	function is not updated if it is already set.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: updated glimport

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
	doc/invoke-psktool.texi, doc/invoke-srptool.texi,
	doc/invoke-tpmtool.texi, src/certtool-args.def: doc update

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
	tests/cert-tests/template-date.tmpl, tests/cert-tests/template-test: 
	Added self checks for new date reading functionality

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, src/Makefile.am, src/certtool-args.def,
	src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: Added
	activation_date and expiration_date options to certtool template
	file.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, build-aux/ylwrap, configure.ac,
	src/Makefile.am, src/gl/Makefile.am, src/gl/alloca.in.h,
	src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/errno.in.h,
	src/gl/error.c, src/gl/error.h, src/gl/exitfail.c,
	src/gl/exitfail.h, src/gl/gettext.h, src/gl/gettime.c,
	src/gl/gettimeofday.c, src/gl/intprops.h, src/gl/m4/00gnulib.m4,
	src/gl/m4/alloca.m4, src/gl/m4/bison.m4, src/gl/m4/clock_time.m4,
	src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
	src/gl/m4/error.m4, src/gl/m4/extensions.m4,
	src/gl/m4/extern-inline.m4, src/gl/m4/gettime.m4,
	src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/gnulib-tool.m4, src/gl/m4/include_next.m4,
	src/gl/m4/longlong.m4, src/gl/m4/malloca.m4, src/gl/m4/mktime.m4,
	src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
	src/gl/m4/multiarch.m4, src/gl/m4/off_t.m4,
	src/gl/m4/parse-datetime.m4, src/gl/m4/setenv.m4,
	src/gl/m4/ssize_t.m4, src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4,
	src/gl/m4/stdint.m4, src/gl/m4/stdlib_h.m4, src/gl/m4/strerror.m4,
	src/gl/m4/string_h.m4, src/gl/m4/sys_socket_h.m4,
	src/gl/m4/sys_time_h.m4, src/gl/m4/sys_types_h.m4,
	src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
	src/gl/m4/warn-on-use.m4, src/gl/m4/wchar_t.m4,
	src/gl/m4/xalloc.m4, src/gl/malloca.c, src/gl/malloca.h,
	src/gl/malloca.valgrind, src/gl/mktime-internal.h, src/gl/mktime.c,
	src/gl/msvc-inval.c, src/gl/msvc-inval.h, src/gl/msvc-nothrow.c,
	src/gl/msvc-nothrow.h, src/gl/parse-datetime.h,
	src/gl/parse-datetime.y, src/gl/setenv.c, src/gl/stdbool.in.h,
	src/gl/stddef.in.h, src/gl/stdint.in.h, src/gl/stdlib.in.h,
	src/gl/strerror-override.c, src/gl/strerror-override.h,
	src/gl/strerror.c, src/gl/string.in.h, src/gl/sys_time.in.h,
	src/gl/sys_types.in.h, src/gl/time.in.h, src/gl/time_r.c,
	src/gl/timespec.c, src/gl/timespec.h, src/gl/unistd.c,
	src/gl/unistd.in.h, src/gl/unsetenv.c, src/gl/verify.h,
	src/gl/xalloc-die.c, src/gl/xalloc-oversized.h, src/gl/xalloc.h,
	src/gl/xmalloc.c: Added a gnulib with GPL components for use by
	applications.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi, src/args-std.def: 
	corrected bug reporting address.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool.c: Check
	for overflows when setting time and allow a time of -1.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, tests/cert-tests/Makefile.am,
	tests/cert-tests/template-overflow.pem,
	tests/cert-tests/template-overflow.tmpl,
	tests/cert-tests/template-overflow2.pem,
	tests/cert-tests/template-overflow2.tmpl,
	tests/cert-tests/template-test: Dates and time that would overflow
	the GeneralTime are also truncated. We may need to revise that
	around 9999 CE.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/invoke-certtool.texi,
	doc/invoke-danetool.texi, doc/invoke-gnutls-cli-debug.texi,
	doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
	doc/invoke-ocsptool.texi, doc/invoke-p11tool.texi,
	doc/invoke-psktool.texi, doc/invoke-srptool.texi,
	doc/invoke-tpmtool.texi: force serialized generation of
	invoke-*texi, to avoid autogen issue.

2013-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/x509_write.c: An expiration time of
	(time_t)-1 will set to the no well-defined expiration date value.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: correctly set the ciphersuite when the
	set_premaster interface is used.

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: check for a valid blocksize prior to entering
	loop

2013-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: The environment variable GNUTLS_DEBUG_LEVEL
	if set to a number will enable logging to stderr.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat, tests/suite/testcompat-main: corrected
	issue with a not-yet-valid certificate

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/udp-serv.c: corrected bug in gnutls-cli when used on IPv6
	addresses.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/serv.c: simplified function

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat, tests/suite/testcompat-main: hacks to work
	with fedora's openssl

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: print whether the local libopts or libtasn1 are
	being used.

2013-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* gl/Makefile.am, gl/base64.c, gl/{tests => }/intprops.h,
	gl/m4/extern-inline.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, maint.mk: Added intprops
	module (which is needed by newer libtasn1 versions)

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_int.h: use the bool expression instead of unsigned
	int:1.

2013-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: doc update

2013-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.h: define GNUTLS_PATH_MAX globally.

2013-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat: do not run on clippled versions of openssl

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/extensions.c: simplified functions.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ciphersuite/test-ciphers.js,
	tests/suite/ciphersuite/test-ciphersuites.sh: improved ciphersuite
	test

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk_passwd.c, lib/auth/srp_passwd.c, lib/gnutls_pk.c,
	lib/gnutls_x509.c, lib/pkcs11.c, lib/system.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h: reduced stack size usage in
	several functions.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/utils.c: always exit when fail is called.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: reduced the stack size warning size.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-gnutls-cli.texi, src/cli-args.def: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/ext/Makefile.am,
	lib/ext/dumbfw.c, lib/ext/dumbfw.h, lib/gnutls_extensions.c,
	lib/gnutls_int.h, lib/gnutls_priority.c: Added %DUMBFW priority
	string option.  This works around issues when connecting behind some firewalls.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-handshake-timeout.c: Ignore SIGPIPE.  Diagnosed by Petr Salinger and Steven Chamberlain. Reported by
	Andreas Metzler.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-p11tool.texi, src/p11tool-args.def: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/common.c, tests/suite/testpkcs11: use GNUTLS_PIN instead
	of GNUTLS_PKCS11_PIN.

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-p11tool.texi: doc update

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-certs/ca-tmpl,
	tests/suite/pkcs11-certs/ca.crt, tests/suite/pkcs11-certs/ca.key,
	tests/suite/pkcs11-certs/client-tmpl,
	tests/suite/pkcs11-certs/client.crt,
	tests/suite/pkcs11-certs/client.key,
	tests/suite/pkcs11-certs/server-tmpl,
	tests/suite/pkcs11-certs/server.crt,
	tests/suite/pkcs11-certs/server.key, tests/suite/testpkcs11: Added
	test suite for PKCS #11 cards (not executed automatically).

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, src/pkcs11.c: Avoid infinite loops with
	self-signed certificates present in the chain

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: simplified checks

2013-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/p11tool-args.def: Allow getting the PIN from the
	GNUTLS_PKCS11_PIN environment variable.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: When importing a certificate PKCS #11 try to
	import the whole chain.  This affects gnutls_certificate_set_x509_key_file*().

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
	Added export-chain option to p11tool

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_pubkey.c,
	lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.c, lib/pkcs11_write.c, lib/x509/common.h,
	lib/x509/x509.c: Improvements in PKCS #11 support.  Added gnutls_pkcs11_obj_export3 and gnutls_pkcs11_get_raw_issuer.
	The latter function allows to obtain the issuer of a certificate
	stored in a token.  While traversing tokens, use the URL provided by the user, to avoid
	looking for objects in unrelated tokens.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: test before copy

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: simplified gnutls_pkcs11_copy_x509_crt()

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/scripts/gdoc, doc/scripts/getfuncs.pl,
	lib/includes/gnutls/gnutls.h.in: Improvements in the detection of
	function prototypes to account for the new indentation.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
	doc/manpages/tpmtool.1: doc update

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
	lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h: improved
	indentation in headers.

2013-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac: stribute the autogen'erated files as
	.bak and enable them only if local libopts is being used.

2013-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/alert-printlist.c, doc/common.c, doc/common.h,
	doc/errcodes.c, doc/examples/ex-alert.c,
	doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
	doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-x509.c, doc/examples/ex-client-xssl1.c,
	doc/examples/ex-client-xssl2.c, doc/examples/ex-crq.c,
	doc/examples/ex-ocsp-client.c, doc/examples/ex-pkcs11-list.c,
	doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv-x509.c, doc/examples/ex-session-info.c,
	doc/examples/ex-verify-ssh.c, doc/examples/ex-verify.c,
	doc/examples/ex-x509-info.c, doc/examples/examples.h,
	doc/examples/print-ciphersuites.c, doc/examples/tcp.c,
	doc/examples/udp.c, doc/examples/verify.c, doc/printlist.c,
	extra/gnutls_openssl.c, extra/includes/gnutls/openssl.h,
	extra/openssl_compat.c, extra/openssl_compat.h, lib/abstract_int.h,
	lib/accelerated/accelerated.c, lib/accelerated/cryptodev-gcm.c,
	lib/accelerated/cryptodev.c, lib/accelerated/cryptodev.h,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h,
	lib/algorithms.h, lib/algorithms/cert_types.c,
	lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/publickey.c,
	lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
	lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
	lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
	lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdhe.c,
	lib/auth/ecdhe.h, lib/auth/psk.c, lib/auth/psk.h,
	lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
	lib/auth/rsa_common.h, lib/auth/rsa_psk.c, lib/auth/srp.c,
	lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h,
	lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/crypto-api.c,
	lib/crypto-backend.c, lib/crypto-backend.h, lib/crypto.h,
	lib/debug.c, lib/debug.h, lib/ext/alpn.c, lib/ext/alpn.h,
	lib/ext/cert_type.c, lib/ext/ecc.c, lib/ext/ecc.h,
	lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/ext/max_record.c,
	lib/ext/new_record_padding.c, lib/ext/safe_renegotiation.c,
	lib/ext/safe_renegotiation.h, lib/ext/server_name.c,
	lib/ext/server_name.h, lib/ext/session_ticket.c,
	lib/ext/session_ticket.h, lib/ext/signature.c, lib/ext/signature.h,
	lib/ext/srp.c, lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h,
	lib/ext/status_request.c, lib/ext/status_request.h,
	lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_alert.c,
	lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
	lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
	lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
	lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_ecc.c,
	lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_mem.c,
	lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pcert.c,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
	lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
	lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_rsa_export.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
	lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_str_array.h,
	lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/ocsp.h,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/tpm.h,
	lib/includes/gnutls/x509.h, lib/includes/gnutls/xssl.h,
	lib/locks.c, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h,
	lib/minitasn1/version.c, lib/nettle/cipher.c, lib/nettle/egd.c,
	lib/nettle/egd.h, lib/nettle/gcm-camellia.c,
	lib/nettle/gcm-camellia.h, lib/nettle/init.c, lib/nettle/mac.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
	lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
	lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
	lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
	lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/stream.h, lib/opencdk/types.h,
	lib/opencdk/write-packet.c, lib/openpgp/compat.c,
	lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c, lib/pin.c, lib/pin.h, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c, lib/pkix_asn1_tab.c, lib/random.c,
	lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
	lib/tpm.c, lib/vasprintf.c, lib/vasprintf.h, lib/verify-tofu.c,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/ocsp.c,
	lib/x509/ocsp_output.c, lib/x509/output.c, lib/x509/pbkdf2-sha1.c,
	lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
	lib/x509/verify-high.c, lib/x509/verify-high.h,
	lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_dn.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
	lib/x509_b64.c, lib/x509_b64.h, lib/xssl.c, lib/xssl.h,
	lib/xssl_getline.c, libdane/dane-params.c, libdane/dane.c,
	libdane/errors.c, libdane/includes/gnutls/dane.h,
	src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
	src/benchmark.h, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool-common.c, src/certtool-common.h,
	src/certtool-extras.c, src/certtool.c, src/cli-debug.c, src/cli.c,
	src/common.c, src/common.h, src/crywrap/crywrap.c,
	src/crywrap/crywrap.h, src/crywrap/primes.h, src/danetool.c,
	src/inline_cmds.h, src/list.h, src/ocsptool-common.c,
	src/ocsptool-common.h, src/ocsptool.c, src/p11tool.c,
	src/p11tool.h, src/pkcs11.c, src/psk.c, src/serv.c, src/socket.c,
	src/socket.h, src/srptool.c, src/tests.c, src/tests.h,
	src/tpmtool.c, src/udp-serv.c, src/udp-serv.h, tests/anonself.c,
	tests/certder.c, tests/certificate_set_x509_crl.c,
	tests/certuniqueid.c, tests/chainverify-unsorted.c,
	tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
	tests/cve-2008-4989.c, tests/cve-2009-1415.c,
	tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
	tests/dtls/dtls-stress.c, tests/eagain-common.h, tests/gc.c,
	tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
	tests/key-openssl.c, tests/mini-alpn.c, tests/mini-cert-status.c,
	tests/mini-deflate.c, tests/mini-dtls-heartbeat.c,
	tests/mini-dtls-hello-verify.c, tests/mini-dtls-large.c,
	tests/mini-dtls-record.c, tests/mini-dtls-rehandshake.c,
	tests/mini-dtls-srtp.c, tests/mini-eagain-dtls.c,
	tests/mini-eagain.c, tests/mini-emsgsize-dtls.c,
	tests/mini-handshake-timeout.c, tests/mini-loss-time.c,
	tests/mini-overhead.c, tests/mini-record-2.c,
	tests/mini-record-range.c, tests/mini-record.c,
	tests/mini-rehandshake.c, tests/mini-rsa-psk.c, tests/mini-tdb.c,
	tests/mini-termination.c, tests/mini-x509-2.c,
	tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
	tests/mini-x509.c, tests/mini-xssl.c, tests/moredn.c, tests/mpi.c,
	tests/nul-in-x509-names.c, tests/ocsp.c, tests/openpgp-auth.c,
	tests/openpgp-auth2.c, tests/openpgp-keyring.c,
	tests/openpgp_test.c, tests/openpgpself.c, tests/openssl.c,
	tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
	tests/priorities.c, tests/pskself.c, tests/record-sizes-range.c,
	tests/record-sizes.c, tests/resume-dtls.c, tests/resume.c,
	tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
	tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
	tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
	tests/set_pkcs12_cred.c, tests/setcredcrash.c, tests/simple.c,
	tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
	tests/srp/mini-srp.c, tests/suite/ecore/eina_config.h,
	tests/suite/ecore/src/include/Eina.h,
	tests/suite/ecore/src/include/eina_accessor.h,
	tests/suite/ecore/src/include/eina_array.h,
	tests/suite/ecore/src/include/eina_benchmark.h,
	tests/suite/ecore/src/include/eina_binshare.h,
	tests/suite/ecore/src/include/eina_config.h,
	tests/suite/ecore/src/include/eina_convert.h,
	tests/suite/ecore/src/include/eina_counter.h,
	tests/suite/ecore/src/include/eina_cpu.h,
	tests/suite/ecore/src/include/eina_error.h,
	tests/suite/ecore/src/include/eina_file.h,
	tests/suite/ecore/src/include/eina_fp.h,
	tests/suite/ecore/src/include/eina_hamster.h,
	tests/suite/ecore/src/include/eina_hash.h,
	tests/suite/ecore/src/include/eina_inlist.h,
	tests/suite/ecore/src/include/eina_iterator.h,
	tests/suite/ecore/src/include/eina_lalloc.h,
	tests/suite/ecore/src/include/eina_list.h,
	tests/suite/ecore/src/include/eina_log.h,
	tests/suite/ecore/src/include/eina_magic.h,
	tests/suite/ecore/src/include/eina_main.h,
	tests/suite/ecore/src/include/eina_matrixsparse.h,
	tests/suite/ecore/src/include/eina_mempool.h,
	tests/suite/ecore/src/include/eina_module.h,
	tests/suite/ecore/src/include/eina_quadtree.h,
	tests/suite/ecore/src/include/eina_rbtree.h,
	tests/suite/ecore/src/include/eina_rectangle.h,
	tests/suite/ecore/src/include/eina_safety_checks.h,
	tests/suite/ecore/src/include/eina_sched.h,
	tests/suite/ecore/src/include/eina_str.h,
	tests/suite/ecore/src/include/eina_strbuf.h,
	tests/suite/ecore/src/include/eina_stringshare.h,
	tests/suite/ecore/src/include/eina_tiler.h,
	tests/suite/ecore/src/include/eina_trash.h,
	tests/suite/ecore/src/include/eina_types.h,
	tests/suite/ecore/src/include/eina_unicode.h,
	tests/suite/ecore/src/include/eina_ustrbuf.h,
	tests/suite/ecore/src/include/eina_ustringshare.h,
	tests/suite/ecore/src/lib/Ecore.h,
	tests/suite/ecore/src/lib/Ecore_Getopt.h,
	tests/suite/ecore/src/lib/ecore.c,
	tests/suite/ecore/src/lib/ecore_anim.c,
	tests/suite/ecore/src/lib/ecore_app.c,
	tests/suite/ecore/src/lib/ecore_events.c,
	tests/suite/ecore/src/lib/ecore_exe.c,
	tests/suite/ecore/src/lib/ecore_getopt.c,
	tests/suite/ecore/src/lib/ecore_glib.c,
	tests/suite/ecore/src/lib/ecore_idle_enterer.c,
	tests/suite/ecore/src/lib/ecore_idle_exiter.c,
	tests/suite/ecore/src/lib/ecore_idler.c,
	tests/suite/ecore/src/lib/ecore_job.c,
	tests/suite/ecore/src/lib/ecore_main.c,
	tests/suite/ecore/src/lib/ecore_pipe.c,
	tests/suite/ecore/src/lib/ecore_poll.c,
	tests/suite/ecore/src/lib/ecore_private.h,
	tests/suite/ecore/src/lib/ecore_signal.c,
	tests/suite/ecore/src/lib/ecore_thread.c,
	tests/suite/ecore/src/lib/ecore_time.c,
	tests/suite/ecore/src/lib/ecore_timer.c,
	tests/suite/ecore/src/lib/eina_accessor.c,
	tests/suite/ecore/src/lib/eina_array.c,
	tests/suite/ecore/src/lib/eina_benchmark.c,
	tests/suite/ecore/src/lib/eina_binshare.c,
	tests/suite/ecore/src/lib/eina_chained_mempool.c,
	tests/suite/ecore/src/lib/eina_convert.c,
	tests/suite/ecore/src/lib/eina_counter.c,
	tests/suite/ecore/src/lib/eina_cpu.c,
	tests/suite/ecore/src/lib/eina_error.c,
	tests/suite/ecore/src/lib/eina_file.c,
	tests/suite/ecore/src/lib/eina_fp.c,
	tests/suite/ecore/src/lib/eina_hamster.c,
	tests/suite/ecore/src/lib/eina_hash.c,
	tests/suite/ecore/src/lib/eina_inlist.c,
	tests/suite/ecore/src/lib/eina_iterator.c,
	tests/suite/ecore/src/lib/eina_lalloc.c,
	tests/suite/ecore/src/lib/eina_list.c,
	tests/suite/ecore/src/lib/eina_log.c,
	tests/suite/ecore/src/lib/eina_magic.c,
	tests/suite/ecore/src/lib/eina_main.c,
	tests/suite/ecore/src/lib/eina_matrixsparse.c,
	tests/suite/ecore/src/lib/eina_mempool.c,
	tests/suite/ecore/src/lib/eina_module.c,
	tests/suite/ecore/src/lib/eina_private.h,
	tests/suite/ecore/src/lib/eina_quadtree.c,
	tests/suite/ecore/src/lib/eina_rbtree.c,
	tests/suite/ecore/src/lib/eina_rectangle.c,
	tests/suite/ecore/src/lib/eina_safety_checks.c,
	tests/suite/ecore/src/lib/eina_sched.c,
	tests/suite/ecore/src/lib/eina_share_common.c,
	tests/suite/ecore/src/lib/eina_share_common.h,
	tests/suite/ecore/src/lib/eina_str.c,
	tests/suite/ecore/src/lib/eina_strbuf.c,
	tests/suite/ecore/src/lib/eina_strbuf_common.c,
	tests/suite/ecore/src/lib/eina_strbuf_common.h,
	tests/suite/ecore/src/lib/eina_stringshare.c,
	tests/suite/ecore/src/lib/eina_tiler.c,
	tests/suite/ecore/src/lib/eina_unicode.c,
	tests/suite/ecore/src/lib/eina_ustrbuf.c,
	tests/suite/ecore/src/lib/eina_ustringshare.c,
	tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
	tests/suite/mini-record-timing.c, tests/utils.c, tests/utils.h,
	tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
	tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: 
	reindented code

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: doc update

2013-11-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c: in
	gnutls_x509_privkey_generate() allow specifying an explicit curve.

2013-11-07  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/certtool-args.def, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c: enable --outder for certtool
	--dh-info "certool --dh-info --outder" produces PEM-encoded output without
	this patch.

2013-11-07  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/certtool-args.def, src/certtool-common.c: enable --inder for
	certtool --dh-info certtool --dh-info is unable to read DER-encoded DH parameters
	without this patch.

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/tpmtool.1: doc update

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: doc update

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: use srcdir as prefix

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed unneeded command

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: print the flags used for libopts

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: delete libopts generated files if system libopts is
	being used

2013-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
	lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_int.h: 
	separated the TLS IV size and the cipher IV size.

2013-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, src/libopts/Makefile.am: fixes in libopts
	compilation

2013-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: make sure that .def files will be re-read on the
	compiling system.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/ag-char-map.h, src/libopts/ao-strs.c,
	src/libopts/ao-strs.h, src/libopts/autoopts/options.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h,
	src/libopts/compat/strchr.c, src/libopts/configfile.c,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/m4/libopts.m4, src/libopts/option-value-type.c,
	src/libopts/option-value-type.h,
	src/libopts/option-xat-attribute.c,
	src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/streqvcmp.c,
	src/libopts/text_mmap.c, src/libopts/usage.c: updated to libopts
	5.18.2

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: better logging

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: bug fix in gnutls_x509_crt_set_dn() at DN
	parsing.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: removed debugging info

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: do not set any default level

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Assign very weak level to priority string
	NONE only.

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi: doc update

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: ignore auto-generated files

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
	src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.c, src/libopts/autoopts.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/compat/pathfind.c,
	src/libopts/configfile.c, src/libopts/enum.c, src/libopts/find.c,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/gettext.h, src/libopts/init.c, src/libopts/load.c,
	src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
	src/libopts/option-value-type.c, src/libopts/option-value-type.h,
	src/libopts/option-xat-attribute.c,
	src/libopts/option-xat-attribute.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/restore.c,
	src/libopts/save.c, src/libopts/stack.c, src/libopts/text_mmap.c,
	src/libopts/usage.c, src/libopts/version.c: updated libopts to 5.18

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
	src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
	src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
	src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
	src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
	src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
	src/tpmtool-args.h: removed autogenerated files

2013-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/Makefile.am: If autogen and libopts are present
	then use the system's libopts.

2013-11-04  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/args-std.def, src/certtool-args.def, src/cli-args.def,
	src/danetool-args.def, src/psk-args.def, src/srptool-args.def: 
	argument descriptions should not end in a dot When the descrip value for an argument ends in a dot, the rendered
	documentation places two dots (for example "specify a password
	file.." in srptool(1)).  Most of the descriptions are declared properly (without a trailing
	dot), but this patch should clean up the rest.  After this commit, any auto-generated documentation that is
	committed to git will probably will also need to be refreshed (or
	removed from git entirely and generated from the definitions during
	build, which might be cleaner).

2013-11-01  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/tests.c: fix DHE parameter output for gnutls-cli-debug
	--verbose gnutls_handshake() was failing during test_dhe_group, with an error
	of GNUTLS_E_NO_PRIORITIES_WERE_SET.  Adding this call fixes the
	handshake so that DHE group details can be printed when requested.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c, tests/mini-deflate.c,
	tests/mini-eagain-dtls.c, tests/mini-eagain.c,
	tests/mini-emsgsize-dtls.c, tests/record-sizes-range.c,
	tests/record-sizes.c: Do not use gnutls_dh_set_prime_bits() in
	server side.

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: setting the DH prime bits to zero shouldn't print
	a warning as it is the same as not setting it. Reported by Daniel
	Kahn Gillmor.

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Do not print private key parameters when exporting
	an encrypted private key.

2013-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: conditionally use ALPN. Reported by Jaak Ristioja.

2013-05-21  Stef Walter <stefw@redhat.com>

	* configure.ac, lib/pkcs11.c: [PATCH] Update to use new p11-kit APIs Some of the older APIs were deprecated in order to support multiple
	callers of the same PKCS#11 module correctly.  This increases the necessary p11-kit to 0.19.1 or later.

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated win32 makefile

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pem-decoding: win32 fix

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: include proper header file for uint8_t

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.2.6

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h: corrected example

2013-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: debug_log -> record_log

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Duplicate messages moved from audit log to
	debug log. There are networks where this is extremely common.

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: Added new functions

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
	doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
	doc/cha-internals.texi, doc/cha-intro-tls.texi, doc/cha-tokens.texi: 
	replaced ':' in anchor names (texinfo doesn't like it).

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: doc update

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: simplified code

2013-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/pmccabe2html, gl/Makefile.am, gl/dup2.c, gl/m4/dup2.m4,
	gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
	gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/inttypes.m4,
	gl/m4/manywarnings.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
	gl/signal.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/sys_socket.in.h,
	gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
	gl/tests/getdtablesize.c, gl/tests/inttypes.in.h,
	gl/tests/macros.h, gl/tests/strerror-override.h,
	gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c,
	gl/tests/test-sys_select.c, gl/tests/test-sys_time.c, gl/u64.h,
	gl/unistd.in.h, gl/verify.h, gl/xsize.h, maint.mk: updated gnulib.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: Removed unused parameter.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: Better DANE test output.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: reindented code

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: Reorganized main loop in dane_raw_tlsa

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: Added proper newlines to errors.

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_state.c: doc update

2013-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: corrected typo

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/suite/Makefile.am,
	tests/suite/ciphersuite/README,
	tests/suite/ciphersuite/registry-ciphers.js,
	tests/suite/ciphersuite/registry-ciphers.xslt,
	tests/suite/ciphersuite/scan-gnutls.sh,
	tests/suite/ciphersuite/test-ciphers.js,
	tests/suite/ciphersuite/test-ciphersuites.sh,
	tests/suite/ciphersuite/tls-parameters.xml: Added ciphersuite test

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-handshake-timeout.c: Added a proper termination of
	session to avoid issues with premature termination.

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/dtls/Makefile.am: we now explicitly check for
	librt.

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/dsa/Makefile.am,
	tests/dtls/Makefile.am, tests/ecdsa/Makefile.am,
	tests/key-id/Makefile.am, tests/openpgp-certs/Makefile.am,
	tests/pkcs1-padding/Makefile.am, tests/pkcs12-decode/Makefile.am,
	tests/pkcs8-decode/Makefile.am,
	tests/rsa-md5-collision/Makefile.am,
	tests/safe-renegotiation/Makefile.am, tests/sha2/Makefile.am,
	tests/slow/Makefile.am, tests/srp/Makefile.am,
	tests/suite/Makefile.am, tests/userid/Makefile.am: use the same
	environment in all tests

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pem-decoding: removed unneeded diff option

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/aki, tests/cert-tests/dane,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding: diff is now
	a parameter allowing to override it.

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: LC_ALL is set to C to have predictable outputs
	in tests.

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-handshake-timeout.c: simplified test

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated doc

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/sign.c: Added additional ISO OIDs for RSA-MD5 and
	DSA-SHA1.

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-p11tool.texi: p11tool text updated.

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-xssl1.c, doc/examples/ex-client-xssl2.c,
	doc/examples/print-ciphersuites.c: removed warnings

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: removed warnings

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, doc/cha-tokens.texi: Support for TPM modules
	via trousers is now enabled by default.

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.c, src/p11tool-args.def, src/p11tool-args.h,
	src/p11tool.c, src/p11tool.h, src/pkcs11.c: Added option
	--generate-random to p11tool.

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/publickey.c, lib/algorithms/sign.c,
	lib/x509/common.h: Added ISO OID for RSA-SHA1 signatures.

2013-10-24  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_write.c: get random data from pkcs#11
	tokens Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/publickey.c: Added new fallback OID for RSA
	certificates.

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Corrected number in
	GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.  RFC6367 seems to have assigned both {0xC0,0x8D} and {0xC0,0x8E} to
	this ciphersuite. However {0xC0,0x8D} should be a typo as it is used
	by another ciphersuite in the same document.

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Corrected the naming of several PSK
	ciphersuites

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Ciphersuites with ARCFOUR in name
	were renamed to ARCFOUR_128

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphersuites.c: Fixed ciphersuites
	GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 and
	GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384.

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated doc

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: Increased minimum acceptable DH key to
	767 bits.

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/priorities.c: updated priorities for new ciphersuites

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Added ciphersuite
	GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384

2013-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: Applied small patch by Jeremie
	Courreges-Anglas to avoid usage of error().

2013-10-24  Alon Bar-Lev <alon.barlev@gmail.com>

	* src/cli.c: cli: add missing stdbool.h Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Restrict ciphersuites that use SHA2
	or better to TLS1.0 or later.

2013-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c, tests/priorities.c: Added camellia-gcm into
	the default priority levels, and prioritized GCM over CBC
	everywhere.

2013-10-23  Christian Grothoff <christian@grothoff.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: Adding option
	DANE_F_IGNORE_DNSSEC to disable loading of the DNSSEC root key
	entirely when initializing a dane_state_t.  This is a useful optimization if the DANE/TLSA data is initialized
	from a source other than libunbound/DNS, as then the DNSSEC root key
	would not be used anyway.  Worse, if we failed to read the DNSSEC
	root key, this would create a failure even though for applications
	that do not use DNSSEC (but do use DANE/TLSA) such a failure would
	be totally harmless.

2013-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/invoke-gnutls-cli.texi,
	doc/manpages/Makefile.am, doc/scripts/mytexi2latex,
	src/Makefile.am, src/cli-args.c, src/cli-args.h, src/common.c: small
	changes prior to release

2013-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/priorities.c: corrected ciphersuite numbers in priorities

2013-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: corrected libdane doc

2013-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: Added description for umac

2013-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: bumped version

2013-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
	lib/nettle/gcm-camellia.h: Added underscore to camellia gcm context.

2013-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: rearrangement

2013-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Removed the _WITH_ from
	ciphersuites names.

2013-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/Makefile.am,
	lib/nettle/cipher.c, lib/nettle/gcm-camellia.c,
	lib/nettle/gcm-camellia.h: Added Camellia with GCM

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Added the PSK HMAC-based Camellia
	ciphersuites from RFC6367.

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Added HMAC-based Camellia
	ciphersuites from RFC6367.

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Added Camellia ciphersuites from
	RFC5932.  Added GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
	GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
	GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
	GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
	GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
	GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
	GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
	GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256.

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Added more ciphersuites from
	RFC5487.  Added GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_PSK_NULL_SHA384,
	GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_DHE_PSK_NULL_SHA384,
	GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
	GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
	GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
	GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_RSA_PSK_NULL_SHA256,
	GNUTLS_RSA_PSK_NULL_SHA384.

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Added new ciphersuites from
	RFC5288.  Added GNUTLS_RSA_AES_256_GCM_SHA384,
	GNUTLS_DHE_RSA_AES_256_GCM_SHA384, GNUTLS_DHE_DSS_AES_256_GCM_SHA384
	and GNUTLS_DH_ANON_AES_256_GCM_SHA384.

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: corrected type of path_len

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/libdane.map: exported symbols

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, libdane/dane.c: small fixes

2013-10-21  Christian Grothoff <christian@grothoff.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
	dane_verify_crt_raw to allow direct verification of a certificate
	chain against a dane_query_t (for example, as provided by the new
	dane_raw_tlsa).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: bumped dane library version

2013-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-21  Christian Grothoff <christian@grothoff.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: Adding
	dane_raw_tlsa to allow initialization of dane_query_t from DANE
	records based on external DNS resolutions. Also fixing a buffer
	overflow.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-10-17  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* lib/x509/output.c, po/cs.po.in, po/de.po.in, po/eo.po.in,
	po/fi.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
	po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in, po/zh_CN.po.in,
	tests/cert-tests/aki-cert.pem, tests/cert-tests/bmpstring.pem,
	tests/cert-tests/ca-no-pathlen.pem,
	tests/cert-tests/complex-cert.pem,
	tests/cert-tests/no-ca-or-pathlen.pem, tests/hostname-check.c: 
	Normalize capitalization from "Public Key Id" to "Public Key ID" The GnuTLS codebase produced the string "Public Key Id" in some
	places (e.g. in the output of "certtool -i"), and "Public Key ID" in
	other places (e.g. in the output of "certtool -k").  This changeset standardizes on "Public Key ID", making the output
	consistent across uses.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-10-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in: Added
	gnutls_certificate_get_crt_raw() to return the raw certificate as
	present in the credentials structure.

2013-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c, src/common.c: corrected
	length calculation

2013-10-09  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls/build/priorities.scm, guile/src/core.c: 
	guile: Fix possible stack overflows.

2013-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/psk.c,
	src/srptool.c: Corrected possible buffer overruns in included
	programs and examples.  Corrected possible buffer overruns in included programs and
	examples.  Reported by Pedro Ribeiro <pedrib@gmail.com>.

2013-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected typo

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-srptool.texi, src/srptool-args.c, src/srptool-args.h: 
	autogen'ed files update

2013-10-04  Attila Molnar <attilamolnar@hush.com>

	* src/srptool.c: Fix srptool issues From dc3a0d6d8d4aa98ccb19641e6668a03d77f381f1 Mon Sep 17 00:00:00
	2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
	2013 13:42:10 +0200 Subject: [PATCH 2/2] srptool: Fix segfault when
	 an invalid group parameter index is given If no group with the given index was found in the password conf file
	srptool crashed instead of reporting the error because the return
	value of fgets() wasn't validated before it was passed to atoi().  Signed-off-by: Attila Molnar <attilamolnar@hush.com>

2013-10-04  Attila Molnar <attilamolnar@hush.com>

	* src/srptool-args.def, src/srptool.c: Fix srptool issues From 1fac0e5352e88addb8bf57dcac126918f19d7303 Mon Sep 17 00:00:00
	2001 From: Attila Molnar <attilamolnar@hush.com> Date: Tue, 1 Oct
	2013 13:40:01 +0200 Subject: [PATCH 1/2] srptool: Fix inability to
	 add users to tpasswd and broken -i switch Signed-off-by: Attila Molnar <attilamolnar@hush.com>

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.def,
	src/cli-args.h: doc update

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.h: 
	autogen'ed files update

2013-10-03  Raj Raman <rajramanca@gmail.com>

	* src/cli-args.def, src/cli.c, src/inline_cmds.h: support inline
	command infrastructure in gnutls-cli Signed-off-by: Raj Raman <rajramanca@gmail.com>

2013-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cve-2008-4989.c, tests/pkcs12_encode.c: avoid the usage of
	error()

2013-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2013-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/tpm.c: include config.h in tpm.c

2013-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated

2013-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/it.po.in: Sync with TP.

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: define subgroup bits for the weak and
	export parameters, to allow DH group generation.

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: document the version macros

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: doc update

2013-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: verbose is everywhere unsigned

2013-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: removed limitation as this has been
	resolved

2013-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi, lib/ext/heartbeat.c: doc update

2013-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: doc update

2013-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: doc update

2013-09-15  Ludovic Courtès <ludo@gnu.org>

	* guile/src/Makefile.am: guile: Use intermediary files when
	generating code.

2013-09-15  Ludovic Courtès <ludo@gnu.org>

	* guile/src/Makefile.am: guile: Make builds parallel-safe.  Reported by Andreas Metzler <ametzler@bebt.de>.

2013-09-10  Tobias Polzer <tobias.polzer@fau.de>

	* lib/gnutls_srp.c: Fixed a typo in the documentation Fixed a typo in the documentation for
	gnutls_srp_set_server_credentials_function.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: libopts is linked prior to libgnu to solve issue
	in win32. Initial patch by Tomasz Gajewski.

2013-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-x509-callbacks.c: Test gnutls_handshake_get_last_in()
	and gnutls_handshake_get_last_out() for correctness.

2013-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: Ignore non-fatal handshake alerts.

2013-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/mini-record-timing.c: silence warning about return
	code

2013-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.c: updates in record packet encoding.

2013-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-record-2.c: Test the null cipher as well.

2013-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: added comments

2013-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
	gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
	gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h: 
	Revert "updated gnulib" This reverts commit 9ad95f3ac723ae85fdfbe4f3a4fab4ededfa7857.

2013-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/certtool-extras.c, src/certtool.c,
	src/danetool.c, src/ocsptool-common.c, src/ocsptool.c,
	src/p11tool.c, src/pkcs11.c, src/serv.c, src/tpmtool.c: Avoid using
	gnulib's error()

2013-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/record-sizes.c: record-sizes can only work properly with a
	stream cipher.

2013-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: corrected max_user_send_size() for DTLS.

2013-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-record-2.c: test for excessive records being correctly
	send

2013-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_range.c,
	lib/gnutls_record.c, lib/gnutls_record.h: _gnutls_send_tlen_int()
	accepts the actual pad rather than the intended data. Corrections in
	sending records with %NEW_PADDING.

2013-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/m4/intl.m4, gl/m4/warnings.m4, gl/sys_socket.in.h,
	gl/sys_time.in.h, gl/tests/binary-io.h, gl/tests/test-sys_select.c,
	gl/tests/test-sys_time.c, gl/u64.h, gl/unistd.in.h, gl/xsize.h: 
	updated gnulib

2013-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: removed dane.nox.su from the good list

2013-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: explicitly initialize the log functions

2013-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-record-2.c: Added test to send
	variable packet sizes.

2013-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: doc update

2013-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: simplified pad calculation

2013-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-shared-key.texi: mention RSA-PSK

2013-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/rsa_psk.c: author update

2013-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/rsa_psk.c, lib/gnutls_int.h, lib/gnutls_state.c: 
	Improvements in RSA-PSK.

2013-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, m4/hooks.m4: released 3.2.4

2013-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/Makefile.am: added missing file

2013-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/rsa_psk.c: indented code

2013-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-rsa-psk.c: Added test program for
	RSA-PSK key exchange.

2013-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/kx.c, lib/auth/cert.h, lib/auth/rsa_common.h,
	lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c: 
	Optimizations in RSA-PSK by removing unneeded code.

2013-06-29  Frank Morgner <morgner@informatik.hu-berlin.de>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/algorithms/kx.c, lib/algorithms/publickey.c,
	lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/psk.c,
	lib/auth/psk.h, lib/auth/rsa.c, lib/auth/rsa_common.h,
	lib/auth/rsa_psk.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in: ported patch for RSA-PSK revives some deletions from a8504e254f6ff23200c6069961ab367c9cec43a0 original patch can be found in
	e3c245b951530a92fc610a130faf167a37461073
	f06ba1b71fa2cf9e1f3e33ea58cda94aaff88f20

2013-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: arcfour is restored in the top of the
	performance priority.

2013-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-cert-status.c: removed unused function

2013-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-cert-status.c: Added test to verify
	the correct operation of gnutls_certificate_server_set_request().

2013-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: Corrected
	gnutls_certificate_server_set_request().

2013-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/vi.po.in: Sync with TP.

2013-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume.c: Try 3 resumption attempts and try also session db
	and ticket.

2013-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: only register current session when not
	resuming

2013-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c: do not duplicate tests for null.

2013-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: remove ifdefs for session tickets

2013-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: export gnutls_record_set_timeout(). Reported by
	Nicolai Stange.

2013-08-18  Stefan Bühler <stbuehler@web.de>

	* lib/algorithms/ciphersuites.c, tests/priorities.c: add some
	RC4-128-SHA1 ciphersuites based on ECDH(E) key exchanges

2013-08-18  Stefan Bühler <stbuehler@web.de>

	* tests/anonself.c, tests/dhepskself.c, tests/dtls/dtls-stress.c,
	tests/mini-alpn.c, tests/mini-deflate.c,
	tests/mini-dtls-heartbeat.c, tests/mini-dtls-hello-verify.c,
	tests/mini-dtls-large.c, tests/mini-dtls-record.c,
	tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
	tests/mini-eagain-dtls.c, tests/mini-eagain.c,
	tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
	tests/mini-loss-time.c, tests/mini-overhead.c,
	tests/mini-record-range.c, tests/mini-record.c,
	tests/mini-rehandshake.c, tests/mini-termination.c,
	tests/mini-x509-2.c, tests/mini-x509-callbacks.c,
	tests/mini-x509-cas.c, tests/mini-x509.c, tests/mini-xssl.c,
	tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/openpgpself.c,
	tests/pskself.c, tests/record-sizes-range.c, tests/record-sizes.c,
	tests/resume-dtls.c, tests/resume.c,
	tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
	tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
	tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
	tests/suite/mini-record-timing.c, tests/x509dn.c, tests/x509self.c: 
	fix transport parameter casts in tests

2013-08-24  Andreas Metzler <ametzler@downhill.at.eu.org>

	* tests/sha2/sha2: Clean up after test.

2013-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pem-decoding: Corrected access of temp file.
	Reported by Thomas Witt.

2013-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: No longer recommend the use of RC4

2013-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-x86.c, lib/gnutls_global.h,
	lib/gnutls_priority.c: AES-GCM is preferred always

2013-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2013-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, lib/Makefile.am, lib/gnutls_errors.c,
	lib/gnutls_str.c, lib/vasprintf.c, lib/vasprintf.h, lib/xssl.c,
	src/certtool.c, src/cli-debug.c, src/cli.c,
	src/crywrap/Makefile.am, src/crywrap/crywrap.c, src/danetool.c,
	src/ocsptool.c, src/p11tool.c, src/psk.c, src/serv.c,
	src/srptool.c, src/tpmtool.c: included programs no longer depend on
	GPL/LGPLv3 elements of gnulib to prevent their accidental inclusion
	in the library.

2013-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, gl/Makefile.am, gl/accept.c, gl/alloca.in.h,
	gl/alphasort.c, gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
	gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
	gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
	gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h,
	gl/asnprintf.c, gl/asprintf.c, gl/base64.c, gl/base64.h,
	gl/basename-lgpl.c, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
	gl/c-ctype.h, gl/close.c, gl/closedir.c, gl/connect.c,
	gl/dirent-private.h, gl/dirent.in.h, gl/dirname-lgpl.c,
	gl/dirname.h, gl/dup2.c, gl/errno.in.h, gl/error.c, gl/error.h,
	gl/fd-hook.c, gl/fd-hook.h, gl/filename.h, gl/float+.h, gl/float.c,
	gl/float.in.h, gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c,
	gl/fseterr.c, gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c,
	gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
	gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h,
	gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c,
	gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/inet_ntop.c, gl/inet_pton.c, gl/isnan.c,
	gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
	gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c,
	gl/lseek.c, gl/m4/alphasort.m4, gl/m4/argp.m4, gl/m4/closedir.m4,
	gl/m4/dirent_h.m4, gl/m4/dirname.m4, gl/m4/double-slash-root.m4,
	gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/error.m4,
	gl/m4/exponentf.m4, gl/m4/exponentl.m4, gl/m4/frexp.m4,
	gl/m4/frexpl.m4, gl/m4/fseterr.m4, gl/m4/getopt.m4,
	gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
	gl/m4/malloca.m4, gl/m4/mempcpy.m4, gl/m4/nocrash.m4,
	gl/m4/opendir.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
	gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/readdir.m4,
	gl/m4/scandir.m4, gl/m4/setenv.m4, gl/m4/signbit.m4,
	gl/m4/sleep.m4, gl/m4/stdarg.m4, gl/m4/strchrnul.m4,
	gl/m4/sysexits.m4, gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4,
	gl/m4/vprintf-posix.m4, gl/malloc.c, gl/math.c, gl/math.in.h,
	gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
	gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
	gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
	gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
	gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
	gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
	gl/rawmemchr.c, gl/rawmemchr.valgrind, gl/read-file.c,
	gl/read-file.h, gl/readdir.c, gl/realloc.c, gl/recv.c,
	gl/recvfrom.c, gl/scandir.c, gl/select.c, gl/send.c, gl/sendto.c,
	gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h, gl/signbitd.c,
	gl/signbitf.c, gl/signbitl.c, gl/size_max.h, gl/sleep.c,
	gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
	gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
	gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
	gl/str-two-way.h, gl/strcasecmp.c, gl/strchrnul.c,
	gl/strchrnul.valgrind, gl/strdup.c, gl/string.in.h,
	gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c, gl/strndup.c,
	gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c, gl/sys_select.in.h,
	gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/sys_uio.in.h, gl/sysexits.in.h,
	gl/tests/Makefile.am, gl/{ => tests}/dosname.h, gl/{ =>
	tests}/fpucw.h, gl/tests/infinity.h, gl/{ => tests}/intprops.h,
	gl/tests/malloca.c, gl/tests/malloca.h, gl/tests/malloca.valgrind,
	gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/putenv.c,
	gl/tests/randomd.c, gl/tests/randoml.c, gl/tests/setenv.c, gl/{ =>
	tests}/strerror-override.c, gl/{ => tests}/strerror-override.h,
	gl/{ => tests}/strerror.c, gl/tests/test-argp-2.sh,
	gl/tests/test-argp.c, gl/tests/test-dirent.c,
	gl/tests/test-environ.c, gl/tests/test-fprintf-posix.h,
	gl/tests/test-frexp.c, gl/tests/test-frexp.h,
	gl/tests/test-frexpl.c, gl/tests/test-fseterr.c,
	gl/tests/test-getopt.c, gl/tests/test-getopt.h,
	gl/tests/test-getopt_long.h, gl/tests/test-isnand-nolibm.c,
	gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c,
	gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c,
	gl/tests/test-isnanl.h, gl/tests/test-malloc-gnu.c,
	gl/tests/test-malloca.c, gl/tests/test-math.c,
	gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
	gl/tests/test-printf-posix.h, gl/tests/test-printf-posix.output,
	gl/tests/test-rawmemchr.c, gl/tests/test-setenv.c,
	gl/tests/test-signbit.c, gl/tests/test-sleep.c,
	gl/tests/test-strchrnul.c, gl/tests/test-sysexits.c,
	gl/tests/test-unsetenv.c, gl/tests/test-version-etc.c,
	gl/tests/test-version-etc.sh, gl/tests/test-vfprintf-posix.c,
	gl/tests/test-vfprintf-posix.sh, gl/tests/test-vprintf-posix.c,
	gl/tests/test-vprintf-posix.sh, gl/tests/unsetenv.c, gl/time.in.h,
	gl/time_r.c, gl/u64.h, gl/unistd.in.h, gl/vasnprintf.c,
	gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c,
	gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c,
	gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h,
	src/certtool.c, src/cli-debug.c, src/cli.c, src/danetool.c,
	src/ocsptool-common.c, src/ocsptool.c, src/p11tool.c, src/psk.c,
	src/serv.c, src/srptool.c, src/tpmtool.c: gnulib only contains
	lgplv2 modules

2013-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/de.po.in, po/vi.po.in: Sync with TP.

2013-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: removed unused code

2013-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: Do not try to parse arbitrary objects as
	certificates.

2013-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: don't ignore errors when copying
	resumption values

2013-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: mention that new padding is currently a
	gnutls extension

2013-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/libopts/makeshell.c: do not require localtime

2013-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: added mkdir

2013-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c: inverse check for cipher ok and priority.

2013-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: documented parameters

2013-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: no need to keep separate priority lists for
	export ciphersuites (they are no longer available).

2013-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added the PFS
	priority string option.

2013-07-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.2.3

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: allow empty fragments with padding.

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/record-sizes-range.c: corrected test

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/record-sizes-range.c: Added test for the
	range functionality.

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, tests/mini-overhead.c: corrected overhead
	calculation in AEAD ciphers.

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Correctly report unicode status in win32 API

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: correctly link with librt when needed.

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am, lib/system.c: link with libiconv
	when needed.

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/snippet/unused-parameter.h, configure.ac,
	gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
	gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
	gl/iconv_open-aix.gperf, gl/iconv_open-hpux.gperf,
	gl/iconv_open-irix.gperf, gl/iconv_open-osf.gperf,
	gl/iconv_open-solaris.gperf, gl/iconv_open.c,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv_h.m4,
	gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4, gl/m4/inline.m4,
	gl/m4/intl.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
	gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
	gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/po.m4,
	gl/m4/setlocale.m4, gl/tests/Makefile.am, gl/tests/locale.in.h,
	gl/tests/localename.c, gl/tests/localename.h, gl/tests/setlocale.c,
	gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
	gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
	gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
	gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
	gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
	gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
	gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
	gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
	gl/unistr/u8-uctomb.c, gl/unitypes.in.h: Removed LGPLv3 gnulib
	components.  This removes the gnulib iconv, and uses libc or libiconv if needed.

2013-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.2.3pre0

2013-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: Added new functions

2013-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2013-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_record.h: use common macros to
	calculate the overhead.

2013-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
	lib/gnutls_constate.c, lib/gnutls_constate.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h: The after handshake
	function is now called before epoch change.  This allows enabling certain features, such as the new record
	padding, prior to exchanging finished messages.

2013-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/record-sizes.c: test sending and receiving the maximum
	allowed TLS buffer size.

2013-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected guile-site-dir option. Patch by Steve
	Erhart.

2013-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.h: Do not count pad and MAC as received data.

2013-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: simplified decrypted data allocation.

2013-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c, lib/gnutls_record.h: 
	small optimizations.

2013-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_record.c: When in compatibility
	mode allow for larger record sizes than the maximum.

2013-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/{mini.c => record-sizes.c}: Updated mini
	test.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/ag-char-map.h: Applied Bruce Korb's fix on
	unacceptable chars.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/ag-char-map.h: Revert "Ignore non-ascii characters in
	configuration file." This reverts commit b973840f5dff9924108af9574bdee1064e06fb88.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/priorities.c: test also the number of ciphers.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added helper functions to export the available
	ciphers in a priority structure

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/priorities.c: Added a test that checks
	whether the priorities behave as expected (depends on the supported
	ciphersuite numbers)

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: When adding a bulk of priorities make sure
	they don't replace the whole list. Reported by Stefan Buehler.

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc update

2013-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: updated doc

2013-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/ag-char-map.h: Ignore non-ascii characters in
	configuration file.  This is a quick fix for

	http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001126.html

2013-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: make sure that the .info files are as new as the pdfs
	and html.

2013-07-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, doc/examples/ex-serv-x509.c: X.509
	server example updated to include OCSP stapling

2013-07-16  Matt Whitlock <matt@whitlock.name>

	* lib/gnutls_buffers.c: avoid leaking a buffer element when
	_gnutls_stream_read returns 0

2013-07-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: doc update

2013-07-17  Stefan Bühler <stbuehler@web.de>

	* lib/gnutls_priority.c: gnutls priority string parsing bug fix Fix priority string parsing (example: "NONE:+MAC-ALL:-SHA1:+SHA1"
	misses SHA1 and has MD5 twice) prio_remove doesn't zero the removed element, prio_add (and perhaps
	other functions) assumes the list to be zero terminated.  Make prio_remove zero the element at the end, and use the actual
	length of the list in prio_add.  Relying on the trailing zero will fail if the list is full, and
	might lead to invalid memory accesses as the loop won't stop until
	it finds either the algorithm identifier or 0.

2013-07-17  Adam Sampson <ats@offog.org>

	* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
	tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
	tests/x509dn.c, tests/x509self.c: Disable tests that use socketpair
	on _WIN32.  socketpair isn't provided on Windows, so these tests should just
	exit 77.  Note that resume-dtls.c already had a guard like this -- I've
	rewritten it to match the others, but socketpair (presumably!) isn't
	the only reason that test is disabled on Win32.  Signed-off-by: Adam Sampson <ats@offog.org>

2013-07-16  Adam Sampson <ats@offog.org>

	* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
	tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
	tests/x509dn.c, tests/x509self.c: Use socketpair() rather than TCP
	connections.  Besides simplifying the code, this also makes it possible to run
	"make check" in parallel -- previously this didn't work because
	several tests were trying to bind the same port.  Signed-off-by: Adam Sampson <ats@offog.org>

2013-07-16  Adam Sampson <ats@offog.org>

	* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
	tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
	tests/x509dn.c, tests/x509self.c: Detect socket() error responses
	correctly.  The code was testing the wrong variable...  Signed-off-by: Adam Sampson <ats@offog.org>

2013-07-16  Adam Sampson <ats@offog.org>

	* doc/scripts/gdoc: Avoid depending on hash order in gdoc.  Previously, gdoc had a hash of regexp replacements for each output
	format, and applied the replacements in the order that "keys"
	returned for the hash. However, not all orders are safe -- and now
	that Perl 5.18 randomises hash order per-process, it only worked
	sometimes! For example, this order is OK: 'is a #gnutls_session_t structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
	#gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
	#gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
	@code{gnutls_session_t}  structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
	@code{gnutls_session_t}  structure.' This one, however, winds up producing invalid texinfo: 'is a #gnutls_session_t structure.' '\%([A-Za-z0-9_]+)' -> 'is a
	#gnutls_session_t structure.' '([A-Za-z0-9_]+\(\))' -> 'is a
	#gnutls_session_t structure.' '\#([A-Za-z0-9_]+)' -> 'is a
	@code{gnutls_session_t}  structure.' '\@([A-Za-z0-9_]+)\s*' -> 'is a
	@code{code} {gnutls_session_t}  structure.' This patch turns the hash into a list, so the replacements will
	always be done in the intended order.  Signed-off-by: Adam Sampson <ats@offog.org>

2013-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c, tests/mini-dtls-heartbeat.c,
	tests/mini-dtls-large.c, tests/mini-dtls-rehandshake.c,
	tests/mini-dtls-srtp.c, tests/mini-loss-time.c: Run DTLS tests under
	reliable transports to avoid unexpected packet loss.

2013-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: Link with librt when needed. Reported by Joern
	Clausen.

2013-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_range.c, lib/gnutls_session_pack.c: eliminated the need
	for the additional version variable.

2013-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated w32 makefile

2013-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath, gl/Makefile.am, gl/argp-help.c,
	gl/c-ctype.h, gl/fseeko.c, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4,
	gl/m4/lock.m4, gl/m4/manywarnings.m4, gl/m4/stdalign.m4,
	gl/m4/warnings.m4, gl/msvc-inval.c, gl/stdalign.in.h,
	gl/stdio.in.h, gl/tests/Makefile.am, gl/tests/getcwd-lgpl.c,
	gl/tests/ignore-value.h, gl/tests/malloca.c,
	gl/tests/test-getaddrinfo.c, gl/tests/test-snprintf.c,
	gl/tests/test-sys_socket.c, gl/tests/test-vasnprintf.c,
	gl/tests/test-vsnprintf.c, gl/vasnprintf.c, gl/verify.h, maint.mk: 
	updated gnulib

2013-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.2.2

2013-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: doc update

2013-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: typo fix

2013-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: gnutls-cli -l prints the supported digest algorithms
	as well.

2013-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: corrected return value.

2013-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Check for nanosleep in librt, when not in libc.
	Reported by Joern Clausen.

2013-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: corrected typo

2013-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: updated

2013-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: try to reduce memory in internal structure

2013-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	tests/mini-x509-callbacks.c: Allow hooks to be called before or
	after generation/receiving.

2013-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in: Revert "simplified hook function,
	to apply only to post-processing or generation of messages." This reverts commit 7b14a8217b78aaf3367d13181237bf937292f5ba.

2013-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-10  Gustavo Zacarias <gustavo@zacarias.com.ar>

	* lib/accelerated/cryptodev.c: Eliminate reset from cryptodev hashes
	and mac It wasn't done in 73ec74c2 and 6f0ecbf4 for cryptodev causing build
	failures.  Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/mac.c: doc update

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: make sure that the hook function is always
	called.

2013-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: New functions added

2013-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2013-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: When resuming a session send only the
	mandatory extensions.  That will make server behavior to conform to TLS RFC. Reported by
	Peter Dettman.

2013-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c: corrected typo

2013-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c: Include MKI size in size calculations for the
	extension.  This prevents a parsing error when MKI is being used.  Reported by
	Gábor Tatárka.

2013-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.h: Fix for NetBSD systems that do not have
	CLOCK_PROCESS_CPUTIME_ID. Patch by Thomas Klausner.

2013-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: make sure that a valid number of days is entered

2013-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/DCO.txt: Added DCO

2013-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: added new functions

2013-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-hello-verify.c: simplified structure

2013-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: corrected issue in client hello verify.

2013-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/mac.c, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in: Added helper functions for digests.

2013-07-04  Stef Walter <stefw@redhat.com>

	* lib/pkcs11.c: pkcs11: Use the correct attribute length for
	CKA_TRUSTED CKA_TRUSTED is a CK_BBOOL value in PKCS#11. Since object searches
	are done with the attribute byte values, we need to get the length
	exactly right.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-x509-callbacks.c: updated for new callback format

2013-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: corrected typo

2013-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: doc update

2013-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: when removing a cipher priority, make sure
	the order is kept

2013-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_record_overhead_size2 -> gnutls_est_record_overhead_size

2013-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: doc update

2013-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/eo.po.in, po/fi.po.in: Sync with TP.

2013-06-28  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: guile: Keep a weak reference on objects
	aggregated by other objects.  Before, in cases such as `set-anonymous-server-dh-parameters!' where
	the C object beneath CRED keeps a pointer to the C object beneath
	DH_PARAMS, DH_PARAMS could be garbage-collected before CRED, leading
	to the destruction of the underlying C object.  Reported by Nikos Mavrogiannopoulos <nmav@gnutls.org>.

2013-06-28  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
	guile/tests/x509-auth.scm: guile: tests: Use `port->fdes' rather
	than `fileno'.  This has no practical impact, but it's a better way to express that
	we don't want the file descriptors closed behind our back.

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: removed unsupported RSA-EXPORT

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib: 
	documented private extensions

2013-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in: simplified hook function, to apply
	only to post-processing or generation of messages.

2013-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: documented dtls behavior.

2013-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: enforce the maximum TLS size when setting MTU

2013-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-large.c: make sure that no DTLS MTU size can
	exceed 2^14.

2013-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/nettle/Makefile.am: Revert "Add nettle
	dependencies to libcrypto.la" This reverts commit f3ef68f4f79434fadc3f28c649744e57f3eef99b.

2013-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-dtls-large.c: Added test to verify
	whether DTLS layer will send GNUTLS_E_LARGE_PACKET on large packets

2013-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/cs.po.in: Sync with TP.

2013-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c: check for zero values when import DH
	parameters.

2013-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/de.po.in, po/nl.po.in, po/pl.po.in, po/uk.po.in, po/vi.po.in: 
	Sync with TP.

2013-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/debug.c, lib/debug.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/mini-x509-callbacks.c: Added
	gnutls_handshake_set_hook_function() to allow hooks on arbitrary
	handshake messages.

2013-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/announce.txt: added BCC to avoid forgetting it in the future

2013-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: doc update

2013-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_dtls.c, lib/gnutls_state.c,
	lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: avoid the introduction of a new function to
	disable replay protection.

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: changed port to avoid conflicts

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-overhead.c: small update

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: removed unused var

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool-args.c, src/tpmtool-args.h: updated tpmtool
	auto-gen'ed files

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_dtls.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_record_overhead_size() and Added
	gnutls_record_overhead_size2().

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: doc update

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/includes/gnutls/dtls.h, lib/libgnutls.map: DTLS replay
	protection can now be disabled.

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: doc update

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphers.c, lib/includes/gnutls/crypto.h,
	lib/libgnutls.map: Added gnutls_cipher_get_tag_size().

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
	lib/libgnutls.map: Added gnutls_certificate_set_trust_list().

2013-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
	lib/gnutls_sig.c: explicit tests for non-null version

2013-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c: fix typo

2013-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c, lib/gnutls_dtls.c: corrected heartbeat
	timeout documentation; reported by Sebastien Decugis.

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/ar-lib: updated file

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/sha2/sha2, tests/sha2/sha2-dsa: avoid common files

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/test-driver, configure.ac: require automake 1.12.2 for
	guile.

2013-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: SECURE -> SECURE128

2013-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/tests/priorities.scm: corrected priority strings

2013-06-06  Martin Storsjo <martin@martin.st>

	* extra/Makefile.am, lib/Makefile.am, lib/accelerated/Makefile.am,
	lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am,
	lib/auth/Makefile.am, lib/ext/Makefile.am, lib/extras/Makefile.am,
	lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
	lib/x509/Makefile.am: Add NETTLE_CFLAGS in makefiles This is required for using nettle/memxor.h, which now is included
	implicitly via gnutls_int.h, if the nettle include directories
	aren't in one of the compiler standard paths.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-06-06  Martin Storsjo <martin@martin.st>

	* src/crywrap/Makefile.am: crywrap: Use the libidn pkg-config
	include and lib paths Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-06-06  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/Makefile.am: guile: Use `LOG_COMPILER', as required by
	Automake 1.12+.

2013-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/nettle/Makefile.am: Add nettle dependencies
	to libcrypto.la

2013-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am: correctly place cflags

2013-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-shared-key.texi: discourage usage of anonymous
	authentication

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_global.c: doc update

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls.pc.in, lib/nettle/Makefile.am,
	m4/hooks.m4: Directly link to gmp library. Based on original patch
	by Alon Bar-Lev <alon.barlev@gmail.com>.

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross.mk

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/pem-decoding,
	tests/dsa/Makefile.am, tests/openpgp-certs/Makefile.am: several
	updates for tests to run under win32

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: null terminate strings in windows

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated makefile

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12-decode/pkcs12: fix windows extension

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs1-padding/Makefile.am: avoid running tests which require
	datefudge in windows

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: avoid struct sigaction in win32

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pem-decoding: Avoid comparing the expiration date
	to prevent false positive error in 32-bit systems.

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pathlen: Revert "Avoid comparing the expiration
	date to prevent false positive error in 32-bit systems." This reverts commit 64f9b5787c9b404763f59b3252fe4ef1b862aa00.

2013-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pathlen: Avoid comparing the expiration date to
	prevent false positive error in 32-bit systems.

2013-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi, doc/cha-upgrade.texi: doc updates

2013-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated from 3.2.1

2013-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for suse's CA bundle file

2013-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/privkey.c: call cleanup and deinit on the correct
	number of parameters

2013-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c: avoid calling clear on null values

2013-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am, lib/gnutls.pc.in, m4/hooks.m4: use
	pkg-config to detect nettle

2013-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-xssl.c: ignore sigpipe

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: allow ciphersuites with elliptic
	curves even when using SSL 3.0. This works around a bug on openssl
	in certain Debian systems.

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/LINGUAS, po/eo.po.in: Sync with TP.

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-xssl.c: updated xssl.

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: doc update

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-overhead.c: document sizes

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: more precise calculation of overhead

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-overhead.c: Check overhead in DTLS.

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: doc update

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in: 
	revert prototype move

2013-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-support.texi, doc/manpages/Makefile.am: 
	doc update

2013-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: Eliminated memory
	copy on decryption.

2013-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.h: corrected likely()

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-deflate.c, tests/mini-x509-2.c, tests/mini-x509.c: use
	various ciphers in tests.

2013-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: doc update

2013-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: avoid delays by using a reliable
	transport layer.

2013-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: removed test file from repository

2013-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-record.c: avoid delays by using a reliable transport
	layer.

2013-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: Eliminated memory
	copy at encryption.

2013-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: eliminated unused variable

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: revive gnutls_handshake_get_last_in().
	Report by Mann Ern Kang.

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c: 
	simplified code by passing an mbuffer.

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_mbuffers.h: better name

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: always set hash length

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/gnutls_pubkey.c, lib/nettle/pk.c: 
	corrected bug with _gnutls_dsa_q_to_hash() usage introduced
	previously

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/algorithms.h,
	lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c,
	lib/auth/cert.c, lib/auth/rsa.c, lib/auth/srp_rsa.c,
	lib/ext/signature.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_sig.c,
	lib/gnutls_state.c, lib/gnutls_ui.c: optimized access to TLS
	protocol version properties.

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/accelerated/x86/hmac-padlock.c,
	lib/algorithms.h, lib/algorithms/ciphers.c,
	lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/sign.c,
	lib/crypto-api.c, lib/ext/session_ticket.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_constate.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_range.c, lib/gnutls_sig.c,
	lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/nettle/pk.c, lib/opencdk/Makefile.am,
	lib/opencdk/hash.c, lib/opencdk/pubkey.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/verify-tofu.c,
	lib/x509/crq.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_int.h: simplified access to cipher and mac properties
	to reduce wasted cycles.

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* extra/gnutls_openssl.c: modified openssl compat API to use the
	exported API

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: no longer export internal hash functions

2013-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-hello-verify.c: removed memory leak

2013-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_num.c, lib/gnutls_num.h: inlined simple functions

2013-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mbuffers.c: avoid calloc

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: fixes in record version checking

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: use sigaction instead of signal in gnutls-cli

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: Revert "break the loop when a SIGALRM has been
	received" This reverts commit c3b3a0c6bd14a542e11873ebe0975a5ddd0ab46b.

2013-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/m4/libopts.m4: relax check on requirement on headers
	for libopts. Reported by Mark Brand.

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Improved record version checks

2013-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-dtls-hello-verify.c: Added test for
	hello verify message

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mac.c: fail on wrong key sizes

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_dtls.c: corrected record overhead calculations

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: more detailed error

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: corrected resumption check

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated doc

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Allow record layer packets with version less
	than the negotiated.  Allowing such records avoids issue in DTLS client hello request
	verification.

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.pc.in: removed undefined variable

2013-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c, lib/gnutls_session.c,
	lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: 
	gnutls_session_set_id() was added

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: break the loop when a SIGALRM has been received

2013-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/m4/libopts.m4: configure proceeds if regex library
	isn't found

2013-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: documented function behavior

2013-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: corrected typo

2013-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c, lib/nettle/pk.c, lib/opencdk/keydb.c,
	lib/opencdk/sig-check.c, lib/x509/common.c,
	lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/xssl.c, libdane/dane.c: several updates

2013-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: print message on certificate verification

2013-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/pem-decoding: more verbose messages

2013-05-10  Tim Kosse <tim.kosse@filezilla-project.org>

	* tests/eagain-common.h: When retrying gnutls_record_send due to
	GNUTLS_E_AGAIN, also try passing null data and length. Tests will
	fail after this patch until next patch is applied that fixes a bug
	in gnutls_record_send.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-05-10  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/gnutls_record.c: If gnutls_record_send fails with
	GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, the documentation allows
	passing null for the data and size on retry.  Commit 2ec84d6 broke this usage of gnutls_record_send. This patch
	fixes the problem.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi, lib/gnutls_ui.c: typo fixes by Andreas
	Metzler

2013-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.2.0

2013-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
	doc/cha-gtls-examples.texi: simplified node referencing and add
	NEW_PADDING in doc

2013-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: increased revision

2013-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: doc update

2013-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphersuites.c: Added more options for
	salsa20 ciphers

2013-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/m4/libopts.m4: applied libregex patch

2013-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
	lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
	lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-macosx.s: use C's style
	comments to compile in old MacOSX systems. Reported by Ryan Schmidt.

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi: doc update

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/alpn.c: clarified doc

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
	doc/manpages/tpmtool.1: updated for new autogen

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-alpn.c: updated for new api

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: updated path

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: corrected API usage.

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_alert.c,
	lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in: Added support
	for the NO_APPLICATION_PROTOCOL alert for ALPN.

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c,
	src/common.c: Improved ALPN support in gnutls-cli

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
	src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
	src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
	src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
	src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
	src/srptool-args.c, src/srptool-args.h: updated libopts generated
	files.

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
	src/libopts/Makefile.am, src/libopts/README,
	src/libopts/ag-char-map.h, src/libopts/alias.c,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.c, src/libopts/autoopts.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
	src/libopts/check.c, src/libopts/compat/compat.h,
	src/libopts/compat/pathfind.c, src/libopts/compat/snprintf.c,
	src/libopts/compat/strchr.c, src/libopts/compat/strdup.c,
	src/libopts/compat/windows-config.h, src/libopts/configfile.c,
	src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
	src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
	src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
	src/libopts/libopts.c, src/libopts/load.c,
	src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
	src/libopts/makeshell.c, src/libopts/nested.c,
	src/libopts/numeric.c, src/libopts/option-value-type.c,
	src/libopts/option-value-type.h,
	src/libopts/option-xat-attribute.c,
	src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
	src/libopts/parse-duration.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
	src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
	src/libopts/stack.c, src/libopts/streqvcmp.c,
	src/libopts/text_mmap.c, src/libopts/time.c,
	src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c: 
	updated libopts to autogen 5.17.3

2013-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/cli.c: Added --alpn option to cli

2013-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2013-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/mac.c: Added umac-128

2013-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: set the
	key purpose in certificate requests

2013-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/utils.h: Do not call gnutls_pkcs11_init() when pkcs11 is
	disabled. Reported by Linus Nordberg.

2013-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: corrected typo.
	reported by Etan Reisner.

2013-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/mini-eagain2.c, tests/suite/mini-record-timing.c: 
	updated include files

2013-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: simplified code

2013-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/getdtablesize.m4,
	gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
	gl/tests/getdtablesize.c, gl/tests/glthread/threadlib.c,
	gl/tests/test-dup2.c, gl/tests/test-getdtablesize.c: updated gnulib

2013-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/anonself.c, tests/certder.c,
	tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
	tests/chainverify-unsorted.c, tests/chainverify.c,
	tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
	tests/cve-2009-1415.c, tests/cve-2009-1416.c, tests/dhepskself.c,
	tests/dn.c, tests/dn2.c, tests/dtls/dtls-stress.c, tests/gc.c,
	tests/hostname-check.c, tests/infoaccess.c, tests/init_roundtrip.c,
	tests/key-openssl.c, tests/mini-alpn.c, tests/mini-deflate.c,
	tests/mini-dtls-heartbeat.c, tests/mini-dtls-record.c,
	tests/mini-dtls-rehandshake.c, tests/mini-dtls-srtp.c,
	tests/mini-eagain-dtls.c, tests/mini-eagain.c,
	tests/mini-emsgsize-dtls.c, tests/mini-handshake-timeout.c,
	tests/mini-loss-time.c, tests/mini-record-range.c,
	tests/mini-record.c, tests/mini-rehandshake.c, tests/mini-tdb.c,
	tests/mini-termination.c, tests/mini-x509-2.c,
	tests/mini-x509-callbacks.c, tests/mini-x509-cas.c,
	tests/mini-x509.c, tests/mini-xssl.c, tests/mini.c, tests/moredn.c,
	tests/mpi.c, tests/nul-in-x509-names.c, tests/ocsp.c,
	tests/openpgp-auth.c, tests/openpgp-auth2.c,
	tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
	tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pkcs12_simple.c,
	tests/pskself.c, tests/resume-dtls.c, tests/resume.c,
	tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
	tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
	tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
	tests/set_pkcs12_cred.c, tests/setcredcrash.c,
	tests/slow/cipher-test.c, tests/slow/gendh.c, tests/slow/keygen.c,
	tests/srp/mini-srp.c, tests/suite/mini-eagain2.c,
	tests/suite/mini-record-timing.c, tests/utils.h,
	tests/x509_altname.c, tests/x509cert-tl.c, tests/x509cert.c,
	tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c: When
	running tests disable PKCS #11 support to avoid detecting memory
	leaks from PKCS #11 libraries.

2013-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: doc update

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/Makefile.am: link explicitly to librt

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2013-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, build-aux/config.rpath, build-aux/gendocs.sh,
	configure.ac, gl/Makefile.am, gl/gettime.c,
	gl/glthread/threadlib.c, gl/intprops.h, gl/m4/clock_time.m4,
	gl/m4/frexp.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/intl.m4, gl/m4/po.m4, gl/m4/putenv.m4,
	gl/m4/stdalign.m4, gl/m4/sys_types_h.m4, gl/m4/timer_time.m4,
	gl/m4/timespec.m4, gl/sys_select.in.h, gl/sys_time.in.h,
	gl/tests/Makefile.am, gl/tests/malloca.h, gl/tests/putenv.c,
	gl/timespec.c, gl/timespec.h, gl/unistd.in.h, lib/gnutls_dtls.c,
	lib/gnutls_dtls.h, lib/gnutls_state.c, lib/nettle/rnd.c,
	lib/system.h, src/benchmark-cipher.c, src/benchmark.c,
	src/benchmark.h, tests/suite/Makefile.am,
	tests/suite/mini-record-timing.c: Avoid linking the library on
	librt.

2013-04-27  Stef Walter <stefw@redhat.com>

	* tests/suite/mini-record-timing.c: test suite: Add missing header Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/complex-cert.pem,
	tests/cert-tests/pem-decoding: Added test for escaping rules.

2013-04-27  Stef Walter <stefw@redhat.com>

	* lib/x509/common.c: Add the standard description OID to those
	recognized for DNs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/dn.c: Always escape printable strings
	the LDAP way, and avoid escaping hex encoded values. Report and
	initial patch from Stef Walter.

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h: Do not include null
	terminator in DN string.  When printing an unknown DN string as hex do not include the null
	terminator.  Reported by Stef Walter.

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Link against pthread only when pthread_mutex_lock
	isn't in libc

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/sha-padlock.c: initialize the digest after
	output on padlock.

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
	src/pkcs11.c: read_yesno() accepts a default value. By default
	certificates are marked as ok for signing and encryption.

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated license

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/sha-padlock.c, lib/crypto-backend.h,
	lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/nettle/mac.c: eliminate the reset ability
	from hashes

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/hmac-padlock.c, lib/crypto-backend.h,
	lib/gnutls_cipher_int.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/nettle/mac.c: Do not handle MAC reset
	separately. It is implied by nettle's output function.

2013-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: updated documentation

2013-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
	src/benchmark.h: updated benchmark output

2013-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated TODO list

2013-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c: use the
	pass argument on PKCS #11 keys.

2013-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/sha-padlock.c: corrected memory leak in
	padlock_hash_fast()

2013-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: mention about experimental protocols

2013-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: nettle 2.7 is required

2013-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-crypto.texi: doc update

2013-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-crypto.texi: Added documentation on public key API.

2013-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Added priority
	string VERS-DTLS-ALL

2013-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
	m4/hooks.m4: nettle 2.7 is required

2013-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected doc

2013-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/mac.c, lib/nettle/cipher.c, lib/nettle/mac.c,
	m4/hooks.m4, src/benchmark-tls.c: renamed HAVE_UMAC -> HAVE_NETTLE27

2013-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
	src/benchmark-tls.c: Added ESTREAM salsa20 cipher.

2013-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mac.c: better naming of functions

2013-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/mac.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/mac.c, m4/hooks.m4: Updated UMAC code to use nettle's new
	implementation

2013-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: added note about LGPLv3

2013-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system_override.c: doc update

2013-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: use unlikely

2013-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2013-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/cha-intro-tls.texi, lib/ext/Makefile.am,
	lib/ext/alpn.c, lib/ext/alpn.h, lib/gnutls_extensions.c,
	lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, m4/hooks.m4, tests/Makefile.am,
	tests/mini-alpn.c: Added support for the ALPN extension.

2013-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c: removed unused variables

2013-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c, src/tests.c, src/tests.h: removed the RSA-EXPORT
	checks

2013-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated

2013-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
	doc/cha-tokens.texi, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_certificate_set_x509_key_mem2() and
	gnutls_certificate_set_x509_key_file2()

2013-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/cha-gtls-examples.texi,
	lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c: doc
	updates

2013-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphers.c,
	lib/gnutls_constate.c, lib/gnutls_state.c, lib/gnutls_state.h: 
	removed TLS export key generation

2013-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, doc/cha-gtls-app.texi, lib/Makefile.am,
	lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/algorithms/kx.c, lib/algorithms/publickey.c,
	lib/auth/Makefile.am, lib/auth/cert.h, lib/auth/rsa.c,
	lib/auth/rsa_export.c, lib/gnutls_auth.c, lib/gnutls_cert.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_priority.c, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session_pack.c,
	lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in, lib/x509/privkey.c,
	lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c: Removed the
	RSA-EXPORT ciphersuites.

2013-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-library.texi, lib/algorithms/ciphersuites.c,
	lib/algorithms/protocols.c, lib/gnutls_priority.c,
	lib/includes/gnutls/gnutls.h.in, tests/mini-emsgsize-dtls.c: Added
	support for DTLS 1.2

2013-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/gnutls.h.in: deprecated
	gnutls_privkey_sign_raw_data()

2013-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated

2013-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_range.c: updates in range handling code.

2013-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-record-range.c: Added test for
	record ranges.

2013-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdhe.c: Set the curve priority to calling derive.

2013-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: reduce the number of temp variables in ECDH

2013-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: print the signatures used.

2013-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c, lib/ext/signature.h, lib/gnutls_int.h,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_sign_algorithm_get_client()

2013-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c, m4/hooks.m4: Changed license of heartbeat
	implementation to match the rest of the library

2013-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: updated text

2013-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c: gnutls_pong() returns zero on success.

2013-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.h: removed function that didn't exist

2013-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c, lib/ext/heartbeat.h: updated heartbeat

2013-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-heartbeat.c: Check all error conditions.

2013-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c: Corrected bug in heartbeat send (reported by
	Joke de Buhr).

2013-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms.h, lib/algorithms/ecc.c, lib/auth/ecdhe.c,
	lib/crypto-backend.h, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
	lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/nettle/Makefile.am,
	lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
	lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
	lib/nettle/ecc_mulmod_cached.c, lib/nettle/ecc_points.c,
	lib/nettle/ecc_projective_add_point_ng.c,
	lib/nettle/ecc_projective_check_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_projective_isneutral.c,
	lib/nettle/ecc_projective_negate_point.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_verify_hash.c, lib/nettle/init.c,
	lib/nettle/multi.c, lib/nettle/pk.c, lib/nettle/wmnaf.c,
	lib/x509/key_decode.c, lib/x509/privkey.c: Removed elliptic curve
	code from gnutls. Use nettle's implementation.

2013-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: corrected issue in ecccertfile option

2013-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: make a short list of the available PK
	algorithms

2013-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, tests/x509sign-verify.c: Added sign
	and verification flags to operate in RSA raw mode (as used in TLS).

2013-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/rsa.c, lib/gnutls_int.h: When in compatibility mode allow
	for a wrong version in the RSA PMS.

2013-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/protocols.c, lib/auth/rsa.c,
	lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_record.c: 
	convert gnutls versions to TLS major-minor in a single function.

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/perlasm/license-gnutls.txt,
	lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
	lib/accelerated/x86/coff/cpuid-x86-coff.s,
	lib/accelerated/x86/elf/cpuid-x86-64.s,
	lib/accelerated/x86/elf/cpuid-x86.s,
	lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
	lib/ext/status_request.h, lib/gnutlsxx.cpp,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/verify-high.h: changed license headers to 2.1. Reported by
	Andreas Metzler.

2013-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: updated copyright

2013-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphers.c, lib/algorithms/mac.c,
	lib/crypto-api.c, lib/includes/gnutls/crypto.h,
	lib/includes/gnutls/gnutls.h.in: Added gnutls_mac_get_nonce_size()

2013-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: doc update

2013-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: corrected file location

2013-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-auth.c: use return instead of exit

2013-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: use the proper defines

2013-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/abstract_int.h, lib/auth/cert.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/openpgp.h,
	lib/openpgp/gnutls_openpgp.c: Fixes in openpgp handshake with
	fingerprints. Reported by Joke de Buhr.

2013-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-auth.c: openpgp-auth tests
	gnutls_openpgp_set_recv_key_function() as well.

2013-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_sig.c: correct issue with the (deprecated)
	external key signing and TLS 1.2

2013-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: use clock_gettime when we can

2013-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c: removed R20

2013-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
	src/benchmark-tls.c: Salsa20R20 -> Salsa20

2013-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map, tests/gc.c: use the exported variant of
	_gnutls_hmac_fast().

2013-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/cryptodev.c,
	lib/accelerated/x86/hmac-padlock.c, lib/algorithms/ciphers.c,
	lib/algorithms/ciphersuites.c, lib/algorithms/mac.c,
	lib/crypto-api.c, lib/crypto-backend.h, lib/ext/session_ticket.c,
	lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/nettle/cipher.c, lib/nettle/mac.c,
	lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, m4/hooks.m4,
	src/benchmark-cipher.c, src/benchmark-tls.c: The HMAC subsystem can
	now be used for other MAC algorithms, like UMAC. UMAC-96 and
	UMAC-128 were conditionally added.

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: use RSA ciphersuite to compare ciphers.

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: corrected bug in stream ciphers and added new
	cipher to the new padding format.

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms.h, lib/algorithms/ciphers.c,
	lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
	lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/nettle/cipher.c, lib/x509/privkey_openssl.c,
	lib/x509/privkey_pkcs8.c, src/benchmark-cipher.c,
	src/benchmark-tls.c: Added salsa20 cipher, and ciphersuites.

2013-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: search only for slots with tokens and avoid caching
	to prevent issues with multiple threads.

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, lib/gnutls_privkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
	gnutls_privkey_status()

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: avoid internal error

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: use correct type for rv

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: scan slots on PKCS #11 providers only when needed,
	not on initialization.

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: doc update

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: documented the new configure options

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/crypto-backend.h, lib/gnutls_mpi.h, lib/gnutls_pk.c,
	lib/nettle/mpi.c, lib/openpgp/privkey.c, lib/x509/privkey.c: Private
	key parameters are overwritten with zeros on deinitialization.

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi, doc/latex/cover.tex, doc/latex/gnutls.bib: 
	doc updates

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: simplified text

2013-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
	gnutls_privkey_sign_raw_data()

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pcert.c: simplified code

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: gnutls-serv may run without certificate, but will
	issue a warning

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: gnutls-serv issues an error if no certificate and key
	pair was set.

2013-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING.LESSER, README: gnutls 3.1.10 is LGPLv2.1

2013-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/kx.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
	lib/gnutlsxx.cpp, src/cli-debug.c, src/serv.c, src/tests.c: Added
	several ifdefs to avoid using disabled code.

2013-03-12  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* doc/cha-bib.texi, doc/cha-tokens.texi: Document mechanism used for
	*_key_id() creation.  For the rationale behind this, see the gnutls-devl thread 'X.509
	"Key Identifiers" in GnuTLS' found either at

	http://lists.gnutls.org/pipermail/gnutls-devel/2013-March/006182.htmland
	http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6674

2013-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
	doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	lib/gnutls_int.h, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, src/common.c: Added gnutls_session_get_desc()

2013-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
	lib/auth/Makefile.am, lib/auth/anon_ecdh.c, lib/auth/cert.c,
	lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dhe.c,
	lib/auth/dhe_psk.c, lib/auth/{ecdh_common.c => ecdhe.c},
	lib/auth/{ecdh_common.h => ecdhe.h}, lib/auth/rsa_export.c,
	lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_priority.c,
	lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	m4/hooks.m4: Added options to disable more key exchange mechanisms.  In that DHE was separated from ECDHE.

2013-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: removed unneeded code

2013-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: When requesting DANE data resolve a service name into a
	port number. Reported by James Cloos.

2013-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: removed

2013-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi: doc update

2013-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c: avoid duplicate memory allocation in
	_gnutls_x509_get_dn()

2013-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/dane-test.rr: The default dane output is type 03
	now.

2013-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: simplified

2013-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c, lib/gnutls_x509.c, lib/gnutls_x509.h: Return
	proper also when loading a private key.

2013-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/tpm.h, lib/tpm.c: GNUTLS_TPMKEY_FMT_DER ->
	GNUTLS_TPMKEY_FMT_RAW

2013-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_x509.c: 
	return unimplemented feature on encounter of a known but unsupported
	url

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
	src/danetool.c: updates in danetool

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.ac: Added configure option to disable the
	build of tests.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h: updated example
	template.

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ecore/src/lib/Ecore.h: updated

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: corrected allocation size

2013-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: simplified text

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Fixes in cpu and cross-compilation detection

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_int.h: Placed back _gnutls_x509_compare_raw_dn().

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: check revocation prior to reading local certs.

2013-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: deinitialize the certificate

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: When cross compiling do not check for ca
	certificates.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: auto-detect CA certificates only if
	with-default-trust-store-file is not provided.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: corrected parameters.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/system.c, lib/x509/verify-high.c, lib/x509/verify-high2.c,
	tests/x509cert-tl.c: Added functions that remove certificates from a
	trust list.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/includes/gnutls/dane.h: updated doc

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: Check for revoked certs in android and do not add.
	Suggested by David Woodhouse.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: corrected add_system_trust() in the unsupported
	system case.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/verify-high.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Several
	optimizations on certificate comparisons including DN. This speeds
	up CA certificate loading, and certificate verification.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: Revert "When making the hash list of the
	CAs avoid calling get_raw_*_dn() which is very costly." This reverts commit 1b7d66354e9b4d174b58233f4dd8ab46a1d45f14.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: When making the hash list of the CAs avoid
	calling get_raw_*_dn() which is very costly.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/x509.c,
	lib/x509/x509_int.h: Added new functions to get the LDAP DN in an
	allocated buffer.

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: Removed unused code.

2013-03-05  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* lib/x509/x509_write.c: fix description of id_size parameter

2013-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: handle the interesting variance between directories

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: test for ANDROID or __ANDROID__

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/ar-lib: updated

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: call gl_EARLY earlier, and add AM_PROG_AR.

2013-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.pc.in: corrected link

2013-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed Werror from automake rules

2013-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: Added flag

2013-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, ChangeLog: removed

2013-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, src/Makefile.am: changes to avoid compilation
	of programs that cannot be.

2013-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: more simplifications to
	gnutls_x509_trust_list_add_system_trust()

2013-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: corrected reading from directory.

2013-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: gnutls_x509_trust_list_add_system_trust() was made
	to work in android 4.x.

2013-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: More cleanups in
	gnutls_x509_trust_list_add_system_trust()

2013-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Select CPU optimizations based on target cpu rather
	than the host.

2013-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/system.c: some simplifications in
	gnutls_x509_trust_list_add_system_trust()

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool.c: Use ARCFOUR cipher by default to be
	compatible with devices like android that don't support AES

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-danetool.texi, libdane/dane.c,
	libdane/includes/gnutls/dane.h, src/danetool-args.c,
	src/danetool-args.def, src/danetool-args.h, src/danetool.c,
	tests/suite/Makefile.am, tests/suite/testdane: Added verify flags
	for DANE to enforce verification and restrict it to a field.

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, ChangeLog: added empty ChangeLog

2013-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
	build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
	build-aux/snippet/c++defs.h, build-aux/snippet/unused-parameter.h,
	build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
	build-aux/vc-list-files, doc/gendocs_template, gl/Makefile.am,
	gl/accept.c, gl/alloca.in.h, gl/alphasort.c, gl/argp-ba.c,
	gl/argp-eexst.c, gl/argp-fmtstream.c, gl/argp-fmtstream.h,
	gl/argp-fs-xinl.c, gl/argp-help.c, gl/argp-namefrob.h,
	gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c, gl/argp-pvh.c,
	gl/argp-xinl.c, gl/argp.h, gl/arpa_inet.in.h, gl/asnprintf.c,
	gl/asprintf.c, gl/base64.c, gl/base64.h, gl/basename-lgpl.c,
	gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c, gl/c-ctype.h,
	gl/c-strcase.h, gl/c-strcasecmp.c, gl/c-strncasecmp.c, gl/close.c,
	gl/closedir.c, gl/connect.c, gl/dirent-private.h, gl/dirent.in.h,
	gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h, gl/dup2.c,
	gl/errno.in.h, gl/error.c, gl/error.h, gl/fd-hook.c, gl/fd-hook.h,
	gl/filename.h, gl/float+.h, gl/float.c, gl/float.in.h, gl/fpucw.h,
	gl/frexp.c, gl/frexpl.c, gl/fseek.c, gl/fseeko.c, gl/fseterr.c,
	gl/fseterr.h, gl/fstat.c, gl/ftell.c, gl/ftello.c,
	gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
	gl/getopt.c, gl/getopt.in.h, gl/getopt1.c, gl/getopt_int.h,
	gl/getpass.c, gl/getpass.h, gl/getpeername.c, gl/getsubopt.c,
	gl/gettext.h, gl/gettime.c, gl/gettimeofday.c,
	gl/glthread/threadlib.c, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
	gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c, gl/iconv_open.c,
	gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/isnan.c,
	gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
	gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c,
	gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/alloca.m4, gl/m4/alphasort.m4,
	gl/m4/argp.m4, gl/m4/arpa_inet_h.m4, gl/m4/base64.m4,
	gl/m4/byteswap.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
	gl/m4/closedir.m4, gl/m4/codeset.m4, gl/m4/dirent_h.m4,
	gl/m4/dirname.m4, gl/m4/double-slash-root.m4, gl/m4/dup2.m4,
	gl/m4/eealloc.m4, gl/m4/environ.m4, gl/m4/errno_h.m4,
	gl/m4/error.m4, gl/m4/exponentd.m4, gl/m4/exponentf.m4,
	gl/m4/exponentl.m4, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
	gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/fdopen.m4,
	gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/frexp.m4, gl/m4/frexpl.m4,
	gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fseterr.m4, gl/m4/fstat.m4,
	gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/ftruncate.m4, gl/m4/func.m4,
	gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/getopt.m4, gl/m4/getpagesize.m4,
	gl/m4/getpass.m4, gl/m4/getsubopt.m4, gl/m4/gettext.m4,
	gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
	gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
	gl/m4/iconv.m4, gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4,
	gl/m4/iconv_open.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
	gl/m4/inet_pton.m4, gl/m4/inline.m4, gl/m4/intdiv0.m4,
	gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
	gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
	gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/ioctl.m4,
	gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4,
	gl/m4/largefile.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
	gl/m4/ld-version-script.m4, gl/m4/ldexpl.m4, gl/m4/lib-ld.m4,
	gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/libunistring-base.m4,
	gl/m4/locale-fr.m4, gl/m4/locale-ja.m4, gl/m4/locale-tr.m4,
	gl/m4/locale-zh.m4, gl/m4/locale_h.m4, gl/m4/localename.m4,
	gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/lstat.m4,
	gl/m4/malloc.m4, gl/m4/malloca.m4, gl/m4/manywarnings.m4,
	gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4,
	gl/m4/mempcpy.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
	gl/m4/mode_t.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
	gl/m4/nls.m4, gl/m4/nocrash.m4, gl/m4/off_t.m4, gl/m4/open.m4,
	gl/m4/opendir.m4, gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4,
	gl/m4/po.m4, gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
	gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4,
	gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/read-file.m4,
	gl/m4/readdir.m4, gl/m4/realloc.m4, gl/m4/scandir.m4,
	gl/m4/select.m4, gl/m4/servent.m4, gl/m4/setenv.m4,
	gl/m4/setlocale.m4, gl/m4/signal_h.m4, gl/m4/signbit.m4,
	gl/m4/size_max.m4, gl/m4/sleep.m4, gl/m4/snprintf.m4,
	gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
	gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4, gl/m4/stat.m4,
	gl/m4/stdalign.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
	gl/m4/stddef_h.m4, gl/m4/stdint.m4, gl/m4/stdint_h.m4,
	gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4, gl/m4/strcase.m4,
	gl/m4/strchrnul.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
	gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/strings_h.m4,
	gl/m4/strndup.m4, gl/m4/strnlen.m4, gl/m4/strtok_r.m4,
	gl/m4/strverscmp.m4, gl/m4/symlink.m4, gl/m4/sys_ioctl_h.m4,
	gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4,
	gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4, gl/m4/sys_uio_h.m4,
	gl/m4/sysexits.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
	gl/m4/time_r.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4,
	gl/m4/uintmax_t.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
	gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4,
	gl/m4/version-etc.m4, gl/m4/vfprintf-posix.m4, gl/m4/visibility.m4,
	gl/m4/vprintf-posix.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
	gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4,
	gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c, gl/math.in.h,
	gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
	gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
	gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
	gl/printf-args.c, gl/printf-args.h, gl/printf-frexp.c,
	gl/printf-frexp.h, gl/printf-frexpl.c, gl/printf-frexpl.h,
	gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
	gl/rawmemchr.c, gl/read-file.c, gl/read-file.h, gl/readdir.c,
	gl/realloc.c, gl/recv.c, gl/recvfrom.c, gl/scandir.c, gl/select.c,
	gl/send.c, gl/sendto.c, gl/setsockopt.c, gl/shutdown.c,
	gl/signal.in.h, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
	gl/size_max.h, gl/sleep.c, gl/snprintf.c, gl/socket.c,
	gl/sockets.c, gl/sockets.h, gl/stdalign.in.h, gl/stdarg.in.h,
	gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio-impl.h,
	gl/stdio.c, gl/stdio.in.h, gl/stdlib.in.h, gl/str-two-way.h,
	gl/strcasecmp.c, gl/strchrnul.c, gl/strdup.c,
	gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
	gl/string.in.h, gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c,
	gl/strndup.c, gl/strnlen.c, gl/strtok_r.c, gl/strverscmp.c,
	gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
	gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
	gl/sysexits.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
	gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/ftruncate.c,
	gl/tests/getcwd-lgpl.c, gl/tests/getpagesize.c,
	gl/tests/glthread/lock.c, gl/tests/glthread/lock.h,
	gl/tests/ignore-value.h, gl/tests/infinity.h, gl/tests/init.sh,
	gl/tests/inttypes.in.h, gl/tests/ioctl.c, gl/tests/locale.in.h,
	gl/tests/localename.c, gl/tests/localename.h, gl/tests/lstat.c,
	gl/tests/macros.h, gl/tests/malloca.c, gl/tests/malloca.h,
	gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
	gl/tests/pathmax.h, gl/tests/perror.c, gl/tests/pipe.c,
	gl/tests/putenv.c, gl/tests/randomd.c, gl/tests/randoml.c,
	gl/tests/same-inode.h, gl/tests/setenv.c, gl/tests/setlocale.c,
	gl/tests/signature.h, gl/tests/stat.c, gl/tests/strerror_r.c,
	gl/tests/symlink.c, gl/tests/sys_ioctl.in.h,
	gl/tests/test-accept.c, gl/tests/test-alloca-opt.c,
	gl/tests/test-argp-2.sh, gl/tests/test-argp.c,
	gl/tests/test-arpa_inet.c, gl/tests/test-base64.c,
	gl/tests/test-binary-io.c, gl/tests/test-bind.c,
	gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
	gl/tests/test-c-strcasecmp.c, gl/tests/test-c-strncasecmp.c,
	gl/tests/test-close.c, gl/tests/test-connect.c,
	gl/tests/test-dirent.c, gl/tests/test-dup2.c,
	gl/tests/test-environ.c, gl/tests/test-errno.c,
	gl/tests/test-fcntl-h.c, gl/tests/test-fdopen.c,
	gl/tests/test-fgetc.c, gl/tests/test-float.c,
	gl/tests/test-fprintf-posix.h, gl/tests/test-fputc.c,
	gl/tests/test-fread.c, gl/tests/test-frexp.c,
	gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
	gl/tests/test-fseek.c, gl/tests/test-fseeko.c,
	gl/tests/test-fseeko3.c, gl/tests/test-fseeko4.c,
	gl/tests/test-fseterr.c, gl/tests/test-fstat.c,
	gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
	gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
	gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
	gl/tests/test-func.c, gl/tests/test-fwrite.c,
	gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
	gl/tests/test-getdelim.c, gl/tests/test-getline.c,
	gl/tests/test-getopt.c, gl/tests/test-getopt.h,
	gl/tests/test-getopt_long.h, gl/tests/test-getpeername.c,
	gl/tests/test-gettimeofday.c, gl/tests/test-iconv-h.c,
	gl/tests/test-iconv-utf.c, gl/tests/test-iconv.c,
	gl/tests/test-ignore-value.c, gl/tests/test-inet_ntop.c,
	gl/tests/test-inet_pton.c, gl/tests/test-init.sh,
	gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
	gl/tests/test-ioctl.c, gl/tests/test-isnand-nolibm.c,
	gl/tests/test-isnand.h, gl/tests/test-isnanf-nolibm.c,
	gl/tests/test-isnanf.h, gl/tests/test-isnanl-nolibm.c,
	gl/tests/test-isnanl.h, gl/tests/test-listen.c,
	gl/tests/test-locale.c, gl/tests/test-localename.c,
	gl/tests/test-lstat.c, gl/tests/test-lstat.h,
	gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
	gl/tests/test-math.c, gl/tests/test-memchr.c,
	gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
	gl/tests/test-open.c, gl/tests/test-open.h,
	gl/tests/test-pathmax.c, gl/tests/test-perror.c,
	gl/tests/test-perror2.c, gl/tests/test-pipe.c,
	gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
	gl/tests/test-printf-posix.h, gl/tests/test-rawmemchr.c,
	gl/tests/test-read-file.c, gl/tests/test-recv.c,
	gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
	gl/tests/test-select-stdin.c, gl/tests/test-select.c,
	gl/tests/test-select.h, gl/tests/test-send.c,
	gl/tests/test-sendto.c, gl/tests/test-setenv.c,
	gl/tests/test-setlocale1.c, gl/tests/test-setlocale2.c,
	gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
	gl/tests/test-signal-h.c, gl/tests/test-signbit.c,
	gl/tests/test-sleep.c, gl/tests/test-snprintf.c,
	gl/tests/test-sockets.c, gl/tests/test-stat.c,
	gl/tests/test-stat.h, gl/tests/test-stdalign.c,
	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
	gl/tests/test-stdint.c, gl/tests/test-stdio.c,
	gl/tests/test-stdlib.c, gl/tests/test-strchrnul.c,
	gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
	gl/tests/test-string.c, gl/tests/test-strings.c,
	gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c,
	gl/tests/test-symlink.c, gl/tests/test-symlink.h,
	gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
	gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
	gl/tests/test-sys_time.c, gl/tests/test-sys_types.c,
	gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h,
	gl/tests/test-sysexits.c, gl/tests/test-time.c,
	gl/tests/test-u64.c, gl/tests/test-unistd.c,
	gl/tests/test-unsetenv.c, gl/tests/test-vasnprintf.c,
	gl/tests/test-vasprintf.c, gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
	gl/tests/test-vfprintf-posix.c, gl/tests/test-vprintf-posix.c,
	gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
	gl/tests/unistr/test-u8-mbtoucr.c,
	gl/tests/unistr/test-u8-uctomb.c, gl/tests/unsetenv.c,
	gl/tests/w32sock.h, gl/tests/zerosize-ptr.h, gl/time.in.h,
	gl/time_r.c, gl/timespec.h, gl/u64.h, gl/unistd.in.h,
	gl/unistr.in.h, gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
	gl/unistr/u8-uctomb.c, gl/unitypes.in.h, gl/vasnprintf.c,
	gl/vasnprintf.h, gl/vasprintf.c, gl/verify.h, gl/version-etc-fsf.c,
	gl/version-etc.c, gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c,
	gl/vsnprintf.c, gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk: 
	updated gnulib

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: Added gnutls_pkcs11_privkey_status

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/invoke-certtool.texi,
	doc/manpages/Makefile.am: updated

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.h, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/gnutls_session_pack.c: small optimizations in session storage

2013-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: no need to memset during session deinit.

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/nettle/rnd.c, tests/rng-fork.c: fixed nonce generation
	after fork().

2013-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c, lib/gnutls_handshake.c,
	lib/gnutls_session_pack.c: Small fixes.

2013-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: Added
	gnutls_pkcs11_privkey_status().

2013-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: doc update

2013-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/errors.c, libdane/includes/gnutls/dane.h: 
	when verifying a DANE CA constraint make sure that the provided
	chain is actually a chain.

2013-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: doc update

2013-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: mention enable-in in p11-kit config.

2013-02-20  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* lib/gnutls_psk.c, lib/gnutls_str.c: Moved gnutls_hex_(en|de)code
	functions from lib/gnutls_psk.c to lib/gnutls_str.c to fix
	compilation of certtool when PSK is disabled.  These are rather generic functions by nature, so it would be
	reasonable to include them in GnuTLS even if PSK support is
	disabled.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: print info on reinitializor error.

2013-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: Documented the DANE situation in gnutls.
	Suggested by Gabor Toth.

2013-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkcs11.c: Fixed gnutls_pkcs11_reinit() to reinitialize
	all modules.

2013-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: return proper error

2013-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: use set_int when needed

2013-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_datum.c,
	lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_x509.c,
	lib/x509/ocsp.c, lib/x509/pkcs12.c, lib/xssl_getline.c: Use
	gnutls_realloc_fast everywhere. Suggested by David Woodhouse.

2013-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/rsa.c: better cleanup on error on export case

2013-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: corrected parsing issue in XMPP data when in a
	subject alternative name

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in, lib/tpm.c, src/common.c: cleaned up
	the PIN calling in TPM

2013-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi,
	doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-anon.c,
	doc/examples/ex-client-dtls.c, doc/examples/ex-client-psk.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
	doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c,
	lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, src/cli.c, src/serv.c: Added convenience
	functions to avoid ugly casting in simple programs.

2013-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-dtls.c, doc/examples/ex-serv-dtls.c: be
	more explicit in DTLS examples to account for LARGE_PACKET error

2013-02-16  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* lib/pkcs11.c: fix two minor memory leaks when PKCS#11 is in use

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: corrected export of functions

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: corrected gnutls_pubkey_verify_data()

2013-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: reduced hash table size

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: doc update

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Added const

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
	lib/includes/gnutls/gnutls.h.in: gnutls_handshake_set_server_random
	-> gnutls_handshake_set_random

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: timespec_sub_ms -> _gnutls_timespec_sub_ms

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_handshake_set_server_random

2013-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: properly set close-on-exec.

2013-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-anon.c: avoid ptrdiff_t

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-extras.c: certtool's --to-p12 will now ask for
	a password to generate PKCS #12 files.  That is when provided an encrypted key file. Reported by Yan Fiz.

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: prefer plain RSA to DHE-RSA and DHE-DSS

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: removed duplicate

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/invoke-gnutls-cli.texi: small updates

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: slow tests moved at the end of the suite

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: simplified cleaning-up in
	_gnutls_stream_read and _gnutls_dgram_read

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: corrected extract_digest_info

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, tests/mini-x509-callbacks.c: In client
	side the verify callback is always being called.

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: further relaxed security levels

2013-01-29  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* Makefile.am, configure.ac: Add option to disable generation of any
	documentation for GnuTLS.

2013-01-29  Jaak Ristioja <jaak.ristioja@cyber.ee>

	* Makefile.am, libdane/Makefile.am, libdane/includes/Makefile.am: 
	Prevent libdane pkgconfig stuff from being installed if libdane
	support is disabled.

2013-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, cross.mk, m4/hooks.m4: updates for 3.1.8

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/secparams.c: Restored 3.1.6 defaults and
	documented fix.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: reduced the very weak DH level to 768
	bits to not reject popular sites that operate on that level.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dh_common.c: added debugging message to indicate the
	number of bits.

2013-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Do not call the certificate verification
	callback if certificates are ignored.

2013-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: avoid memset on the whole record header
	length

2013-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/privkey.c: fixed issue in
	gnutls_x509_privkey_import2()

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-tokens.texi, doc/latex/gnutls.bib,
	lib/tpm.c: reference TPMURI

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/x509/x509.c: updated doc

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: corrected typo

2013-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: corrected wrap_nettle_hash_algorithm() to work
	with arbitrary key sizes.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_session_pack.c: Added
	a magic number in front session DB data.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: Corrected typo. Reported by Mark Brand.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cipher.c: update

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/ca-no-pathlen.pem: test update

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-functions.texi, doc/manpages/Makefile.am: update

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-gtls-app.texi, lib/gnutls_record.c: 
	updated doc

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-gnutls-cli.texi: doc update

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_range.c: document limitation

2013-01-24  Alfredo Pironti <alfredo@pironti.eu>

	* lib/gnutls_range.c: Make sure we don't fail if writing gets
	interrupted

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-heartbeat.c: disable heartbeat test if it isn't
	included.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: postpone the change

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING.LESSER: Revert "license is again LGPLv2.1" This reverts commit b7eea829d4b1db58c49bf5c3e31e4be5b61fb2e8.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/mini-record-timing.c: updated test

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_hash_int.h: Fixes to avoid a
	timing attack in TLS CBC record parsing.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_record.c: only register
	heartbeat if it is enabled.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING.LESSER: license is again LGPLv2.1

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
	m4/hooks.m4: updated heartbeat code, and made it optional.

2013-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: corrected typo

2013-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/status_request.c, lib/gnutls_db.c, lib/gnutls_str.c,
	lib/pkcs11_write.c, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
	lib/x509/output.c, lib/x509/verify-high.c, lib/x509/x509.c: Use
	LGPLv2.1 in the files their author's agreed to.

2013-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
	lib/x509/verify-high2.c: Added GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA
	to specify trusted CA certificates.

2013-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: added new func

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session_pack.c: corrected session resumption

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c: simplified DB storing

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: 
	Applied disable SNI patch from Daniel.

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c: remove function is not required to add or
	retrieve from db.

2013-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/accelerated/accelerated.c,
	lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86.c,
	lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h,
	lib/algorithms.h, lib/algorithms/cert_types.c,
	lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/publickey.c,
	lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/anon.c,
	lib/auth/anon.h, lib/auth/anon_ecdh.c, lib/auth/cert.c,
	lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
	lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdh_common.c,
	lib/auth/ecdh_common.h, lib/auth/psk.c, lib/auth/psk.h,
	lib/auth/psk_passwd.c, lib/auth/psk_passwd.h, lib/auth/rsa.c,
	lib/auth/rsa_export.c, lib/auth/srp.c, lib/auth/srp.h,
	lib/auth/srp_passwd.c, lib/auth/srp_passwd.h, lib/auth/srp_rsa.c,
	lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c,
	lib/crypto-backend.h, lib/crypto.h, lib/debug.c, lib/debug.h,
	lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
	lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
	lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
	lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
	lib/ext/server_name.c, lib/ext/server_name.h,
	lib/ext/session_ticket.c, lib/ext/session_ticket.h,
	lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
	lib/ext/srp.h, lib/ext/srtp.c, lib/ext/srtp.h, lib/gnutls_alert.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
	lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
	lib/gnutls_ecc.c, lib/gnutls_ecc.h, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
	lib/gnutls_helper.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
	lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
	lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
	lib/gnutls_pcert.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
	lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
	lib/gnutls_session.c, lib/gnutls_session_pack.c,
	lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_str.h, lib/gnutls_str_array.h,
	lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
	lib/includes/gnutls/tpm.h, lib/locks.c, lib/locks.h,
	lib/nettle/cipher.c, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
	lib/nettle/ecc_mulmod.c, lib/nettle/ecc_mulmod_cached.c,
	lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point_ng.c,
	lib/nettle/ecc_projective_check_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_projective_isneutral.c,
	lib/nettle/ecc_projective_negate_point.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/egd.h,
	lib/nettle/init.c, lib/nettle/mac.c, lib/nettle/mpi.c,
	lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/wmnaf.c,
	lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
	lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
	lib/opencdk/keydb.h, lib/opencdk/literal.c, lib/opencdk/main.h,
	lib/opencdk/misc.c, lib/opencdk/new-packet.c,
	lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/stream.h, lib/opencdk/types.h,
	lib/opencdk/write-packet.c, lib/openpgp/compat.c,
	lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c, lib/pin.c, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/random.c,
	lib/random.h, lib/system.c, lib/system.h, lib/system_override.c,
	lib/tpm.c, lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/extensions.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/pbkdf2-sha1.c,
	lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_openssl.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
	lib/x509/verify-high2.c, lib/x509/verify.c, lib/x509/x509_int.h,
	lib/x509/x509_write.c, lib/x509_b64.c, lib/x509_b64.h: Use LGPLv2.1
	in the files their author's agreed to.

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c, lib/gnutls_session_pack.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_db_check_entry_time().

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c: deprecated problematic function

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_db.c, lib/gnutls_handshake.c,
	lib/gnutls_session_pack.c: Fixes in server side of DTLS-0.9.

2013-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/xssl.h: corrected typo

2013-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: uncork doesn't do anything when the session
	is already in flush mode

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/.gitignore: more files to ignore

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-examples.texi, lib/includes/gnutls/xssl.h: doc update

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/cover.tex: Added Alfredo

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-examples.texi, doc/gnutls.texi, doc/latex/cover.tex: 
	updated doc for XSSL

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, doc/examples/ex-client-xssl1.c,
	doc/examples/ex-client-xssl2.c: Added XSSL client examples.

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/libgnutls.map, tests/Makefile.am: Fixed
	compilation of mini-xssl.

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in: small fixes

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, m4/hooks.m4: xssl API moved to xssl library

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated text

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Comment out new padding until it is
	standardized or at least approved by the WG.

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/doc.mk: fix xssl

2013-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c: Corrected issue in gnutls-cli-debug which tried
	connections to multiple hosts.  gnutls-cli-debug was trying to connect to all possible IP addresses
	of the host and failed if any was unavailable. Now it tries
	sequentially and accepts the first that is working. Reported by
	Daniel Kahn Gillmor.

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2013-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS: updated NEWS

2013-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: Fix AEAD out-of-place decryption

2013-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/mini-record-timing.c: updated test

2013-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/gnutls_cert.c, lib/gnutls_errors.c,
	lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/{sbuf.h => xssl.h}, lib/libgnutls.map,
	lib/{sbuf.c => xssl.c}, lib/{sbuf.h => xssl.h}, lib/{sbuf_getline.c
	=> xssl_getline.c}, tests/Makefile.am, tests/mini-sbuf.c,
	tests/mini-xssl.c: Added new interface.

2013-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: propagate the error of the verify
	callback.

2013-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/sbuf.h, lib/libgnutls.map, lib/sbuf.c: updates
	in the sbuf API.

2013-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/crypto-backend.h, lib/gnutls_state.c,
	lib/includes/gnutls/crypto.h, lib/nettle/rnd.c, lib/random.c,
	lib/random.h: Added gnutls_rnd_refresh().

2013-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.h,
	lib/gnutls_ui.c: Keep the legacy dh_prime_bits.

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/includes/gnutls/sbuf.h, lib/sbuf.c,
	lib/sbuf.h, lib/verify-tofu.c: updated sbuf interface.

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated news

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/nettle/rnd.c: No need to cache events with the current
	behavior.

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c: use nonces instead of random data

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-sbuf.c: free all resources

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: nonces update the internal rng state much
	slower.

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/secparams.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_state.h, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in: Instead of setting directly the
	number of DH bits, set a security parameter per session.

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth/dh_common.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/gnutls_ui.c: The minimum DH prime bits are now set by the
	priority strings (that means they are increased for the SECURE
	strings).

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: warnings doesn't imply Werror

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: disable gnutls_certificate_get_peers_subkey_id()
	if not openpgp.

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: optimized random generator.

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for getpid().

2013-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
	lib/gnutls_dtls.h, lib/gnutls_int.h, lib/gnutls_state.c: 
	_dtls_timespec_sub_ms -> timespec_sub_ms

2013-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/mac.c: Avoid many indirect calls.

2013-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: reduced calls to getpid

2013-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: use the more precise gettime() instead of
	gettimeofday().

2013-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_range.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_range_split accepts pointers as arguments.

2013-01-24  Alfredo Pironti <alfredo@pironti.eu>

	* NEWS, doc/Makefile.am, lib/gnutls_range.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Make
	gnutls_range_split available from the GnuTLS API

2013-01-24  Alfredo Pironti <alfredo@pironti.eu>

	* .gitignore, NEWS, lib/libgnutls.map: - Remove references to the (now renamed) gnutls_range_send_message -
	Ignore sbuf-api generated documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk.h: Some fix when disable-psk-authentication is
	specified. Based on patch by Jaak Ristioja.

2013-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_dn.c: rewritten DN parsing code.

2013-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/template-dn.pem,
	tests/cert-tests/template-dn.tmpl, tests/cert-tests/template-test: 
	test the DN functionality of certtool.

2013-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/dane: dane test no longer fails if danetool isn't
	compiled

2013-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c, lib/tpm.c, lib/x509/common.c,
	lib/x509/pkcs12_encr.c, lib/x509/x509_dn.c: use the non-locale
	dependent versions of isxxx functions.

2013-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/sbuf.c: allow writes of more than the maximum record data.

2013-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in: introduced gnutls_cork() and
	gnutls_uncork().

2013-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/includes/gnutls/sbuf.h,
	lib/libgnutls.map, lib/sbuf.c, lib/sbuf.h, lib/sbuf_getline.c,
	tests/mini-sbuf.c: Added gnutls_sbuf_getdelim() and getline().

2013-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-gnutls-cli.texi: doc updates

2013-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_range.c, lib/gnutls_record.c,
	lib/gnutls_record.h: Small changes and a sanity check

2013-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp_output.c, lib/x509/output.c: print static strings
	without a printf-like function.

2013-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c,
	src/cli-args.def, src/cli-args.h, src/cli.c, src/socket.c,
	src/socket.h: Updated ranges patch.

2013-01-22  Alfredo Pironti <alfredo@pironti.eu>

	* doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/invoke-gnutls-cli.texi, lib/Makefile.am,
	lib/ext/new_record_padding.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/includes/gnutls/gnutls.h.in, src/cli-args.c, src/cli-args.def,
	src/cli-args.h, src/cli.c, src/socket.c, src/socket.h,
	tests/mini-record.c: GnuTLS Length Hiding patch.  - Remove random padding; use minimal padding with legacy interface - With new interface, use LH when possible, that is in CBC mode or
	with the new padding extension - Rename priority to "NEW_PADDING" - gnutls-cli: add command line switch --ranges using LH when
	possible.  - Update documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: changed function name to
	gnutls_session_force_valid.

2013-01-22  Martin Storsjo <martin@martin.st>

	* lib/gnutls.pc.in: Update Libs.private with @LIB_CLOCK_GETTIME@ as
	well This is required when linking as static libraries on linux, for
	-lrt.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: set a default error position.

2013-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_session_clear_invalid

2013-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: updated docs
	for sbuf API.

2013-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in: Added
	gnutls_record_set_timeout().

2013-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/Makefile.am, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/sbuf.h, lib/sbuf.c: updated sbuf layer.

2013-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi: Updated doc

2013-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c: corrected C parameter generation.

2013-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am, lib/gnutls.pc.in: Updated
	Libs.private with all the required libraries

2013-01-21  Martin Storsjo <martin@martin.st>

	* lib/gnutls.pc.in: Include libiconv in Libs.private This makes static linking succeed if the library is configured to
	use libiconv.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-21  Martin Storsjo <martin@martin.st>

	* lib/gnutls_global.c, lib/verify-tofu.c: Define _gnutls_file_mutex
	in gnutls_global.c instead of in verify-tofu.c This fixes issues with linking the tools on OS X if not building
	shared libraries.  Currently, if building with --disable-shared on OS X, the build
	fails with:   CCLD   gnutls-serv Undefined symbols for architecture x86_64:   "__gnutls_file_mutex", referenced from:       _gnutls_global_deinit in libgnutls.a(gnutls_global.o)       _gnutls_global_init in libgnutls.a(gnutls_global.o) ld:
	symbol(s) not found for architecture x86_64 It seems that the linker fails to pull in verify-tofu.o to satisfy
	the undefined reference to _gnutls_file_mutex.o in gnutls_global.o
	unless gnutls_global.o (or any other object file in the link) also
	calls functions that pulls in verify-tofu.o. Since gnutls_global.o
	always is linked in, but verify-tofu.o can be left out unless
	someone calls the functions in it, defining the mutex in
	gnutls_global.c makes sense and simplifies the dependencies.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/certtool-args.c, src/certtool-args.def,
	src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
	src/certtool.c, src/dh.c: Added --cprint option to certtool

2013-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE: updated coding style

2013-01-20  Alon Bar-Lev <alon.barlev@gmail.com>

	* src/Makefile.am: build: add danetool-args.c to BUILT_SOURCES Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Signed-off-by:
	Nikos Mavrogiannopoulos <nmav@gnutls.org>

2013-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/suite/Makefile.am,
	tests/suite/mini-record-timing.c: Added program to estimate the
	timings in different record paddings.

2013-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-danetool.texi, libdane/dane.c,
	libdane/includes/gnutls/dane.h, src/danetool-args.c,
	src/danetool-args.def, src/danetool-args.h, src/danetool.c: Added
	--insecure flag to danetool.

2013-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, tests/cert-tests/template-test.pem,
	tests/cert-tests/template-utf8.pem: modified certtool order of DN
	elements.

2013-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-sbuf.c: properly deinitialized sbuf

2013-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-record.c: initialize buffer before sending.

2013-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, tests/dn2.c: corrected test for new names and updated news.

2013-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, libdane/dane.c, libdane/errors.c,
	libdane/includes/gnutls/dane.h, libdane/libdane.map, m4/hooks.m4,
	src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
	src/danetool.c: Added options to specify a DLV file. Suggested by
	Paul Wouters.

2013-01-17  Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/x509_dn.c: Added gnutls_x509_crt_set_issuer_dn().

2013-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi: updated certtool doc

2013-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/cha-cert-auth2.texi,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
	lib/x509/x509_dn.c, src/certtool-args.c, src/certtool-args.def,
	src/certtool-args.h, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: Added functions to directly set the DN in a
	certificate or request from an RFC4514 string.

2013-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2013-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/Makefile.am,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/sbuf.c,
	tests/Makefile.am, tests/mini-sbuf.c: Added functions to assist
	buffering during transmission.  Added the gnutls_sbuf_t structure and accompanying functions to
	enable buffering in sending application data.

2013-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane-params.c: corrected copyright.

2013-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/rnd.c: Added new error code GNUTLS_E_RANDOM_DEVICE_ERROR.

2013-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/egd.c: Corrected issue when an EGD device was not
	found. Reported by Joshua Phillips.

2013-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: Added config rule

2013-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509.c: doc fix

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12.c: doc fix

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: small updates

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/reference/gnutls-docs.sgml: update

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c: simplified naming

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/reference/gnutls-docs.sgml: update

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/status_request.c, lib/gnutls_dh_primes.c,
	lib/gnutls_ui.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
	lib/pkcs11.c, lib/x509/dn.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
	lib/x509/pkcs7.c, lib/x509/x509.c: Added correct since

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex: added babel (not sure why)

2013-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/reference/gnutls-docs.sgml: updated for 3.1

2013-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: corrected error code

2013-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated makefile

2013-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: use AC_CONFIG_HEADER. Reported by Marko Lindqvist

2013-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updates

2013-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: corrected typo

2013-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: updated exported function name

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/ext/new_record_padding.c,
	lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
	tests/mini-record.c: NEW_RECORD_PADDING priority string was renamed
	to RANDOM_PADDING

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: corrected compression.

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h: removed utf8 chars

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex: updates in output

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-record.c: Added checks for new record padding format.

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_record.c: better checks in new
	record packets.

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: use
	padding also if in DTLS.

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c: 
	some simplifications

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: use new_record_padding in DTLS data mtu
	calculation

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c: 
	simplified decryption

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/new_record_padding.c: removed debugging

2012-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
	lib/ext/new_record_padding.c, lib/ext/new_record_padding.h,
	lib/gnutls_cipher.c, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_record.c,
	lib/gnutls_session_pack.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added a new record padding mechanism.  It is negotiated via an extension and record data are now formatted
	as: ciphered-struct {   opaque pad<0..2^16-1>   opaque content[TLSCompressed.length];   opaque MAC[CipherSpec.hash_size]; } The ciphered-struct size is
	always 0 modulo the block size in block ciphers to avoid any need
	for additional padding.  Added extension to negotiate new record padding.

2012-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-dtls-record.c: Added
	test for duplicate packet detection in DTLS.

2012-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_int.h: Simplified DTLS sliding
	window implementation.

2012-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Termination when expecting an alert is
	handled gracefully in DTLS.

2013-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: living in the past

2013-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, m4/hooks.m4: bumped library version

2013-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated news

2013-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi, doc/cha-tokens.texi, lib/Makefile.am,
	lib/tpm.c: If trousers is not present define the TPM functions but
	have them return GNUTLS_E_UNIMPLEMENTED_FEATURE.

2013-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: tpm support is disabled by default

2013-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated

2013-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
	doc/manpages/tpmtool.1: updated autogen'ed files.

2012-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-tokens.texi, doc/latex/Makefile.am,
	doc/latex/gnutls.tex: doc updates

2012-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane-params.c, libdane/dane.c: KU Leuven copyright stuff
	is LGPL version 2.1 or later

2012-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: updated thanks file

2012-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: updated git2cl link

2012-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi: corrected typos

2012-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi: updated in auth chapter

2012-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-auth.texi, doc/cha-cert-auth.texi,
	doc/cha-cert-auth2.texi, doc/cha-shared-key.texi, doc/gnutls.texi,
	doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi: Reorganization of
	the authentication chapter.

2012-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/gnutls.texi: Added authentication methods
	chapter

2012-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-x509.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv-x509.c: better code in client and server
	examples

2012-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/nettle/pk.c: made PKCS#1 1.5 encoding and decoding
	stricter. Reported by Kikuchi Masashi.

2012-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: corrected typo

2012-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Termination when expecting an alert is
	handled gracefully in DTLS.

2012-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext/heartbeat.c: Improvements in heartbeat handling.

2012-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-anon.c, doc/examples/ex-serv-dtls.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
	doc/examples/ex-serv-srp.c, doc/examples/ex-serv-x509.c: drop
	unecessary function in examples

2012-12-20  Martin Storsjo <martin@martin.st>

	* lib/ext/srtp.c: Don't match further SRTP profiles after one match
	has been found This makes SRTP profile matching more straightforward and intuitive,
	when the first matching SRTP profile will be the one selected, not
	the last one as before.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-12-20  Martin Storsjo <martin@martin.st>

	* lib/crypto-api.c: Fix the parameter name to gnutls_key_generate Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated

2012-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat: corrected datefudge test

2012-12-18  Martin Storsjo <martin@martin.st>

	* lib/system_override.c: Fix docs for
	gnutls_transport_set_pull_timeout_function The timeout function returns int, not ssize_t.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_write.c: doc update

2012-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2012-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/mini-eagain2.c: added config.h

2012-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected wording

2012-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/snippet/warn-on-use.h, gl/Makefile.am, gl/base64.c,
	gl/error.c, gl/fstat.c, gl/getaddrinfo.c, gl/m4/base64.m4,
	gl/m4/error.m4, gl/m4/extern-inline.m4, gl/m4/fstat.m4,
	gl/m4/ftruncate.m4, gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4,
	gl/m4/lock.m4, gl/m4/lstat.m4, gl/m4/math_h.m4, gl/m4/open.m4,
	gl/m4/stat.m4, gl/m4/stdio_h.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
	gl/math.c, gl/math.in.h, gl/stdio.c, gl/stdio.in.h,
	gl/sys_socket.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
	gl/tests/ftruncate.c, gl/tests/glthread/lock.c, gl/tests/lstat.c,
	gl/tests/open.c, gl/tests/stat.c, gl/unistd.c, gl/unistd.in.h,
	gl/vasnprintf.c, maint.mk: updated gnulib

2012-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am: corrected test

2012-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h: certtool
	--generate-request option conflicts with --infile. Suggested by
	Daniel Black.

2012-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc fix

2012-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-psktool.texi, doc/invoke-srptool.texi,
	doc/invoke-tpmtool.texi, doc/manpages/Makefile.am,
	doc/manpages/tpmtool.1: use ECHO_N

2012-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am: do not build ecore in macosx

2012-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, README-alpha: updated urls

2012-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi, doc/latex/cover-epub.tex, doc/latex/cover.tex,
	lib/gnutls_privkey.c, lib/x509/crq.c, lib/x509/pkcs12.c,
	tests/pkcs12_simple.c: corrected copyright notices

2012-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h: updated documentation.

2012-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: _gnutls_strdatum_to_buf() will account for NULL
	input.

2012-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: allow GNUTLS_E_SHORT_MEMORY_BUFFER in
	gnutls_x509_crq_get_challenge_password

2012-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c: doc update

2012-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-p11tool.texi, src/p11tool-args.c,
	src/p11tool-args.def, src/p11tool-args.h: updated documentation

2012-12-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
	tests/key-openssl.c, tests/pkcs12_simple.c: Import PKCS #12 keys

2012-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: document fix

2012-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: Corrected bugs in record parsing.  Corrected bugs in record padding parsing. Reported by Kenny
	Patterson and Nadhem Alfardan.

2012-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fixes

2012-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c, lib/ext/srtp.h: corrected copyright

2012-12-01  Ludovic Courtès <ludo@gnu.org>

	* guile/src/Makefile.am: guile: Fix dependencies to be
	parallel-safe.

2012-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: Revert "do not document low-level
	functions" This reverts commit 7b334d581007ba4a91837edb1e0081959f32e363.

2012-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: mention dependencies in readme

2012-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: update @VERSION@ -> actual version on the web manual

2012-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: doc update

2012-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: simplified generation of documentation

2012-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: mention gnutls_sec_param_get_name

2012-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-crypto.texi, lib/gnutls_ui.c: doc updates

2012-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: corrected socket loop. Based on patch by Mantas
	Mikulenas.

2012-11-26  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: Update
	minitasn1 to version 3.1.

2012-11-26  Simon Josefsson <simon@josefsson.org>

	* .gitignore, build-aux/snippet/unused-parameter.h,
	doc/gendocs_template, maint.mk: Update gnulib tools.  Add missing
	unused-parameter.h template.

2012-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/ocsptool-common.c, src/socket.c, src/socket.h: 
	gnutls-cli will try to cannot to all possible returned addresses.

2012-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated todo list

2012-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/x509.c: gnutls_x509_crt_get_policy() allows for a
	list of zero policy qualifiers.

2012-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/usage.c: Added hack to print the parameters correctly
	in windows.

2012-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: updated

2012-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: repeat the tests to avoid
	accidental failures

2012-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c: LDAP string escaping was made stricter (rfc4514
	conforming)

2012-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c: removed unneeded types.

2012-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: UniversalString (UTF-32) is handled as
	non-printable for now.

2012-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated todo list

2012-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: Allow for bit strings that are not a multiple
	of 8.

2012-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, cross.mk: updated

2012-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: require libtasn1 3.1 or later

2012-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c, lib/tpm.c,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
	lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/privkey.c, lib/x509/x509.c,
	lib/x509/x509_int.h, lib/x509/x509_write.c, tests/crq_apis.c,
	tests/set_pkcs12_cred.c: rewritten ASN.1 handling string subsystems
	to use the new libtasn1 APIs.

2012-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.1.5

2012-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2012-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: corrected placeOfBirth DN parsing.

2012-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: no need to release struct

2012-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: do not document low-level functions

2012-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc_mulmod_cached.c: set cache to null after
	deinitialization

2012-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: fixed test

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, gl/Makefile.am, gl/c-strcase.h, gl/c-strcasecmp.c,
	gl/c-strncasecmp.c, gl/iconv.c, gl/iconv.in.h, gl/iconv_close.c,
	gl/iconv_open-aix.gperf, gl/iconv_open-aix.h,
	gl/iconv_open-hpux.gperf, gl/iconv_open-hpux.h,
	gl/iconv_open-irix.gperf, gl/iconv_open-irix.h,
	gl/iconv_open-osf.gperf, gl/iconv_open-osf.h,
	gl/iconv_open-solaris.gperf, gl/iconv_open-solaris.h,
	gl/iconv_open.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/iconv_h.m4, gl/m4/iconv_open-utf.m4, gl/m4/iconv_open.m4,
	gl/m4/inline.m4, gl/m4/libunistring-base.m4, gl/m4/locale-fr.m4,
	gl/m4/locale-ja.m4, gl/m4/locale-tr.m4, gl/m4/locale-zh.m4,
	gl/m4/locale_h.m4, gl/m4/localename.m4, gl/m4/setlocale.m4,
	gl/tests/Makefile.am, gl/tests/locale.in.h, gl/tests/localename.c,
	gl/tests/localename.h, gl/tests/setlocale.c,
	gl/tests/test-c-strcase.sh, gl/tests/test-c-strcasecmp.c,
	gl/tests/test-c-strncasecmp.c, gl/tests/test-iconv-h.c,
	gl/tests/test-iconv-utf.c, gl/tests/test-locale.c,
	gl/tests/test-localename.c, gl/tests/test-setlocale1.c,
	gl/tests/test-setlocale1.sh, gl/tests/test-setlocale2.c,
	gl/tests/test-setlocale2.sh, gl/tests/unistr/test-u8-mbtoucr.c,
	gl/tests/unistr/test-u8-uctomb.c, gl/unistr.in.h,
	gl/unistr/u8-mbtoucr.c, gl/unistr/u8-uctomb-aux.c,
	gl/unistr/u8-uctomb.c, gl/unitypes.in.h: iconv() will include the
	UCS2->UTF8 convertion in systems that is not provided.

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix_asn1_tab.c: use the old type for compatibility

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: updated
	libtasn1 version

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: simplified UTF-8 encoding.

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-danetool.texi, src/Makefile.am,
	src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
	src/danetool.c: danetool is being built even without libgnutls-dane.  The --check functionality is not operational though. It can only
	generate tlsa records.

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
	tests/cert-tests/template-utf8.pem,
	tests/cert-tests/template-utf8.tmpl: Added test on UTF-8 certificate
	generation.

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c: removed redundant check

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h, src/certtool.c: updated
	parameters

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: update

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, lib/x509/x509.c: doc update

2012-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, lib/pkcs11_privkey.c, lib/x509/output.c,
	lib/x509/x509.c, lib/x509/x509_write.c: doc update

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_write.c: enforce the 200 character limit.

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/system.c: improved iconv support.

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/aki, tests/cert-tests/aki-cert.pem,
	tests/cert-tests/bmpstring.pem, tests/cert-tests/ca-no-pathlen.pem,
	tests/cert-tests/no-ca-or-pathlen.pem, tests/cert-tests/pathlen: 
	updated for new output

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: news update

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/cha-gtls-app.texi,
	doc/invoke-certtool.texi, doc/manpages/Makefile.am,
	lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/x509/output.c, src/certtool-args.c, src/certtool-args.def,
	src/certtool-args.h, src/certtool-common.c, src/certtool-common.h,
	src/certtool.c, src/tpmtool.c: Several updates in certificate/public
	key printing.  * Added GNUTLS_CRT_PRINT_FULL_NUMBERS to print bignumbers in an
	easier to parse format.  * Added gnutls_pubkey_import_x509_crq() to convert a certificate
	request to a public key.  * Added gnutls_pubkey_print() to simplify public key printing.  * certtool's pubkey-info can be combined with --load-request.  * Added --numbers option to certtool which prints big numbers in an
	easier to parser format.

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/gendocs.sh, configure.ac, gl/Makefile.am, gl/{tests =>
	}/dup2.c, gl/errno.in.h, gl/m4/errno_h.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/select.m4, gl/m4/stdlib_h.m4,
	gl/select.c, gl/stdlib.in.h, gl/strerror-override.c,
	gl/strerror-override.h, gl/tests/Makefile.am, gl/tests/fcntl.in.h,
	gl/tests/test-fcntl-h.c, gl/tests/test-iconv.c,
	gl/tests/test-select.h, lib/system.c, m4/hooks.m4, maint.mk: use
	gnulib to detect iconv.

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, lib/Makefile.am, lib/system.c: check for
	either iconv or libiconv.

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.c, src/certtool-args.def, src/certtool-args.h,
	src/certtool-cfg.c: simplified parsing

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: print header only on the first policy

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h, src/certtool-cfg.c,
	src/certtool-cfg.h, src/certtool.c: certtool is able to set
	certificate policies via a template

2012-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/dn.c, lib/x509/output.c, lib/x509/x509.c,
	lib/x509/x509_write.c: Added gnutls_x509_crt_set_policy()

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
	lib/x509/x509.c: doc update

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
	lib/includes/gnutls/x509.h, lib/x509/output.c, lib/x509/x509.c: 
	another rename

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: corrected win32 UCS2 conversion.

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/manpages/Makefile.am,
	lib/includes/gnutls/x509.h, lib/system.c, lib/x509/output.c,
	lib/x509/x509.c: simplified naming

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: mention the extension OID

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/aki-cert.pem,
	tests/cert-tests/no-ca-or-pathlen.pem: updated certificates to parse
	2.5.29.32.

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/x509.c: handle
	visiblestring.

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/bmpstring.pem,
	tests/cert-tests/pem-decoding: Added simple check for bmpstring
	decoding.

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: Added _gnutls_ucs2_to_utf8() for windows (untested)

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: If _gnutls_ucs2_to_utf8() handle the data as
	non-printable (fallback to previous behavior).

2012-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: doc update

2012-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updates

2012-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: check for iconv

2012-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c, lib/x509/common.c: map the whole ascii set

2012-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: Handle BMPString in DNs.

2012-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/system.c, lib/system.h, lib/tpm.c,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
	lib/x509/ocsp.c, lib/x509/output.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c: Added functions to parse
	the certificate policies extention.  Added gnutls_x509_crt_get_policy() etc. In addition several updated
	in the handling of strings in X.509 structures.

2012-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-cert-auth2.texi, doc/cha-crypto.texi,
	doc/cha-gtls-app.texi, doc/gnutls.texi, lib/x509/privkey.c: doc
	updates

2012-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: updated doc

2012-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2012-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: Added small text

2012-11-15  Tim Kosse <tim.kosse@filezilla-project.org>

	* doc/examples/Makefile.am: print-ciphersuites was a very useful too
	for debugging this. Now it is even built.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-11-15  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/gnutls_priority.c: Don't read past the last list entry in
	_add_priority, doing so adds algorithms that shouldn't be added and
	can even lead to a segfault.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: tried to beautify output of danetool

2012-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: corrected description.

2012-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: corrected typo

2012-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2012-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: optimizations in list import

2012-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: When listing all objects of a type, restrict their
	class to the specified.

2012-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: Added some help on failure.

2012-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: 
	pkcs11_find_object made static.

2012-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/certtool-common.h, src/certtool.c,
	src/dh.c, src/p11tool.c, src/pkcs11.c, src/tpmtool.c: get_bits()
	does not always warn.

2012-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/pkcs11.c: when
	generating a PKCS #11 private key print the public key.

2012-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h, src/certtool.c: The
	pubkey-info option can be combined with the load-privkey to extract
	the public key of a private key.

2012-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509.c, doc/examples/ex-verify-ssh.c,
	doc/examples/verify.c: corrected verification examples

2012-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: removed OCSP extension from TODO

2012-11-09  Diego Elio Pettenò <flameeyes@flameeyes.eu>

	* tests/cert-tests/Makefile.am: build: only run the dane cert test
	if dane is enabled.  This fixes a test failure when disabling dane support.  Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, NEWS, cfg.mk, doc/manpages/Makefile.am,
	tests/cert-tests/Makefile.am, tests/cert-tests/cert-ecc256.pem,
	tests/cert-tests/dane: last changes for release.

2012-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/invoke-gnutls-cli.texi,
	doc/manpages/Makefile.am, src/common.c: updated

2012-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: Corrected indication of OCSP check failure.

2012-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: The
	status-request option was eliminated. Check OCSP only when the
	status response in the handshake was invalid.

2012-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, NEWS: Added Martin

2012-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.c, src/certtool-args.h, src/cli-args.c,
	src/cli-args.h, src/cli-debug-args.c, src/cli-debug-args.h,
	src/danetool-args.c, src/danetool-args.h, src/ocsptool-args.c,
	src/ocsptool-args.h, src/p11tool-args.c, src/p11tool-args.h,
	src/psk-args.c, src/psk-args.h, src/serv-args.c, src/serv-args.h,
	src/srptool-args.c, src/srptool-args.h, src/tpmtool-args.c,
	src/tpmtool-args.h: updated

2012-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi, doc/invoke-tpmtool.texi,
	doc/manpages/tpmtool.1, doc/scripts/cleanup-autogen.pl: remove
	@cindex from the invoke-* files.

2012-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/latex/gnutls.bib: doc updates

2012-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: doc update

2012-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms.h, lib/algorithms/mac.c,
	lib/algorithms/sign.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/verify-tofu.c, lib/x509/ocsp_output.c,
	lib/x509/output.c, lib/x509/verify.c, tests/chainverify.c: Allow
	easier marking of insecure algorithms.

2012-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress.c: removed debugging

2012-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_int.h, lib/gnutls_sig.c: key usage violations are
	tolerated.

2012-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cert.c, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in: Removed
	GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on OCSP
	parsing errors.

2012-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-tokens.texi: doc update

2012-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/{tls_test.c => cli-debug.c}: gnutls-cli-debug
	uses server name indication.

2012-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c, lib/ext/srtp.h: Do not succeed if no MKI was
	received.  The gnutls_srtp_get_mki() function succeeds only when the MKI was
	received by the peer.  Also store the received MKI -if any- in the
	session resumption data.

2012-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-intro-tls.texi, lib/gnutls_int.h, lib/gnutls_ui.c,
	lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_ocsp_status_request_is_checked().

2012-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in, lib/x509/verify.c: When verifying
	an OCSP response included in TLS don't fail if the response is old.  That is to avoid creating more problems for a server that included
	an old response, from a server that included none.  Also renamed:
	Too old -> Superseded.

2012-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2012-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: updated doc

2012-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext/srtp.c, lib/ext/srtp.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_srtp_get_mki() and gnutls_srtp_set_mki().

2012-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c: set an upper limit to SRTP profiles in hello
	message.

2012-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/cha-library.texi, lib/ext/Makefile.am,
	lib/gnutls_extensions.c, m4/hooks.m4, src/cli.c, src/common.c,
	src/serv.c, tests/mini-dtls-srtp.c: Added conditional to disable
	DTLS-SRTP support.

2012-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-danetool.texi: updated

2012-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-srtp.c: corrected SRTP profile names

2012-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c: simplified profile selection

2012-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: better printing

2012-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: verify all possible entries

2012-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool-args.c, src/danetool-args.def, src/danetool-args.h: 
	danetool doc fix

2012-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi, lib/ext/srtp.c,
	lib/includes/gnutls/gnutls.h.in: Added HMAC prefix to SRTP profiles
	and updated documentation.

2012-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: separate entries.

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: undefine macro from win32 headers which clashes
	autogened macros.

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: bumped version and removed unused dependency

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: added new functions

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: disable libdane when cross-building.

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c: gnutls_srtp_get_keys() returns the size of the key
	material

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane-params.c, libdane/errors.c: corrected copyright

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, lib/libgnutls.map: removed
	gnutls_certificate_update_verify_flags

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cert.c, lib/gnutls_int.h, lib/x509/verify.c,
	tests/suite/chain, tests/suite/x509paths/README: check pathlen
	constraints.

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/rsa-md5-collision/rsa-md5-collision: updated test

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: files to ignore

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cert.c, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
	lib/x509/verify-high.c, tests/chainverify-unsorted.c: Added
	verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN The default is now GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN, and removed
	gnutls_certificate_update_verify_flags().

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: small optimization in CRL check

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/gnutls.h.in, lib/x509/verify.c,
	src/certtool.c, tests/suite/chain, tests/suite/x509paths/README: 
	Check the key usage bits during certificate verification.

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
	lib/x509/verify.c, src/certtool.c: CRL verification includes the
	time checks.

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
	doc/cha-intro-tls.texi: doc update

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2012-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, tests/mini-dtls-srtp.c: Added
	gnutls_srtp_get_keys().

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: corrected typos

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-intro-tls.texi, lib/ext/srtp.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: 
	gnutls_srtp_get_profile_by_name -> gnutls_srtp_get_profile_id

2012-11-01  Martin Storsjo <martin@martin.st>

	* src/cli.c, src/serv.c: Fix typos in error messages Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: better verification messages.

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: optimized printing

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-danetool.texi, lib/libgnutls.map,
	libdane/Makefile.am, libdane/dane.c,
	libdane/includes/gnutls/dane.h, libdane/libdane.map, src/cli.c,
	src/common.c, src/danetool-args.c, src/danetool-args.def,
	src/danetool-args.h, src/danetool.c: Added
	dane_verification_status_print() and danetool can verify a DANE
	entry.

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: avoid unnecessary newline

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.h, lib/openpgp/output.c, lib/x509/output.c: 
	gettext.h was moved to gnutls_str.h

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/Makefile.am, src/danetool-args.c,
	src/danetool-args.def, src/danetool-args.h, src/danetool.c: Added
	--check option to danetool.

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, libdane/Makefile.am, libdane/dane-params.c, libdane/dane.c,
	libdane/includes/gnutls/dane.h, libdane/libdane.map: Added new
	functions to convert types to strings.

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-dtls-srtp.c: Added test on DTLS SRTP
	functions.

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
	src/cli-args.c, src/cli-args.h, src/serv-args.c, src/serv-args.h: 
	updated auto-generated files.

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext/srtp.c, lib/ext/srtp.h: documented update and set
	the copyright to Martin until the formal papers are received.

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c: signed-unsigned comparison fixes and removed
	unused parameter.

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: Check for errors while setting an SRTP
	profile.

2012-11-01  Martin Storsjo <martin@martin.st>

	* src/cli-args.def, src/cli.c, src/common.c, src/serv-args.def,
	src/serv.c: Support SRTP profile negotiation in the client and
	server tools The cli/serv-args files haven't been regenerated in the patch, to
	avoid the extra stray changes due to differing autogen versions.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_session.c, lib/gnutls_ui.c: Added
	"Since" field to new functions.

2012-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/srtp.c: Made error code consistent with the other text
	parsing functions.

2012-11-01  Martin Storsjo <martin@martin.st>

	* NEWS, doc/Makefile.am, doc/protocol/rfc5764.txt,
	lib/ext/Makefile.am, lib/ext/srtp.c, lib/ext/srtp.h,
	lib/gnutls_extensions.c, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Add support for
	DTLS-SRTP profile negotiation (RFC 5764) Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: better doc

2012-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: mention that GNUTLS_CERT_INVALID
	flag is deprecated by GNUTLS_CERT_SIGNER_NOT_FOUND and
	GNUTLS_CERT_SIGNATURE_FAILURE.

2012-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, src/common.c: updated
	gnutls_certificate_verification_status_print() presentation

2012-10-31  Martin Storsjo <martin@martin.st>

	* lib/ext/server_name.c: server_name: Store the actual number of
	server names Earlier, if the number of set server names exceeded the maximum, the
	server_names field wasn't bounded to the maximum, which could lead
	to reading out of bounds in _gnutls_server_name_send_params.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-10-31  Martin Storsjo <martin@martin.st>

	* lib/ext/server_name.c: server_name: Return the actual required
	buffer size if the buffer is too small Since we require space for the null termination, include this in the
	info returned if the caller provided a too small buffer.  Otherwise,
	if the caller allocated a buffer of exactly the suggested size, it
	would still be too small.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/cha-gtls-app.texi: Documented
	gnutls_certificate_verification_status_print().

2012-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-client-x509.c,
	doc/examples/ex-verify-ssh.c, doc/examples/verify.c,
	lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/x509/output.c, src/common.c: Added
	gnutls_certificate_verification_status_print().  This function simplifies printing the certificate verification
	status.

2012-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
	doc/cha-gtls-app.texi, doc/examples/ex-client-x509.c,
	doc/examples/ex-verify-ssh.c, doc/examples/verify.c,
	lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/openpgp/compat.c, lib/openpgp/gnutls_openpgp.h,
	lib/openpgp/pgp.c, lib/x509/rfc2818_hostname.c, src/common.c: 
	Simplified certificate verification by adding
	gnutls_certificate_verify_peers3().  This function combines the RFC2818 hostname check and chain
	verification check.

2012-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: fix compilation when DANE is disabled.

2012-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi: updated
	documentation.

2012-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth.texi, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_certificate_update_verify_flags() to allow setting new flags
	without overriding any defaults.

2012-10-29  Martin Storsjo <martin@martin.st>

	* doc/examples/Makefile.am: examples: Build an executable of
	ex-serv-dtls like the other examples Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-10-29  Martin Storsjo <martin@martin.st>

	* doc/examples/ex-serv-dtls.c: examples: Make sure the timeout
	parameter to select is valid This makes the example work properly on Mac OS X (tested on 10.8).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, doc/cha-cert-auth.texi,
	doc/invoke-danetool.texi: Added documentation on detecting
	libgnutls-dane.

2012-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, libdane/Makefile.am, libdane/gnutls-dane.pc.in: 
	Added gnutls-dane.pc.

2012-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/dane,
	tests/cert-tests/dane-test.rr: Added a test on danetool.

2012-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
	src/danetool.c: removed unused variables.

2012-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
	lib/minitasn1/structure.h: updated libtasn1

2012-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: better benchmark printing.

2012-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_session.c: doc update

2012-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: corrections in benchmark measured average
	time.

2012-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: corrected typo

2012-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: mention new function

2012-10-14  Elias Pipping <pipping@exherbo.org>

	* tests/Makefile.am, tests/pkcs12-decode/pkcs12: Fix out-of-source
	tests

2012-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_session.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_session_get_id2().

2012-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: updated doc

2012-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_priority.c,
	lib/gnutls_x509.c, lib/includes/gnutls/x509.h: Added priority string
	%VERIFY_DISABLE_CRL_CHECKS.

2012-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	src/common.c: If OCSP revocation data are invalid or too old set
	appropriate verification flags.

2012-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/cha-intro-tls.texi: doc updates

2012-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-certtool.texi, doc/invoke-danetool.texi,
	src/certtool-args.c, src/certtool-args.def, src/certtool-args.h,
	src/danetool-args.c, src/danetool-args.def, src/danetool-args.h: 
	removed incorrect description

2012-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/danetool.c: correctly set the format of the certificate

2012-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-gnutls-cli.texi, src/cli-args.c,
	src/cli-args.def, src/cli-args.h, src/cli.c: Added --local-dns
	option to gnutls-cli.

2012-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-gnutls-cli.texi, src/cli-args.c, src/cli-args.def,
	src/cli-args.h, src/cli.c: disable default extensions on
	--disable-extensions.

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-danetool.texi, src/danetool-args.c,
	src/danetool-args.def, src/danetool-args.h: corrected typo

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: call gnutls_x509_privkey_import_openssl() even
	with not a password.

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/Makefile.am: updated makefile

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/openpgp/privkey.c: Added debugging.

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/x509/crq.c, lib/x509/privkey.c,
	lib/x509/x509.c: doc fixes

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c: Added debugging

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-danetool.texi, doc/manpages/Makefile.am,
	src/danetool-args.c, src/danetool-args.def, src/danetool-args.h: 
	Added danetool manpage

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.1.3

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/x509/privkey_openssl.c: doc updates

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/reference/gnutls-docs.sgml: remove files that are not
	generated

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am,
	doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: use
	common definitions for generating docs.

2012-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, doc/Makefile.am, doc/cha-cert-auth.texi,
	doc/cha-cert-auth2.texi, doc/invoke-certtool.texi,
	doc/invoke-danetool.texi, src/Makefile.am, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h, src/certtool.c,
	src/danetool-args.c, src/danetool-args.def, src/danetool-args.h,
	src/danetool.c: Separated DANE functionality from certtool and added
	danetool.

2012-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth/cert.c, lib/gnutls_pcert.c, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c: Added (back) RFC5081 support in client mode.

2012-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_pcert.c,
	lib/gnutls_pubkey.c, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
	lib/libgnutls.map, lib/openpgp/pgp.c, lib/openpgp/privkey.c: Several
	OpenPGP updates.  Exported gnutls_certificate_get_peers_subkey_id().  Removed
	compatibility code with RFC5081.  The
	gnutls_openpgp_*_get_subkey_*() functions return the master key
	parameters if provided with GNUTLS_OPENPGP_MASTER_KEYID_IDX.

2012-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fixes

2012-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12_encr.c: Increased maximum password len in PKCS
	#12.

2012-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_openssl.c, tests/Makefile.am,
	tests/key-openssl.c: Bug fixes in the openssl encrypted PEM key
	parsing.

2012-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
	lib/auth/dh_common.c, lib/auth/dhe.c, lib/auth/dhe_psk.c,
	lib/auth/ecdh_common.c, lib/auth/psk.c, lib/auth/psk_passwd.c,
	lib/auth/rsa.c, lib/auth/rsa_export.c, lib/auth/srp.c,
	lib/auth/srp_passwd.c, lib/auth/srp_rsa.c, lib/ext/srp.c,
	lib/ext/status_request.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/gnutls_x509.c: session->key no longer needs to be an allocated
	structure.

2012-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h, src/cli.c: The
	high level functions accept sflags and vflags as separate options.

2012-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, doc/cha-cert-auth.texi,
	doc/invoke-certtool.texi, libdane/dane.c,
	libdane/includes/gnutls/dane.h, libdane/libdane.map,
	src/Makefile.am, src/cli.c: Updates in DANE support. Allow caching
	of queries.

2012-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-args.c, src/certtool-args.def,
	src/certtool-args.h, src/certtool.c: dane-rr -> dane-tlsa-rr

2012-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
	doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, doc/invoke-certtool.texi,
	doc/scripts/mytexi2latex, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h: Documentation updates

2012-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped versions

2012-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/Makefile.am: inlude DANE in manual

2012-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: define Loaded_CertEnumCRLsInStore to
	CertEnumCRLsInStore when it exists.

2012-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updates

2012-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.c, src/certtool-args.def, src/certtool-args.h,
	src/certtool-common.c, src/certtool-common.h, src/certtool.c: 
	Certtool updates.  By default generate public key TLSA RR entries. Added --verbose
	option.

2012-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth.texi, doc/cha-functions.texi,
	libdane/Makefile.am: libdane -> libgnutls-dane

2012-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.c, src/certtool-args.h, src/certtool.c: use hex
	for single byte entries

2012-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-args.def: DANE RR -> DANE TLSA RR

2012-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Certtool generates DANE entries with selector 0
	(X.509 certificate).

2012-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-certtool.texi, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h, src/certtool.c: Certtool
	can generate a DANE RR entry.

2012-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix_asn1_tab.c: use the old libtasn1 type

2012-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/Makefile.am: removed old file

2012-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-x509.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, src/cli-args.c, src/cli-args.h,
	src/tls_test.c, tests/resume-dtls.c, tests/resume.c: The session
	ticket and OCSP certificate status extensions are enabled by
	default.  In client side gnutls_init() enables the session ticket and OCSP
	certificate status request extensions by default. The flag
	GNUTLS_NO_EXTENSIONS can be used to prevent that.

2012-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c: save some memory by removed
	unused ASN.1 structures.

2012-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: corrected version number

2012-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h, src/cli.c: Bug
	fixes in DANE.  Corrected packet length parsing and removed the verify options
	DANE_VERIFY_DNSSEC_DATA_INVALID and DANE_VERIFY_NO_DNSSEC_DATA.
	There is longer use for them since using the DANE API requires
	DNSSEC.

2012-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c: corrected versions

2012-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-tokens.texi, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: Added helper functions
	gnutls_pubkey_import_openpgp_raw() and
	gnutls_pubkey_import_x509_raw().

2012-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth2.texi, doc/cha-tokens.texi,
	doc/invoke-gnutls-cli.texi, lib/gnutls_dh_primes.c,
	lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/openpgp/openpgp_int.h, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c, lib/pkcs11.c, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, libdane/dane.c: Added
	functions to export structures in an allocated buffer.

2012-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: Added
	command-line option to disable CA verification.

2012-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: removed old flag

2012-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libdane/dane.c, libdane/includes/gnutls/dane.h: Always require
	DNSSEC.

2012-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: some reorganization of the configure script.

2012-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: some more text for TPMs

2012-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c, src/common.h: In gnutls-cli the server
	certificate is printed prior to verification

2012-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, NEWS, configure.ac, doc/Makefile.am,
	doc/cha-cert-auth.texi, doc/cha-functions.texi,
	doc/invoke-gnutls-cli.texi, doc/manpages/Makefile.am,
	doc/scripts/getfuncs.pl, libdane/Makefile.am, libdane/dane.c,
	libdane/errors.c, libdane/includes/Makefile.am,
	libdane/includes/gnutls/dane.h, libdane/libdane.map, m4/hooks.m4,
	src/Makefile.am, src/cli-args.c, src/cli-args.def, src/cli-args.h,
	src/cli.c: Added a DANE library.

2012-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-resume.c, doc/examples/ex-client-x509.c: 
	enable useful extensions in the examples.

2012-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/wmnaf.c: included config.h to avoid issue with gnulib

2012-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi, doc/invoke-gnutls-cli.texi,
	lib/gnutls_cert.c, lib/gnutls_x509.c, src/cli-args.c,
	src/cli-args.def, src/cli-args.h, src/cli.c: 
	gnutls_certificate_verify_peers2() checks ocsp status response if
	available.

2012-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: do not set verify_flags

2012-10-04  Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>

	* lib/x509/verify-high.c: doc update.

2012-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp.c: If revocation reason cannot be read set it to
	GNUTLS_X509_CRLREASON_UNSPECIFIED.

2012-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/manpages/Makefile.am: changed generation of
	manpages.

2012-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: upload -> upload-tarballs

2012-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/hash.c, lib/hash.h, lib/minitasn1/hash.c,
	lib/minitasn1/int.h, lib/minitasn1/parser_aux.c, lib/verify-tofu.c,
	lib/x509/ocsp.c, lib/x509/verify-high.c, lib/x509/verify-high2.c: 
	Use hash-pjw-bare instead of asn1_bhash().

2012-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath, build-aux/gendocs.sh, gl/Makefile.am,
	gl/base64.h, gl/getpass.h, gl/hash-pjw-bare.c, gl/hash-pjw-bare.h,
	gl/m4/eealloc.m4, gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/lib-ld.m4,
	gl/m4/manywarnings.m4, gl/m4/timer_time.m4, gl/m4/timespec.m4,
	gl/m4/xsize.m4, gl/stdbool.in.h, gl/sys_select.in.h,
	gl/tests/Makefile.am, gl/tests/binary-io.c, gl/tests/binary-io.h,
	gl/tests/ioctl.c, gl/tests/malloca.h, gl/tests/test-select.h,
	gl/timespec.c, gl/timespec.h, gl/u64.c, gl/u64.h, gl/verify.h,
	gl/xsize.c, gl/xsize.h, maint.mk: Updated gnulib and added
	hash-pjw-bare

2012-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-x509-callbacks.c: Added
	test to verify that callbacks are being actually called.

2012-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-ocsp-client.c, src/ocsptool-common.c: check the
	first response.

2012-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/ocsp.h, lib/x509/ocsp.c: 
	gnutls_ocsp_resp_check_crt() accepts the response index.

2012-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/ocsp.h: doc update

2012-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/x509.c: Added
	gnutls_x509_crl_reason_flags_t.

2012-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp.c: read revocation reason

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp.c: simplified doc

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/libgnutls.map: gnutls_ocsp_resp_check_crt was moved to
	3.0 symbols and documented update.

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/examples/ex-ocsp-client.c,
	doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi: documented
	gnutls_ocsp_resp_check_crt().

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth/cert.h, lib/ext/status_request.c,
	lib/gnutls_cert.c, lib/gnutls_errors.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
	lib/libgnutls.map, lib/x509/ocsp.c, src/cli-args.c,
	src/cli-args.def, src/cli-args.h, src/cli.c, src/ocsptool-common.c,
	src/ocsptool-common.h, src/serv-args.c, src/serv-args.def,
	src/serv-args.h, src/serv.c: The OCSP response file is now set on
	the credentials and other additions.  Changed OCSP function prototypes for almost all status_request
	functions to move the response file and callback to the certificate
	credentials structure.  Added gnutls_ocsp_resp_check_crt() to check
	whether a response corresponds to a given certificate.

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c: Print debugging information even when an
	extension is not parsed.

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_handshake.c: Fixed the
	receipt of session tickets during session resumption.  Reported by danblack http://savannah.gnu.org/support/?108146

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume.c: better output in resume

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h: 
	simplified handshake states.

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/status_request.c, lib/gnutls_handshake.c: Verify callback
	is run in either side.

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk.c, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_x509.c: removed unused functions.

2012-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/status_request.c: Pack and unpack the status request
	extension data on resumption.

2012-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/ocsptool-common.c: Use the server's OCSP provided
	data when verifying a certificate's validity.

2012-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/ext/status_request.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h: The certificate
	verification callback is being run after the certificate status
	response is received.

2012-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updates

2012-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/ext/status_request.c, lib/ext/status_request.h,
	lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c,
	src/cli-args.h, src/serv-args.c, src/serv-args.h: updated OCSP
	status request.

2012-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: Session ID is correctly read.

2012-09-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/max_record.c, lib/gnutls_buffers.c, lib/gnutls_int.h,
	lib/nettle/wmnaf.c: Corrected signed-to-unsigned comparisons

2012-04-17  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, lib/ext/Makefile.am,
	lib/ext/status_request.c, lib/ext/status_request.h,
	lib/gnutls_extensions.c, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	src/cli-args.def, src/cli.c, src/serv-args.def, src/serv.c: 
	Implement status_request OCSP extension.

2012-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: Added Olga and Ilya to authors.

2012-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2012-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib: 
	updated heartbeat text

2012-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2012-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.1.2

2012-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c: Handle heartbeat packets with zero payload,
	and account for the payload length when sending a heartbeat of fixed
	size.

2012-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: benchmark time was increased.

2012-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
	lib/minitasn1/decoding.c, lib/minitasn1/element.c,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
	lib/minitasn1/hash.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
	lib/minitasn1/structure.h: Updated to minitasn1 3.0

2012-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross.mk

2012-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: added missing tpm.h header

2012-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, extra/Makefile.am, lib/Makefile.am,
	src/Makefile.am, tests/Makefile.am, tests/suite/Makefile.am: All
	external libraries that were in LDFLAGS are moved into LIBADD/LDADD.  It also fixes order within LIBADD/LDADD so that libtool objects go
	first.  Patch by Bartosz Brachaczek.

2012-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/asn1random.pl, tests/suite/x509random.pl: updated
	copyright

2012-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, lib/openpgp/pgp.c: openpgp doc update

2012-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/asn1random.pl, tests/suite/x509random.pl: Added
	boilerplate.

2012-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/write-packet.c: simplified calculations

2012-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/misc.c,
	lib/opencdk/read-packet.c, lib/opencdk/stream.c,
	lib/opencdk/write-packet.c: reduced verbosity and better debugging.

2012-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/new-packet.c: Corrected bug in PGP subpacket encoding

2012-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/asn1random.pl,
	tests/suite/testrandom, tests/suite/x509random.pl: Added script to
	check against randomly generated certificates.

2012-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-heartbeat.c: removed unused label

2012-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/verify-high.c: doc updates

2012-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-dtls-heartbeat.c: Added a test of
	heartbeat ping exchange.

2012-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/auth/dh_common.c, lib/auth/rsa.c,
	lib/auth/rsa_export.c, lib/auth/srp_passwd.c, lib/crypto-backend.c,
	lib/ext/heartbeat.c, lib/ext/safe_renegotiation.c,
	lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_pubkey.c,
	lib/gnutls_session_pack.c, lib/gnutls_str.c, lib/gnutls_x509.c,
	lib/nettle/pk.c, lib/opencdk/armor.c, lib/opencdk/keydb.c,
	lib/opencdk/literal.c, lib/opencdk/stream.c,
	lib/opencdk/write-packet.c, lib/pkcs11.c, lib/x509/ocsp_output.c,
	lib/x509/pkcs12.c: several cleanups

2012-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: corrected bug in gnutls_x509_privkey_sign_data

2012-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: All openpgp code moved within ENABLE_OPENPGP

2012-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am: updated makefiles

2012-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_dtls.c,
	lib/gnutls_dtls.h, lib/gnutls_int.h, lib/gnutls_record.c: Correctly
	restore gnutls_record_recv() in DTLS mode if interrupted during the
	retrasmition of handshake data.

2012-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c: Allow for pinging until timeout.

2012-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c: corrected time

2012-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2012-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c: fixed copyright

2012-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
	lib/gnutls_int.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Better handling
	of timeouts.

2012-09-21  Simon Josefsson <simon@josefsson.org>

	* lib/ext/heartbeat.c, lib/gnutls_psk.c, lib/tpm.c: GTK-DOC fixes.

2012-09-21  Simon Josefsson <simon@josefsson.org>

	* lib/algorithms/cert_types.c, lib/tpm.c, lib/x509/common.c,
	lib/x509/ocsp_output.c: More GTK-DOC warning fixes.

2012-09-21  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Also include tpm.h in GTK-DOC
	manual.

2012-09-21  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/gnutls_ui.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/tpm.h,
	lib/pkcs11.c, lib/pkcs11_privkey.c, lib/tpm.c: Fix GTK-DOC warnings.

2012-09-21  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Cleanup warning flags.

2012-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped versions

2012-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc update

2012-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c, lib/gnutls_record.c, src/common.c,
	src/serv.c, src/socket.c, src/udp-serv.c: updates in heartbeat
	support

2012-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: updated documentation

2012-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/ca-no-pathlen.pem,
	tests/cert-tests/no-ca-or-pathlen.pem: updated tests for new
	security levels

2012-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_dtls.c, lib/gnutls_errors.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: several updates
	in the heartbeat handling code.

2012-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/dn.c: Corrected issues

2012-09-20  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Drop -Winline.

2012-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: corrected usage of defines

2012-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, doc/manpages/Makefile.am: doc/manpages is handled the
	same as doc/

2012-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, doc/Makefile.am: compare-makefile is only executed
	during make dist.

2012-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_int.h: DEFAULT_* -> DEFAULT_MAX_*

2012-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/x509/verify-high.c: MAX_CERTS_TO_SORT ->
	DEFAULT_VERIFY_DEPTH

2012-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: corrected default

2012-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in: Increased security levels by adding
	insecure.

2012-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: Allow negatives in enumerations.

2012-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: do not complain on overlength strings

2012-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_state.c,
	lib/gnutls_state.h: gnutls_session_enable_compatibility_mode() is
	equivalent to %COMPAT priority string.

2012-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in: Warn on certificate with weak
	security levels. (re)introduces GNUTLS_SEC_PARAM_WEAK.

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_ui.c, lib/includes/gnutls/x509.h,
	lib/x509/verify-high.c, tests/chainverify-unsorted.c: Added
	verification flags GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN, which is
	enabled by default for verifying TLS sessions.

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: removed a now redundant chain check

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c, tests/Makefile.am,
	tests/chainverify-unsorted.c: Added function to sort the provided
	certificate chain prior to verification.

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c, lib/x509/x509_int.h: avoid duplicate asn1
	structure initialization.

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/element.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h: updated minitasn1

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, m4/hooks.m4: Use the pkg-config macro to find
	libtasn1.

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert-tl.c: corrected typo

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert-tl.c: small updates

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/mpi.c, lib/x509/x509_int.h: removed old libtasn1
	requirements

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: MAX_NAME_SIZE -> MAX_SERVER_NAME_SIZE

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: corrected sign

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.h: corrected prototypes

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: use a
	%STATELESS_COMPRESSION priority string instead of gnutls_init()
	flag.

2012-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: corrected missing parameter

2012-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_sig.c: Key
	usage violations are allowed when the COMPAT keyword is specified.  I've noticed in the SSL observatory data that most key usage bits in
	a certificate are set randomly (e.g., there are DSA certificates
	marked for encryption, and most RSA certificates marked for
	signature only are used for encryption anyway). There is no point of
	being strict in such environment.

2012-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Do not ask unnecessary questions when signing a
	certificate (request).

2012-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/system.c, lib/system.h: mingw32 support.
	Based on patch by LRN.

2012-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi, lib/gnutls_cipher.c,
	lib/gnutls_compress.c, lib/gnutls_compress.h, lib/gnutls_int.h,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in: Added
	GNUTLS_STATELESS_COMPRESSION flag to gnutls_init().

2012-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/privkey.c, src/certtool.c: Added
	gnutls_x509_privkey_get_pk_algorithm2(). Certtool prints the number
	of bits in a private key.

2012-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, lib/Makefile.am: Refer to files with explicit
	path. Patch by LRN.

2012-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/tests/ioctl.c: win32 fix. Patch by LRN.

2012-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am: libopts depends on libintl. Patch by LRN.

2012-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.asn, lib/gnutls_asn1_tab.c, lib/pkix.asn,
	lib/pkix_asn1_tab.c: small optimizations in ASN.1 to save memory

2012-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Added a note on compression

2012-09-11  Ilya Tumaykin <itumaykin@gmail.com>

	* lib/nettle/wmnaf.c: Fix mpz_unitstbit compilation with GMP
	versions < 5.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c, tests/x509cert-tl.c: When requested
	gnutls_x509_trust_list_deinit() will deinitialized all certs
	(including the named)

2012-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: Use the new asn1_read_node_value()

2012-09-03  Marti Raudsepp <marti@juffo.org>

	* lib/x509/verify-high2.c, tests/x509cert-tl.c: Fix
	gnutls_x509_trust_list_add_trust_mem with DER-format certificates.  The function took a "type" argument and then happily proceeded to
	ignore it and try PEM format anyway.  Most importantly, this makes gnutls_x509_trust_list_add_system_trust
	work on Windows, which loads DER certificates using this function.
	I'll be damned if that actually ever worked properly -- certainly
	not in any git version. :) Also added test for gnutls_x509_trust_list_add_trust_mem.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: added upload directive

2012-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/makeshell.c, src/serv.c: mingw64 compilation fixes

2012-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated libs

2012-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/system.c: The default
	system_recv_timeout() doesn't include a call to recv() to avoid
	issue in few systems.

2012-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-handshake-timeout.c: increased timeouts

2012-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: dump the errno received by select

2012-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: removed unused code

2012-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: use errno_to_gerr() in
	_gnutls_io_check_recv().

2012-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_state.c: Do not repeatedly set
	timeout

2012-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/ext/signature.c, lib/gnutls_pubkey.c,
	lib/gnutls_sig.c: Be tolerant is ECDSA-violating signatures.

2012-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: Added server mode tests for the
	various EC curves.

2012-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-intro-tls.texi,
	doc/invoke-gnutls-cli.texi, doc/invoke-gnutls-serv.texi,
	doc/manpages/Makefile.am: Added heartbeat functions

2012-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/certs/cert-ecc256.pem, tests/certs/cert-ecc384.pem,
	tests/certs/cert-ecc521.pem, tests/certs/ecc256.pem,
	tests/certs/ecc384.pem, tests/certs/ecc521.pem,
	tests/suite/testcompat-main: Added suite for ECDSA under various
	curves

2012-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am, lib/nettle/ecc.h,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_mulmod.c,
	lib/nettle/{ecc_mulmod_wmnaf_cached.c => ecc_mulmod_cached.c},
	lib/nettle/ecc_mulmod_timing.c, lib/nettle/ecc_mulmod_wmnaf.c,
	lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_add_point_ng.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_verify_hash.c,
	lib/nettle/pk.c: Removed unused ECC code.  Renamed ecc_mulmod_wmnaf -> ecc_mulmod Renamed
	ecc_projective_add_point_ng -> ecc_projective_add_point

2012-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/heartbeat.c, lib/ext/heartbeat.h, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-args.c,
	src/cli-args.h, src/cli.c, src/serv-args.c, src/serv-args.h,
	src/serv.c, src/tests.c: Some small optimizations in heartbeat
	handling and regeneration of src/ args files.

2012-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: removed unneeded test

2012-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: removed unneeded test.

2012-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/server_name.c, lib/ext/session_ticket.c, lib/ext/srp.c,
	lib/gnutls_session_pack.c, lib/gnutls_str.h: BUFFER_APPEND_PFX is no
	more. Replaced with BUFFER_APPEND_PFX4

2012-08-28  Olga <olyasib12@gmail.com>

	* doc/cha-internals.texi, doc/cha-intro-tls.texi,
	doc/manpages/Makefile.am, doc/protocol/rfc6520.txt, lib/debug.c,
	lib/ext/Makefile.am, lib/ext/heartbeat.c, lib/ext/heartbeat.h,
	lib/gnutls_buffers.c, lib/gnutls_errors.c, lib/gnutls_extensions.c,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_state.c, lib/gnutls_str.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	src/cli-args.def, src/cli.c, src/common.c, src/serv-args.def,
	src/serv.c, src/socket.c, src/tests.c, src/tests.h, src/tls_test.c: 
	Added Heartbeat extension support.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc_mulmod_wmnaf_cached.c: corrected deinitialization
	of wmnaf cache.

2012-08-30  Ilya Tumaykin <itumaykin@gmail.com>

	* lib/gnutls_global.c, lib/gnutls_global.h, lib/nettle/Makefile.am,
	lib/nettle/ecc.h, lib/nettle/ecc_make_key.c,
	lib/nettle/ecc_mulmod_wmnaf.c,
	lib/nettle/ecc_mulmod_wmnaf_cached.c,
	lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_add_point_ng.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_projective_isneutral.c,
	lib/nettle/ecc_projective_negate_point.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_verify_hash.c, lib/nettle/init.c, lib/nettle/pk.c,
	lib/nettle/wmnaf.c: wMNAF-based multiplication Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: Added extension in TODO list

2012-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: On Linux with /proc/sys/net/ipv6/bindv6only == 0
	(which is now the default), gnutls-serv cannot listen on ipv6. Patch
	by Bernhard R. Link.

2012-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c, lib/gnutls_pk.h, lib/pkcs11_privkey.c: simplified
	ECDSA/DSA signature generation in tokens.

2012-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Revert "Use _gnutls_dsa_q_to_hash() only for
	warning reasons." This reverts commit 8bb82a3d386abc1c59cb16d3a6d8c68fb66a2170.

2012-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: fix DSA and ECDSA signing in smart cards.

2012-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: null terminate the certificate being print

2012-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Use _gnutls_dsa_q_to_hash() only for warning
	reasons.

2012-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/certtool-common.h, src/certtool.c: 
	Changes in password handling of certtool.  Ask password when required and only if the '--password' option is
	not given.  If the '--password' option is given during key
	generation then assume the PKCS #8 format.

2012-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c: Prevent the usage of strlen() on null
	values.

2012-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: doc update

2012-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: added new items

2012-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated

2012-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: heartbeat support is no longer in the todo

2012-08-24  Simon Josefsson <simon@josefsson.org>

	* tests/suppressions.valgrind: Fix suppression rules.

2012-08-24  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Sort and add doc/tpm-api.texi.

2012-08-24  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Silence automake warning.

2012-08-24  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generate manpages for tpm.h.

2012-08-19  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2012-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, lib/gnutls_cert.c: doc fix

2012-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: remove debugging

2012-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: When signing use the private key's algorithm.

2012-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_x509.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c: Use the preferred key ID when reading the
	pk_algorithm in openpgp keys.  gnutls_openpgp_*_get_pk_algorithm() returns the algorithm of the
	preferred key ID if set.

2012-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: Added missing functions

2012-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext/signature.c, lib/ext/signature.h, lib/gnutls_int.h,
	lib/gnutls_sig.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_sign_algorithm_get().

2012-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-handshake-timeout.c: removed unused variable

2012-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/sign.c, lib/ext/signature.c,
	lib/gnutls_pubkey.c, lib/gnutls_sig.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/x509/crq.c,
	lib/x509/verify.c: gnutls_sign_get_pk_algorithm and
	gnutls_sign_get_hash_algorithm were exported.

2012-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c: When selecting a session signature algorithm
	consider the enabled.

2012-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool.c: No need to ask for key password on registered keys.

2012-08-16  Mark Brand <mabrand@mabrand.nl>

	* lib/system.c: fix case of include file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_priority.c, lib/gnutls_record.c: 
	fix warnings

2012-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: Avoid stray return when compiling without trousers.

2012-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-handshake-timeout.c: avoid memory leak

2012-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, NEWS: updates

2012-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: No need to require the private key to be present
	when generating a certificate.

2012-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Link srptool with libintl. Suggested by B. Scott
	Michel.

2012-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated news

2012-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Security levels can
	be combined as priority strings.

2012-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-handshake-timeout.c: small updates in
	mini-handshake-timeout

2012-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: document gnutls_random_art

2012-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-handshake-timeout.c: Added test that
	checks the handshake timeout.

2012-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated news

2012-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: doc update

2012-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, doc/Makefile.am: the new makeinfo sets the FLOAT_NAME by
	default.

2012-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: corrected html generation

2012-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: updated html doc

2012-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: doc update

2012-08-09  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am: Add gnulib -I's to guile-snarf command.

2012-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/gnutls.texi: use  FLOAT_NAME_IN_XREF

2012-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/cha-gtls-app.texi,
	doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: 
	gnutls_handshake_timeout() -> gnutls_handshake_set_timeout()

2012-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/cha-gtls-app.texi,
	doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: Added
	gnutls_handshake_timeout().

2012-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: document the deprecated functions in 3.1.x

2012-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-shared-key.texi: document the alloc functions

2012-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, build-aux/config.rpath, configure.ac: released

2012-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/gnutls.texi: distribute all generated files

2012-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented TPM support

2012-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_rsa_export.c: corrected typo

2012-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2012-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/pkcs11_privkey.c, lib/tpm.c: documentation
	fixes.

2012-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/gnutls.texi: better doc output

2012-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: no need for libgnutlsxx.map

2012-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select.c, doc/invoke-certtool.texi,
	tests/pkcs12-decode/Makefile.am: corrected example and added missing
	files.

2012-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: confirm password on key generation.

2012-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_privkey.c, lib/gnutls_x509.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
	lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, src/certtool-args.c,
	src/certtool-args.def, src/certtool-args.h, src/certtool-common.h,
	src/certtool.c, src/cli.c, tests/pkcs12-decode/pkcs12: Restored
	ability to decrypt PKCS #8 and #12 keys with a NULL password.
	Certtool now accepts the option --null-password.

2012-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Exit with an error code if a PKCS #12 structure
	cannot be decrypted.

2012-07-26  Petr Písař <petr.pisar@atlas.cz>

	* src/certtool.c: Respect certtool --hash when signing request and
	CRL The certtool hard-codes the digest algorithm despite '--hash' option
	exists.  This patch allows user to choose the algorithm when signing
	certificate request or certificate revocation list.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/pin.c, lib/pin.h, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/tpm.c: PIN-related functions common to TPM and
	PKCS #11 moved to pin.c.

2012-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1,
	lib/includes/gnutls/tpm.h, lib/tpm.c, src/tpmtool.c: 
	GNUTLS_TPMKEY_FMT_PEM renamed to GNUTLS_TPMKEY_FMT_CTK_PEM

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
	src/tpmtool.c: tpmtool now accepts the --inder and --outder options.

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/tpm.h,
	lib/tpm.c: Separated TPM key encodings from the X.509 certificates.  Added two TPM-specific encodings the DER and PEM. Even though they
	look to be related the are not. The DER encoding is the one provided
	using Tspi_EncodeDER_TssBlob, and the PEM is the compatibility
	encoding used by create_tpm_key.

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: doc fixes

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/mytexi2latex: handle noindent

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-tokens.texi: more elaborate PIN
	documentation

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: handle more complex enums

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi: discussed the generic and openssl privkey
	import functions.

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: added tpm flag

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi, doc/latex/macros.tex: more doc fixes

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509/pkcs12.c: doc fix

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/Makefile.am, doc/latex/gnutls.tex: doc updates

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: more set_pin functions.

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: set PIN function when reading a certificate

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c,
	lib/includes/gnutls/gnutls.h.in, lib/pkcs11.c, lib/pkcs11_write.c,
	lib/tpm.c, src/common.c, src/pkcs11.c: GNUTLS_PKCS11_PIN ->
	GNUTLS_PIN

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-auth.c, tests/openpgp-auth2.c: use stack for file
	paths

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/invoke-tpmtool.texi, doc/manpages/tpmtool.1: 
	doc updates

2012-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/tpm.c: Increate the entropy of TPM when generating keys.  When generating a key in TPM provide it with some randomness using
	Tspi_TPM_StirRandom(). Suggested by Carolin Latze.

2012-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: Force dependency on nettle 2.5.

2012-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, doc/manpages/tpmtool.1: Added tpmtool
	manpage.

2012-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h: 
	updated TPM doc

2012-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/certtool-common.c, src/certtool-common.h,
	src/certtool.c, src/cli.c, src/common.c, src/common.h,
	src/p11common.c, src/p11common.h, src/pkcs11.c, src/serv.c: 
	Eliminated p11common.c.

2012-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/pkcs11.c, lib/x509/x509.c,
	lib/x509/x509_int.h: PKCS #11 PIN handling fixes.  Added gnutls_x509_crt_set_pin_function() and set the PIN handling
	function in gnutls_privkey_import_pkcs11_url().

2012-07-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Check for /etc/ssl/cert.pem in OpenBSD. Reported by
	David Woodhouse and Mike Miller.

2012-07-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-auth.c, tests/openpgp-auth2.c: Avoid the usage of
	alloca(). Reported by Rob McMahon.

2012-07-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: Avoid returning from void function. Patch by
	Rob McMahon.

2012-07-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: better title

2012-07-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tokens.texi: mention the context specific PIN functions.

2012-07-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/cha-cert-auth2.texi,
	doc/cha-functions.texi, doc/cha-gtls-app.texi,
	doc/cha-library.texi, doc/cha-tokens.texi, doc/gnutls.texi,
	doc/invoke-tpmtool.texi, lib/gnutls_ui.c, lib/gnutls_x509.c: Added
	documentation for TPM keys.

2012-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/snippet/_Noreturn.h, gl/Makefile.am, gl/alloca.in.h,
	gl/argp-ba.c, gl/argp-help.c, gl/argp-parse.c, gl/argp-pv.c,
	gl/fseeko.c, gl/fseterr.c, gl/fseterr.h, gl/fstat.c, gl/gettext.h,
	gl/m4/argp.m4, gl/m4/extensions.m4, gl/m4/fdopen.m4,
	gl/m4/frexp.m4, gl/m4/frexpl.m4, gl/m4/fseterr.m4, gl/m4/getopt.m4,
	gl/m4/gettext.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
	gl/m4/intdiv0.m4, gl/m4/intlmacosx.m4, gl/m4/largefile.m4,
	gl/m4/ldexpl.m4, gl/m4/lock.m4, gl/m4/mmap-anon.m4,
	gl/m4/multiarch.m4, gl/m4/nocrash.m4, gl/m4/printf-frexpl.m4,
	gl/m4/printf.m4, gl/m4/signbit.m4, gl/m4/stdio_h.m4,
	gl/m4/strerror_r.m4, gl/m4/strndup.m4, gl/m4/sys_time_h.m4,
	gl/m4/threadlib.m4, gl/m4/time_h.m4, gl/m4/time_r.m4,
	gl/m4/visibility.m4, gl/printf-parse.c, gl/signal.in.h,
	gl/stdint.in.h, gl/stdio-impl.h, gl/stdlib.in.h,
	gl/sys_select.in.h, gl/tests/init.sh, gl/tests/minus-zero.h,
	gl/tests/stat.c, gl/tests/test-alloca-opt.c,
	gl/tests/test-malloca.c, gl/tests/test-select.h,
	gl/tests/test-time.c, gl/timespec.h, gl/unistd.in.h,
	gl/vasnprintf.c, maint.mk: Updated gnulib.

2012-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c, src/benchmark-tls.c, src/benchmark.c,
	src/benchmark.h: print average time per transaction and sample
	variance.

2012-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: Client credentials initialization moved
	outside benchmark

2012-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/tpm.c: Callbacks are being called even if a
	global PIN functions is not set.

2012-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, lib/auth/cert.h, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Allow
	association of a PIN function with a credentials structure.  This function will be used to override any globally set ones.

2012-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: return value fix

2012-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updates

2012-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/cha-cert-auth2.texi,
	lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c: 
	Removed newly added functions and added
	gnutls_pkcs11_get_pin_function().

2012-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/gnutls_int.h, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c, lib/tpm.c: Added PIN callbacks in structures
	that may require PIN access to override the global callbacks.

2012-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
	lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c: PIN callback function was made more generic than
	PKCS #11.

2012-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: added missing functions

2012-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool.c: signing keys are generated by default

2012-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/tpm.c: random uuids are marked as such

2012-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	src/certtool-common.c, src/cli.c: Added gnutls_url_is_supported()

2012-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/tpm.c: doc fix

2012-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
	src/tpmtool.c: Allow generation of system and user keys.

2012-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/tpm.h, lib/tpm.c: Allow handling of user and
	system keys.

2012-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h, lib/tpm.c: 
	minor fixes in TPM code

2012-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
	src/tpmtool.c: Enabled the generation of signing keys.

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/cha-cert-auth2.texi,
	lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map, src/cli.c: Added
	functions that import any kind of URL into abstract public and
	private keys.  Added:  gnutls_pubkey_import_url()  gnutls_privkey_import_url()

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: When verifying a certificate chain make
	sure it is chain.  If the chain is interrupted (wrong) at some point then truncate,
	only try to verify the correct part. Patch by David Woodhouse.

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/cli.c: Allow gnutls-cli to be used with
	tpmkey urls

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/tpm.c: Added flag to disable
	the use of callbacks in TPM keys.

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_x509.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map, lib/tpm.c,
	src/certtool-common.c, src/tpmtool.c: Added ability to request PIN
	from a TPM URL. It uses the PKCS11 PIN function.

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool.c: corrected function call

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, doc/cha-cert-auth2.texi,
	lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c: Added
	gnutls_pkcs11_advset_pin_function and
	gnutls_pkcs11_advset_token_function

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/tpm.h, lib/tpm.c: doc fix

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/tpm.c: do not list parent in URL.

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: Allow tpmkey: urls in set_key_file()

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/tpmtool.c: Added support for legacy key

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am: documented updates

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
	src/tpmtool.c: pubkey option can now accept a url

2012-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_str.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/tpm.c: small
	fixes in TPM support

2012-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h: internal functions
	marked as static

2012-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/tpm.h, lib/libgnutls.map, lib/tpm.c,
	src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
	src/tpmtool.c: Added functions to handle TPM stored keys.  Not everything is on working state.

2012-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/tpm.c: Allow importing a
	public key from UUID

2012-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/tpm.h, lib/tpm.c: Added the option to register
	a key

2012-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/tpm.c: Added option to load a
	TPM key from an UUID (untested)

2012-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/tpm.c: Common handling of error codes.

2012-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in, lib/tpm.c: 
	combined TPM initialization.

2012-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/tpm.c, src/tpmtool-args.c, src/tpmtool-args.def,
	src/tpmtool-args.h, src/tpmtool.c: TPM key generation allows for
	arbitrary RSA key bits, but quantizes them to the minimum allowed
	value that is larger than input.

2012-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map, lib/tpm.c, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c, src/tpmtool-args.c,
	src/tpmtool-args.def, src/tpmtool-args.h, src/tpmtool.c: Added
	functionality to extract the pubkey key from a TPM key.  Added new function gnutls_pubkey_import_tpm_raw(). tpmtool can now
	print the pubkey key from a TPM key.

2012-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c, lib/gnutls_pubkey.c, lib/tpm.c,
	lib/x509/common.c, lib/x509/crl.c, lib/x509/crq.c,
	lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509_b64.c,
	lib/x509_b64.h: simplified base64 encoding/decoding functions by
	using a datum.

2012-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h: no
	url in tpmtool

2012-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_errors.c, lib/includes/Makefile.am,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/tpm.h,
	lib/libgnutls.map, lib/pkcs11_privkey.c, lib/tpm.c,
	lib/x509/common.c, lib/x509/common.h, src/Makefile.am,
	src/tpmtool-args.c, src/tpmtool-args.def, src/tpmtool-args.h,
	src/tpmtool.c: Added tpmtool.  It is a tool to generate TPM private keys. In addition
	gnutls_tpm_privkey_generate() was added.

2012-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: no tpm test

2012-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/gnutls.h.in, lib/tpm.c, tests/Makefile.am: 
	distinguish password errors and use the internal octet string
	decoding functions.

2012-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, doc/Makefile.am, lib/Makefile.am,
	lib/gnutls_errors.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/tpm.c: Added initial
	support for TPM keys.

2012-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: A deinit function implies
	GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE. Based on patch by David
	Woodhouse.

2012-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: Added gnutls_privkey_import_ext2() This function allows to specify a deinitialization function.

2012-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/privkey.c,
	lib/x509/privkey_openssl.c: gnutls_x509_privkey_import_openssl()
	works only with PEM files.

2012-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_openssl.c: comment put in context

2012-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_openssl.c: Check for PEM headers before DEK-Info.

2012-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: Handle EC DER keys.

2012-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/eagain-common.h,
	tests/mini-emsgsize-dtls.c: Added test application that tests
	GNUTLS_E_LARGE_PACKET and modifies the MTU size during handshake.

2012-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: added missing function

2012-06-30  David Woodhouse <David.Woodhouse@intel.com>

	* lib/gnutls_record.c: Return GNUTLS_E_LARGE_PACKET instead of
	truncating when sending DTLS record Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: fix

2012-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: no need to check for DTLS

2012-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: no need for _gnutls prefix.

2012-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: only block ciphers need 1 byte padding.

2012-06-29  David Woodhouse <David.Woodhouse@intel.com>

	* lib/gnutls_dtls.c: Fix documentation for gnutls_dtls_set_mtu() It *isn't* the interface MTU, it's the transport MTU.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: sign fixes

2012-06-29  David Woodhouse <David.Woodhouse@intel.com>

	* lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map: 
	Add gnutls_dtls_set_data_mtu() Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/gnutls_state.h: gnutls_dtls_get_data_mtu() is more precise.
	Based on patch by David Woodhouse.

2012-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: cleaned up errno handling.

2012-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/cryptodev.c, lib/algorithms/ciphers.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c,
	lib/x509/privkey_openssl.c: Added Camellia-192-CBC algorithm
	identifier.  Based on patch by David Woodhouse.

2012-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_openssl.c: Included more algorithms in openssl
	privkey decryption.

2012-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, lib/gnutls_privkey.c,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/Makefile.am, lib/x509/privkey.c,
	lib/x509/privkey_openssl.c, lib/x509_b64.c, lib/x509_b64.h,
	src/certtool.c: Added functions gnutls_x509_privkey_import2 and
	gnutls_x509_privkey_import_openssl.  The former imports keys in arbitrary formats and the latter imports
	openssl keys (unfinished).

2012-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc fixes

2012-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: document the gnutls_pcert_st

2012-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select.c: use new functions.

2012-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-cert-auth2.texi,
	doc/invoke-certtool.texi: doc fix

2012-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_buffers.c, lib/gnutls_errors.c,
	lib/gnutls_record.c, lib/system.c: Return GNUTLS_E_LARGE_PACKET when
	errno is EMSGSIZE

2012-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-extras.c: added missing file

2012-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/certtool-common.c, src/certtool-common.h: 
	Splitted Lucas' contribution to allow incorporation.

2012-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.c, src/certtool-args.def, src/certtool-args.h: 
	Dot require load-privkey for to-p12

2012-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: document limitations

2012-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, src/certtool-common.c: Updated Lucas' patch

2012-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: updated doc

2012-06-23  Lucas Fisher <lucas.fisher@gmail.com>

	* src/certtool-common.c, src/certtool-common.h, src/certtool.c: 
	Certtool exports multiple keys in PKCS12 file Update certtool to export multiple keys in a PKCS12 file so multiple
	certificate/key pairs may be included in one file.  - Add load_privkey_list() so that --load-privkey loads multiple keys - Change generate_pkcs12() to add multiple keys to the PKCS12 file Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_ui.c, lib/pkcs11.c: updated
	versions

2012-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth2.texi, lib/gnutls_privkey.c,
	lib/gnutls_ui.c, lib/includes/gnutls/abstract.h, lib/libgnutls.map,
	src/cli.c: Added functions to directly load a private key.  They allow loading a data buffer into a gnutls_privkey_t without
	going through cumbersome convertions.

2012-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in: Added
	gnutls_load_file().

2012-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_privkey.c: Use the label when looking for
	a certificate or private key in PKCS #11.  Patch by David Woodhouse.

2012-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/libgnutls.map: moved symbol

2012-06-15  Diego Elio Pettenò <flameeyes@flameeyes.eu>

	* src/Makefile.am: build: make sure to declare the generated source
	files as BUILT_SOURCES This allows proper building when using parallel make on a multi-core
	system.  Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: correct comparison of sent data in
	dtls-stress.

2012-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: small fix

2012-06-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/version.c: Update to libtasn1 2.13.

2012-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: removed old news entry

2012-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated TODO

2012-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs12.h, lib/x509/pkcs12.c: Added flag
	GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED for
	gnutls_pkcs12_simple_parse().

2012-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12.c: deinitialize extra certs if they are empty.

2012-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c: Revert "documented
	pin_callback expectations." This reverts commit 2576a9d933e4f29f69a7182faa9c4210eeec8fee.

2012-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, NEWS: added author of code.

2012-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2012-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pkcs11_secret.c, lib/pkcs11_write.c: In tokens that allow
	multiple sessions make the private key session persistent.  This
	prevents asking for PIN on every private key operation.

2012-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: When generating a pkcs12 structure with multiple
	certificates set a friendly name only on the first one.

2012-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: removed entry which was included in 3.0.20

2012-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c: Fixed leaks in PKCS #8 decoding

2012-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/includes/gnutls/pkcs12.h,
	lib/x509/pkcs12.c, tests/Makefile.am,
	tests/pkcs12-decode/Makefile.am, tests/pkcs12_simple.c: Changed
	prototype for gnutls_pkcs12_simple_parse() to simplify chain
	building.

2012-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c: documented pin_callback
	expectations.

2012-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, src/cli.c, src/psk.c, src/serv.c, src/srptool.c,
	src/tls_test.c: removed unused functions.

2012-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, src/cli.c: simplified check for win32

2012-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: Print the fingerprint only in the first certificate
	in the chain.

2012-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: GNUTLS_E_ENCRYPTED_STRUCTURE is no more.

2012-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, lib/algorithms.h,
	lib/algorithms/ciphersuites.c, lib/algorithms/protocols.c,
	lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_session_pack.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added support
	for an old version of the DTLS protocol used by openconnect vpn
	client for compatibility with Cisco's AnyConnect SSL VPN. It is
	marked as GNUTLS_DTLS0_9. Do not use it for newer protocols as it
	has issues.

2012-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: corrected function name

2012-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/invoke-gnutls-cli.texi, src/benchmark-tls.c,
	src/benchmark.h, src/cli-args.c, src/cli-args.def, src/cli-args.h,
	src/cli.c: Options --benchmark-tls was split to --benchmark-tls-kx

2012-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: Added keys of equivalent security levels.

2012-06-06  Mark Brand <mabrand@mabrand.nl>

	* lib/gnutls_x509.c: add missing include wincrypt.h Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: mention retrieve_function2

2012-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: corrected invalid char

2012-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi, doc/latex/Makefile.am: updates in latex
	build

2012-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex: no need for eurosans

2012-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/scripts/mytexi2latex: do not use
	@euro{}

2012-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/ar-lib, gl/Makefile.am, gl/errno.in.h, gl/fseeko.c,
	gl/fstat.c, gl/ftello.c, gl/lseek.c, gl/m4/dup2.m4,
	gl/m4/errno_h.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftello.m4,
	gl/m4/ftruncate.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/largefile.m4, gl/m4/lseek.m4,
	gl/m4/lstat.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
	gl/m4/memmem.m4, gl/m4/mmap-anon.m4, gl/m4/off_t.m4,
	gl/m4/putenv.m4, gl/m4/realloc.m4, gl/m4/setenv.m4,
	gl/m4/signbit.m4, gl/m4/sleep.m4, gl/m4/stat.m4, gl/m4/strerror.m4,
	gl/m4/symlink.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_types_h.m4,
	gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4, gl/select.c,
	gl/stdint.in.h, gl/stdio.in.h, gl/strerror-override.c,
	gl/strerror-override.h, gl/sys_stat.in.h, gl/sys_types.in.h,
	gl/tests/binary-io.h, gl/tests/fcntl.in.h, gl/tests/ftruncate.c,
	gl/tests/ignore-value.h, gl/tests/init.sh, gl/tests/stat.c,
	gl/tests/test-binary-io.c, gl/tests/test-binary-io.sh,
	gl/tests/test-errno.c, gl/u64.h, gl/unistd.in.h, ltmain.sh,
	maint.mk: updated gnulib

2012-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/cert-tests/Makefile.am, tests/{certs =>
	cert-tests}/ca-certs.pem: moved ca-certs.

2012-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : updated

2012-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h: stdarg.h is not needed

2012-06-05  Nikos Mavrogiannopoulos <nikos@esat.kuleuven.be>

	* NEWS, lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: Re-use
	GNUTLS_E_DECRYPTION_FAILED for encrypted structures.

2012-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: small doc fix

2012-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-x509-2.c: Added new test
	program.

2012-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: print warning to stderr

2012-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi: doc updates

2012-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c, src/certtool.c: 
	Introduced GNUTLS_E_ENCRYPTED_STRUCTURE error code.  This error code
	is returned by encrypted key import functions such as
	gnutls_x509_privkey_import_pkcs8() and gnutls_pkcs12_simple_parse()
	when an encrypted structure is provided but no password is given.

2012-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: fixed symbol

2012-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/manpages/Makefile.am: updated news
	entries

2012-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/pgpverify.c: Verification in openpgp changed to
	ressemble the X.509 behavior.

2012-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in, lib/x509/verify-high.c,
	lib/x509/verify.c: Differentiate between signature failure and
	generic errors, by introducing the verification flag
	GNUTLS_CERT_SIGNATURE_FAILURE. Suggested by David Woodhouse.

2012-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: Removed duplicate entries and added an explicit
	local.

2012-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/libgnutlsxx.map: No need for version script
	for CPP programs.

2012-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: better function naming.

2012-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/includes/gnutls/pkcs12.h, lib/nettle/pk.c,
	lib/x509/pkcs12.c: gnutls_certificate_set_x509_simple_pkcs12_file()
	now imports certificate chain if it is present.
	gnutls_pkcs12_parse() was renamed to gnutls_pkcs12_simple_parse()

2012-06-01  David Woodhouse <David.Woodhouse@intel.com>

	* lib/gnutls_x509.c, lib/includes/gnutls/pkcs12.h,
	lib/libgnutls.map: Export parse_pkcs12() as gnutls_pkcs12_parse() Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-06-01  David Woodhouse <David.Woodhouse@intel.com>

	* lib/gnutls_x509.c: Make parse_pkcs12() return extra certificates
	too Optionally create a separate list, and return them for the caller to
	use as appropriate.  This also cleans up the error handling a little. There seemed to be
	a potential memory leak (of *key, for example) when returning errors
	after some information had already been extracted.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.h: minor documentation updates

2012-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: doc updates

2012-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: corrected text.

2012-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: corrected typo

2012-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: typo fix

2012-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: Do not document old functions.

2012-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: documented behavior.

2012-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c: Do not crash if password is null and
	GNUTLS_PKCS_PLAIN is not specified.

2012-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: improved comments and added unlikely().

2012-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, lib/gnutls_buffers.c, tests/Makefile.am,
	tests/certs/ca-certs.pem, tests/mini-x509-cas.c: Corrected handling
	of handshake packets that span multiple records.

2012-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: updated Makefile

2012-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: documentation update

2012-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : updated

2012-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: corrected typo

2012-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session_pack.c: corrected data copy

2012-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: MAX_ENTRIES increased to 128.

2012-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Updated documentation on DTLS.

2012-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-examples.texi: updated documentation

2012-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: updated Makefile.

2012-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk, win32/.gitignore: updated cross compilation makefile.

2012-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_x509.c, lib/system.c,
	lib/x509/verify-high2.c: Added support for windows trusted
	certificate store

2012-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated cross compilation makefile

2012-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2012-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: no need to distribute postscript

2012-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/gnutls_x509.c, lib/x509/verify-high2.c: Added
	the notion of a default CRL file.

2012-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/cha-shared-key.texi, doc/examples/ex-client-x509.c: updated doc

2012-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/invoke-gnutls-cli.texi: updated

2012-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: Added DevPak package.

2012-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: corrected doc.

2012-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: document nettle requirement

2012-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: no need for netinet/ip.h

2012-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: When checking for an issuer check for a match
	in the key identifiers.

2012-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.c, src/cli-args.def, src/cli-args.h, src/cli.c: Added
	the --dh-bits option to gnutls-cli.

2012-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-dtls.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/examples/ex-serv-x509.c, lib/gnutls_x509.c: Be more conservative
	with examples and changed semantics of
	gnutls_certificate_set_x509_system_trust().
	gnutls_certificate_set_x509_system_trust() returns
	GNUTLS_E_UNIMPLEMENTED_FEATURE on systems that do not have a (known)
	default trust store.

2012-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: documented function.

2012-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: updated

2012-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/nettle/pk.c: updates

2012-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map, lib/x509/x509.c: align with 3.0.x

2012-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth2.texi, lib/abstract_int.h,
	lib/algorithms.h, lib/algorithms/sign.c, lib/auth/rsa.c,
	lib/auth/rsa_export.c, lib/crypto-backend.h, lib/ext/signature.c,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/nettle/pk.c, lib/opencdk/main.h,
	lib/opencdk/pubkey.c, lib/opencdk/seskey.c, lib/openpgp/privkey.c,
	lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_int.h, tests/x509sign-verify.c: Use the PKCS #1 1.5
	encoding provided by nettle (2.5) for encryption and signatures.

2012-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Added text for gnutls_dh_set_prime_bits and
	gnutls_srp_set_prime_bits

2012-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: Document the effect of lowering the DH bits.

2012-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c: Print certificate if --print-cert is
	given, even on verification failure.

2012-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Revert "This patch fixes following kind of issue
	with automake 1.12" It was suggested that this need not to be solved
	by gnutls.  This reverts commit 30ad4976249aa9e402eb27081ade06928f3066f0.

2012-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/.gitignore, doc/invoke-certtool.texi,
	doc/invoke-gnutls-cli-debug.texi, doc/invoke-gnutls-cli.texi,
	doc/invoke-gnutls-serv.texi, doc/invoke-ocsptool.texi,
	doc/invoke-p11tool.texi, doc/invoke-psktool.texi,
	doc/invoke-srptool.texi: Auto-generated texi files were added.

2012-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.c, src/certtool-args.def, src/certtool-args.h: 
	Added URI to the example.

2012-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
	tests/cert-tests/template-test.pem: Added support for the URI type
	of subject alternative name in certtool.

2012-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, src/certtool-args.c, src/certtool-args.h,
	src/cli-args.c, src/cli-args.h, src/cli-debug-args.c,
	src/cli-debug-args.h, src/ocsptool-args.c, src/ocsptool-args.h,
	src/p11tool-args.c, src/p11tool-args.h, src/psk-args.c,
	src/psk-args.h, src/serv-args.c, src/serv-args.h,
	src/srptool-args.c, src/srptool-args.h: Added the autogen files to
	git.

2012-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am: Added new functions

2012-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha, src/libopts/Makefile.am, src/libopts/ag-char-map.h,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.c, src/libopts/autoopts.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
	src/libopts/check.c, src/libopts/compat/compat.h,
	src/libopts/compat/pathfind.c, src/libopts/configfile.c,
	src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
	src/libopts/find.c, src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/libopts.c, src/libopts/load.c,
	src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
	src/libopts/nested.c, src/libopts/parse-duration.c,
	src/libopts/pgusage.c, src/libopts/proto.h, src/libopts/putshell.c,
	src/libopts/reset.c, src/libopts/save.c, src/libopts/stack.c,
	src/libopts/streqvcmp.c, src/libopts/tokenize.c,
	src/libopts/usage.c, src/libopts/value-type.h,
	src/libopts/xat-attribute.h: Updated libopts

2012-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: added new functions

2012-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
	doc/examples/ex-client-dtls.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
	doc/manpages/Makefile.am, lib/gnutls_x509.c,
	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/pkcs11.c, lib/x509/Makefile.am,
	lib/x509/verify-high2.c, lib/x509/x509.c, src/cli.c: Added
	convenience functions to load a trust list from a file or a memory
	buffer.  New functions: gnutls_certificate_set_x509_system_trust,
	gnutls_pkcs11_obj_list_import_url2,
	gnutls_x509_trust_list_add_system_trust,
	gnutls_x509_trust_list_add_trust_file,
	gnutls_x509_trust_list_add_trust_mem.

2012-05-08  Ludwig Nussel <ludwig.nussel@suse.de>

	* configure.ac, doc/Makefile.am, doc/manpages/Makefile.am,
	lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, src/cli.c: introduce
	gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust() imports the trusted root
	CA's from a compile time defined location. That way applications
	don't need to know.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: This patch fixes following kind of issue with
	automake 1.12 | automake: warnings are treated as errors |
	/.../automake-1.12/am/ltlibrary.am: warning: 'libgnutls.la': linking
	libtool libraries using a non-POSIX |
	/.../automake-1.12/am/ltlibrary.am: archiver requires 'AM_PROG_AR'
	in 'configure.ac' Patch by: Nitin A Kamble <nitin.a.kamble@intel.com>

2012-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/autoopts/options.h: removed redundant declaration.

2012-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/perlasm/cpuid-x86_64.pl,
	lib/accelerated/x86/coff/cpuid-x86-64-coff.s: Corrected win64
	cpuid() code. Report and patch by Mann Ern Kang.

2012-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mpi.c: corrected bug in scan_nz()

2012-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: removed old dependency

2012-04-21  Patrick Pelletier <code@funwithsoftware.org>

	* NEWS, README-alpha, doc/cha-intro-tls.texi,
	lib/accelerated/x86/README, lib/auth/dh_common.c, lib/auth/dhe.c,
	lib/auth/srp.c, lib/auth/srp_sb64.c, lib/gnutls_state.c,
	lib/nettle/mpi.c: documentation and comment fixes Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c, lib/gnutls_dh.h: corrected typo

2012-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c: simplified checks.

2012-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dh_common.c, lib/gnutls_dh.c, lib/gnutls_dh.h: Return
	proper error code if parameter check fails.

2012-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c: Added complete check in SRP parameters.

2012-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updated

2012-04-18  Alexandre Bique <bique.alexandre@gmail.com>

	* lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h: Add
	gnutls::session::set_transport_vec_push().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c: Added better sanity checks in Diffie-Hellman key
	exchange.

2012-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Added option to unconditionally disable crywrap.
	Patch by Daniel Mierswa.

2012-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: Use openpgp if enabled.

2012-04-17  Simon Josefsson <simon@josefsson.org>

	* README-alpha: Doc fix.

2012-04-17  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Require automake >= 1.11.3 because of dist-lzip.

2012-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkcs11.c: If a callback fails try the other.

2012-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkcs11.c: by default register a file callback in p11-kit
	to read a file from the pin-source pkcs11url field.

2012-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/cs.po.in, po/de.po.in, po/fi.po.in, po/it.po.in, po/nl.po.in,
	po/pl.po.in, po/sv.po.in, po/uk.po.in, po/vi.po.in: Sync with TP.

2012-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli.c, src/srptool.c: No need to include
	gettext.h. Link against libintl when needed.

2012-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: no abi change in 3.0.19

2012-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: text for 3.1.0

2012-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: 
	gnutls_record_check_unprocessed is now inline function.

2012-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: optimized usage of gnutls_rnd()

2012-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: Update random state on all cases.

2012-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/tests/ioctl.c: updated gnulib

2012-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: Added TLS 1.2 interop tests.

2012-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_pubkey.c, lib/gnutls_state.c: Relax strict
	DSA/ECDSA checks to allow broader interoperability. Stronger hash
	algorithms are now allowed even if DSA might only allow SHA1.

2012-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c: Add sanity checks in Diffie-Hellman key exchange
	values.

2012-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mpi.c: corrected DH generation check.

2012-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: updated

2012-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_buffers.c, lib/gnutls_handshake.c,
	lib/includes/gnutls/gnutls.h.in: gnutls_record_check_pending
	functionality was divided to gnutls_record_check_pending and
	gnutls_record_check_unprocessed.

2012-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: doc updates

2012-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mpi.c: refuse to generate small group sizes.

2012-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: do not check for fchmod

2012-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: updated
	documentation for dtls.

2012-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def: updated documentation

2012-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-loss-time.c: Revert "avoid killing child" This reverts commit 4965c2fbfd3405e2dfe7f7d747d03185d155c2a1.

2012-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fixes

2012-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: do not print Key ID in a pkcs12 structure if it is
	null.

2012-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: raw_to_string no longer returns NULL.

2012-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12-decode/pkcs12: improved test and added debugging

2012-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: corrected comparison

2012-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/dirent.in.h, gl/m4/math_h.m4,
	gl/m4/stdio_h.m4, gl/m4/warn-on-use.m4, gl/m4/warnings.m4,
	gl/math.in.h, gl/stdio.in.h, gl/stdlib.in.h, gl/string.in.h,
	gl/tests/strerror_r.c, gl/tests/test-float.c, gl/tests/test-math.c,
	gl/wchar.in.h, maint.mk: updated gnulib

2012-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-upgrade.texi: Added more deprecated functions

2012-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/override/tests/test-float.c.diff: avoid the floating point
	test.

2012-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-rehandshake.c, tests/mini-loss-time.c,
	tests/mini-record.c, tests/mini-termination.c,
	tests/openpgp-auth.c, tests/openpgp-auth2.c: use AF_UNIX for
	socketpair.

2012-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2012-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: make dist will also make lzip compressed tarball

2012-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/hmac-padlock.c, lib/algorithms.h,
	lib/algorithms/kx.c, lib/algorithms/mac.c, lib/crypto-api.c,
	lib/gnutls_cipher_int.c, lib/gnutls_constate.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_pk.c,
	lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/includes/gnutls/crypto.h, lib/opencdk/armor.c,
	lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/x509/ocsp.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: several
	type changes to please clang

2012-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: set release date

2012-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/minitasn1/decoding.c: updated libtasn1

2012-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: removed old function.

2012-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped versions

2012-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: removed function that didn't
	exist

2012-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-termination.c: initialize value

2012-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-loss-time.c: avoid killing child

2012-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-rehandshake.c: avoid closing fd[1] on server. For
	some reason it makes connection fail.

2012-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: Add FUNCS to distribution

2012-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, lib/gnutls_record.c, tests/Makefile.am,
	tests/mini-dtls-rehandshake.c, tests/mini-record.c,
	tests/mini-termination.c: Make sure that
	GNUTLS_E_PREMATURE_TERMINATION is returned if there is premature
	termination.

2012-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: do not build test with timers when posix
	timers are not present.

2012-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/keydb.c, lib/opencdk/literal.c: corrected types

2012-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp.c: use correct type in snprintf.

2012-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h: added prototypes for inline
	functions (some gcc versions couldn't compile without)

2012-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/gnutls_auth.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_ui.c: even more
	cleanups

2012-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/auth/cert.h, lib/auth/dhe.c, lib/auth/rsa.c,
	lib/auth/rsa_export.c, lib/auth/srp_rsa.c: more cleanups

2012-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2012-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ocsp.c, tests/openpgp-auth2.c, tests/resume-dtls.c: Fixes
	for win32 and time. OCSP test now sets a fixed time to avoid
	expiration errors.

2012-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/auth/cert.h, lib/auth/dhe.c, lib/auth/rsa.c,
	lib/auth/rsa_export.c, lib/auth/srp_rsa.c: simplified internal
	function names.

2012-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: improvements in long long usage

2012-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: corrected probing of cryptodev
	digests.

2012-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/x86/aes-x86.h, m4/hooks.m4: Do not assume
	sizeof(unsigned long)==sizeof(void*).  Based on patch by B. Scott
	Michel.

2012-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/genshell.h: include libintl. Patch by B. Scott Michel

2012-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am, src/libopts/genshell.h: Revert "use
	header files from gl/ and include gettext.h" This reverts commit 6b3d7b6e31ddab337e185922910262d68f1fc6fa.

2012-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am, src/libopts/genshell.h: use header files
	from gl/ and include gettext.h

2012-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cxx.cpp: more warnings to silence.

2012-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-anon.c: silence warnings. Patch by B. Scott
	Michel.

2012-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/getfuncs.pl, lib/includes/gnutls/compat.h: Added
	doc-skip to skip certain functions from documentation.

2012-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h: remove brackets.

2012-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h: Cleaned up deprecated types and
	added a deprecation warning on them.

2012-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h: Provide compatibility inline
	functions for gnutls_session_get_server_random() and
	gnutls_session_get_client_random().

2012-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/x86/aes-padlock.c: Only call
	check_phe_partial() if PHE has been detected.

2012-03-21  Simon Josefsson <simon@josefsson.org>

	* README-alpha: Update bootstrapping instructions.

2012-03-21  Simon Josefsson <simon@josefsson.org>

	* .gitignore, doc/Makefile.am: Tell automake about all filenames to
	fix 'make distcheck'.

2012-03-21  Simon Josefsson <simon@josefsson.org>

	* README-alpha: Clarify bootstrapping.

2012-03-21  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2012-03-21  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Build functions/ files (this should be done by
	listing all files instead).

2012-03-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/fpucw.h, gl/{tests => }/glthread/threadlib.c,
	gl/isnanf-nolibm.h, gl/m4/frexpl.m4, gl/m4/gnulib-comp.m4,
	gl/m4/ldexpl.m4, gl/m4/math_h.m4, gl/m4/timer_time.m4,
	gl/math.in.h, gl/tests/Makefile.am, gl/tests/macros.h,
	gl/tests/randomd.c, gl/tests/randoml.c, gl/tests/test-frexp.c,
	gl/tests/test-frexp.h, gl/tests/test-frexpl.c,
	gl/tests/test-math.c, maint.mk: Update gnulib files.

2012-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, devel/perlasm/e_padlock-x86.pl,
	devel/perlasm/e_padlock-x86_64.pl, devel/perlasm/ghash-x86.pl,
	lib/accelerated/x86/README,
	lib/accelerated/x86/coff/padlock-x86-64-coff.s,
	lib/accelerated/x86/coff/padlock-x86-coff.s,
	lib/accelerated/x86/elf/padlock-x86-64.s,
	lib/accelerated/x86/license.txt,
	lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated openssl
	code

2012-03-19  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/compat.h: Remove TLS_RANDOM_SIZE and
	TLS_MASTER_SIZE compat mappings.

2012-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, doc/cha-upgrade.texi, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_session_get_random()

2012-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/libgnutls.map: added missing function

2012-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: better error message

2012-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/mytexi2latex: updated

2012-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-upgrade.texi, doc/gnutls.texi,
	doc/latex/Makefile.am, doc/latex/gnutls.tex: Added chapter to
	describe changes needed when upgrading.

2012-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: doc update

2012-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/output.c, lib/x509/x509.c,
	lib/x509/x509_write.c, tests/cert-tests/template-test.pem: Added
	gnutls_x509_crt_set_private_key_usage_period() and
	gnutls_x509_crt_get_private_key_usage_period(). The time stored in
	generated certificates is now GeneralizedTime.

2012-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: changed debugging level for message

2012-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: corrected ciphersuite number

2012-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Added debugging message when encounter an
	invalid ciphersuite.

2012-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool.c: Applied patch to cast days to (time_t)
	before converting it to seconds to prevent a Y2K38 bug. Patch by
	Robert Millan.

2012-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/gnutls.texi, doc/scripts/split-texi.pl: 
	texinfo documentation is similar to the printed manual.

2012-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, cross.mk, m4/hooks.m4: bumped version

2012-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/x509/crq.c, lib/x509/x509.c: corrected
	the documentation of the verification functions.

2012-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.0.16

2012-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: enable_local_libopts is by default no

2012-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: bumped shared lib version

2012-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/x509_write.c, src/certtool-args.def, src/certtool-cfg.c,
	src/certtool-cfg.h, src/certtool.c: Added
	gnutls_x509_crt_set_authority_info_access.

2012-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/README: updated

2012-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/perlasm/license-gnutls.txt, devel/perlasm/license.txt,
	lib/accelerated/x86/coff/appro-aes-gcm-x86-64-coff.s,
	lib/accelerated/x86/coff/appro-aes-x86-64-coff.s,
	lib/accelerated/x86/coff/appro-aes-x86-coff.s,
	lib/accelerated/x86/coff/cpuid-x86-64-coff.s,
	lib/accelerated/x86/coff/cpuid-x86-coff.s,
	lib/accelerated/x86/coff/padlock-x86-64-coff.s,
	lib/accelerated/x86/coff/padlock-x86-coff.s,
	lib/accelerated/x86/elf/appro-aes-gcm-x86-64.s,
	lib/accelerated/x86/elf/appro-aes-x86-64.s,
	lib/accelerated/x86/elf/appro-aes-x86.s,
	lib/accelerated/x86/elf/cpuid-x86-64.s,
	lib/accelerated/x86/elf/cpuid-x86.s,
	lib/accelerated/x86/elf/padlock-x86-64.s,
	lib/accelerated/x86/elf/padlock-x86.s,
	lib/accelerated/x86/macosx/appro-aes-gcm-x86-64-macosx.s,
	lib/accelerated/x86/macosx/appro-aes-x86-64-macosx.s,
	lib/accelerated/x86/macosx/appro-aes-x86-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86-64-macosx.s,
	lib/accelerated/x86/macosx/cpuid-x86-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-64-macosx.s,
	lib/accelerated/x86/macosx/padlock-x86-macosx.s: updated licenses

2012-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/{asm-coff => coff}/appro-aes-gcm-x86-64-coff.s,
	lib/accelerated/x86/{asm-coff => coff}/appro-aes-x86-64-coff.s,
	lib/accelerated/x86/{asm-coff => coff}/appro-aes-x86-coff.s,
	lib/accelerated/x86/{asm-coff => coff}/cpuid-x86-64-coff.s,
	lib/accelerated/x86/{asm-coff => coff}/cpuid-x86-coff.s,
	lib/accelerated/x86/{asm-coff => coff}/padlock-x86-64-coff.s,
	lib/accelerated/x86/{asm-coff => coff}/padlock-x86-coff.s,
	lib/accelerated/x86/{asm => elf}/appro-aes-gcm-x86-64.s,
	lib/accelerated/x86/{asm => elf}/appro-aes-x86-64.s,
	lib/accelerated/x86/{asm => elf}/appro-aes-x86.s,
	lib/accelerated/x86/{asm => elf}/cpuid-x86-64.s,
	lib/accelerated/x86/{asm => elf}/cpuid-x86.s,
	lib/accelerated/x86/{asm => elf}/padlock-x86-64.s,
	lib/accelerated/x86/{asm => elf}/padlock-x86.s,
	lib/accelerated/x86/{asm-macosx =>
	macosx}/appro-aes-gcm-x86-64-macosx.s,
	lib/accelerated/x86/{asm-macosx =>
	macosx}/appro-aes-x86-64-macosx.s, lib/accelerated/x86/{asm-macosx
	=> macosx}/appro-aes-x86-macosx.s, lib/accelerated/x86/{asm-macosx
	=> macosx}/cpuid-x86-64-macosx.s, lib/accelerated/x86/{asm-macosx
	=> macosx}/cpuid-x86-macosx.s, lib/accelerated/x86/{asm-macosx =>
	macosx}/padlock-x86-64-macosx.s, lib/accelerated/x86/{asm-macosx =>
	macosx}/padlock-x86-macosx.s: renamed asm directories.

2012-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2012-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am: corrected makefile

2012-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Added missing elf part.

2012-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, configure.ac, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/asm-macosx/appro-aes-gcm-x86-64-macosx.s,
	lib/accelerated/x86/asm-macosx/appro-aes-x86-64-macosx.s,
	lib/accelerated/x86/asm-macosx/appro-aes-x86-macosx.s,
	lib/accelerated/x86/asm-macosx/cpuid-x86-64-macosx.s,
	lib/accelerated/x86/asm-macosx/cpuid-x86-macosx.s,
	lib/accelerated/x86/asm-macosx/padlock-x86-64-macosx.s,
	lib/accelerated/x86/asm-macosx/padlock-x86-macosx.s: Added assembly
	for macosx

2012-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: corrected typo

2012-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-verify-ssh.c: reduced lines

2012-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/p11tool-args.def: doc updates

2012-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def: added spacing

2012-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/srp/Makefile.am, tests/srp/mini-srp.c, tests/srp/tpasswd,
	tests/srp/tpasswd.conf: generate tpasswd files on the spot.

2012-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ca.pem, tests/enc3pkcs8.pem, tests/test1.pem,
	tests/test10.pem, tests/test13.pem, tests/test2.pem,
	tests/test20.pem, tests/test21.pem, tests/test22.pem,
	tests/test23.pem, tests/test24.pem, tests/test25.pem,
	tests/test26.pem, tests/test3.pem, tests/x509_test.c: removed unused
	files.

2012-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: stamp_enums is shipped to avoid regenerating
	parts of doc

2012-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: corrected urls

2012-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version.

2012-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: corrected call to gnutls_error_is_fatal().

2012-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated description

2012-03-14  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/libtasn1.h: Update minitasn1.

2012-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/invalid-cert: Added test on
	an invalid certificate.

2012-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c: updated.

2012-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/libtasn1.h: more recent libtasn1

2012-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h,
	lib/minitasn1/version.c: updated included libtasn1

2012-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: gnutls-cli honours the --x509fmtder.

2012-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: only set the server name if we do not have an IP
	address.

2012-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: Do not use fixed versions

2012-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
	lib/includes/gnutls/gnutls.h.in: Documentation updates

2012-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: when using cryptodev do not set all
	the digest function since they are not always faster.

2012-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86.c: corrected comments.

2012-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: reset the siop structure on every
	loop

2012-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c: add more space to dst to allow GCM mode
	tests in cryptodev.

2012-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-args.def, src/certtool-cfg.c,
	src/certtool-cfg.h, src/certtool.c: certtool may explicitly set the
	domain component (DC) field of a DN.

2012-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, src/certtool-args.def: Added a real
	key purpose OID as example

2012-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def: updated p11tool documentation.

2012-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/p11tool.c: Only set the private status if it has been
	explicitly specified. That is because some tokens don't want it set.

2012-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: The default cipher when encrypting with PKCS12 is
	AES.

2012-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def: to-p12 requires the load-certificate and
	load-privkey.

2012-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/cover.tex: updated front-page to include all
	contributors.

2012-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-internals.texi, doc/latex/gnutls.bib: 
	Some updates on supplemental data handling.

2012-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/safe-renegotiation/Makefile.am: safe renegotiation tests
	only run under valgrind in the devel environment.

2012-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex: updated

2012-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/scripts/mytexi2latex: changes in
	asynchronous documentation

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/makeshell.c: Added ifdef HAVE_FCHMOD

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-shared-key.texi: More documentation on SRP

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/srp/mini-srp.c: Test SRP-RSA and plain SRP.

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp_rsa.c: Corrected SRP-RSA in TLS 1.2

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: break line on long string.

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, cross.mk: small updates

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-psk.c: Corrected PSK client example.

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/srp/Makefile.am: Added missing files.

2012-03-02  Carolin Latze <latze@angry-red-pla.net>

	* doc/cha-internals.texi: supp data doc added Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.0.15

2012-03-02  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Fix index with new 3.0.x symbols.

2012-03-02  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/ocsp.h,
	lib/verify-tofu.c: Doc fixes for GTK-DOC.

2012-03-02  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h: De-inline some dtls
	functions.  Avoids compiler error on gcc 4.4.5 (Debian Squeeze) that complains
	about "call is unlikely and code size would grow".

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, tests/Makefile.am,
	tests/srp/Makefile.am, tests/srp/mini-srp.c, tests/srp/tpasswd,
	tests/srp/tpasswd.conf: Added SRP test.

2012-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp_passwd.c, lib/ext/srp.c, lib/gnutls_errors.c: Fixes
	and memory leak elimination in SRP authentication.

2012-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth/srp.c: Eliminate double free during SRP
	authentication.

2012-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: corrected version replacement in .texi.

2012-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2012-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: avoid regeneration of header files

2012-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkcs11.c: No longer crash on a pkcs11 object without an
	ID.

2012-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-record.c: eliminated memory leaks in new test.

2012-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-record.c: Added test for
	invalid record packet sizes.

2012-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_mbuffers.c, lib/gnutls_record.c: 
	artistic changes.

2012-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mbuffers.c: corrected copying of buffers.

2012-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: corrected check_command() input

2012-02-29  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/fpieee.m4, gl/m4/math_h.m4, gl/math.in.h: 
	Update gnulib files.

2012-02-29  Simon Josefsson <simon@josefsson.org>

	* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/usage-txt.h,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/m4/libopts.m4, src/libopts/makeshell.c,
	src/libopts/proto.h, src/libopts/value-type.h,
	src/libopts/xat-attribute.h: Update to autogen 5.15.

2012-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: changes in packet parsing.

2012-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS, src/common.c: Do not call gnutls_x509_crt_check_hostname()
	if hostname eq NULL. Reported by Matthew Hall.

2012-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_state.c: Updated documentation
	on gnutls_prf()

2012-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: re-updated

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Revert "always link against the distributed libopts" This reverts commit ae3033fee01f058a028406648ebc32294774e282.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: replace @VERSION@ in the program documentation.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: document autogen minimum version

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/cryptodev.c: Updated cryptodev code.  Hash
	reset is being performed in a single ioctl() with update and TLS
	versions (<1.1) that do not have explicit IV are correctly handled.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-dtls-rehandshake.c: added all cases.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev-gcm.c: removed debugging

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c: 
	simplified gcm registration in cryptodev.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: doc updates

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updates

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: If a client hello is received immediately
	after a completed handshake delete the async_timer to rehandshake.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.h, lib/gnutls_handshake.c: When rehandshake is
	requested by server force the cleanup of the previous handshake
	state.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-dtls-rehandshake.c,
	tests/{mini-x509-rehandshake.c => mini-rehandshake.c},
	tests/resume-dtls.c: Added mini-dtls-rehandshake.c to test
	rehandshake in DTLS.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Corrected session resumption for DTLS

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-loss.c: removed redundant test.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_record.c: 
	fixes in DTLS rehandshake and epoch cleanup.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/common.h, src/serv.c, src/udp-serv.c: 
	rehandshake command works in udp mode as well.

2012-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, src/ocsptool-args.def,
	src/p11tool-args.def: properly break lines.

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/cleanup-autogen.pl: updated

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
	src/libopts/alias.c, src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.h, src/libopts/autoopts/options.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/compat/compat.h,
	src/libopts/configfile.c, src/libopts/cook.c,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/m4/libopts.m4, src/libopts/numeric.c,
	src/libopts/proto.h, src/libopts/putshell.c,
	src/libopts/value-type.h, src/libopts/xat-attribute.h: Updated
	libopts.

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: always link against the distributed libopts

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, src/Makefile.am, tests/dtls/Makefile.am: Link to
	correct libraries.

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: updated headers.

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* GNUmakefile, gl/Makefile.am, gl/alloca.in.h, gl/alphasort.c,
	gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c, gl/base64.c,
	gl/base64.h, gl/c-ctype.c, gl/c-ctype.h, gl/errno.in.h,
	gl/float+.h, gl/fseeko.c, gl/gai_strerror.c, gl/getaddrinfo.c,
	gl/getdelim.c, gl/getline.c, gl/getpass.c, gl/getpass.h,
	gl/gettext.h, gl/gettimeofday.c, gl/inet_ntop.c, gl/lseek.c,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/math_h.m4,
	gl/m4/timer_time.m4, gl/malloc.c, gl/math.in.h, gl/memmem.c,
	gl/mempcpy.c, gl/minmax.h, gl/msvc-inval.c, gl/msvc-inval.h,
	gl/msvc-nothrow.c, gl/msvc-nothrow.h, gl/netdb.in.h,
	gl/netinet_in.in.h, gl/printf-args.c, gl/printf-args.h,
	gl/printf-parse.c, gl/printf-parse.h, gl/read-file.c,
	gl/read-file.h, gl/scandir.c, gl/select.c, gl/size_max.h,
	gl/snprintf.c, gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h,
	gl/stddef.in.h, gl/stdint.in.h, gl/stdio.in.h, gl/str-two-way.h,
	gl/strcasecmp.c, gl/strdup.c, gl/string.in.h, gl/strings.in.h,
	gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strverscmp.c,
	gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
	gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
	gl/tests/glthread/lock.c, gl/tests/glthread/lock.h,
	gl/tests/glthread/threadlib.c, gl/tests/malloca.c,
	gl/tests/malloca.h, gl/tests/pathmax.h, gl/tests/pipe.c,
	gl/tests/sys_ioctl.in.h, gl/tests/test-base64.c,
	gl/tests/test-fgetc.c, gl/tests/test-fputc.c,
	gl/tests/test-fread.c, gl/tests/test-fwrite.c,
	gl/tests/test-getdelim.c, gl/tests/test-getline.c,
	gl/tests/test-perror.c, gl/tests/test-perror2.c,
	gl/tests/test-pipe.c, gl/tests/test-strerror.c,
	gl/tests/test-strerror_r.c, gl/tests/test-strverscmp.c,
	gl/time.in.h, gl/time_r.c, gl/unistd.in.h, gl/vasnprintf.c,
	gl/vasnprintf.h, gl/vasprintf.c, gl/vsnprintf.c, gl/wchar.in.h,
	gl/xsize.h, maint.mk: Added timer_time.

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/udp-serv.c: provide accurate value to select

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: make sure that the microseconds field does not
	overflow

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: use valgrind only on development environment.

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated libopts check

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: Link with local libopts if the installed is an
	old one.

2012-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/Makefile.am: Added getfuncs.pl to distribution.

2012-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated NEWS

2012-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
	lib/accelerated/cryptodev.h: compilation fixes.

2012-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/Makefile.am,
	lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
	lib/accelerated/cryptodev.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.h, lib/gnutls_record.c,
	tests/slow/cipher-test.c: Added GCM mode using cryptodev. This is
	mostly a hack due to how GCM mode is exported from kernel.

2012-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkcs11.c: free allocated module name. Reported by Sam
	Varshavchik.

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: updated documentation

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c: added newline at end of file.

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/Makefile.am: account args-std.def in make dist

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: check errno in pull_timeout_func.

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: updates for cryptodev. Require the
	COP_FLAG_RESET.

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/gc.c, tests/pskself.c: added error reporting

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-loss-time.c: properly deinitialize session.

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/cipher-test.c: added (dead) code to test the
	_hmac_fast.

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: Always deinitialize.

2012-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: check _gnutls_auth_cipher_add_auth for error
	codes.

2012-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: added reset

2012-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/sha-padlock.c, lib/crypto-backend.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/nettle/mac.c: hash
	copy no longer needed.

2012-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: initialize memory for siop

2012-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/openpgp/gnutls_openpgp.c: simplified the _datum functions.

2012-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped versions

2012-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: properly deinitialize cryptodev
	resources, and only register ciphers if they are hw accelerated.

2012-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: benchmark-ciphers re-enabled

2012-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: fixes in cryptodev support. Added
	support for digest algorithms.

2012-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: fixes in cryptodev support. Added
	support for digest algorithms.

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/Makefile.am, src/args-std.def,
	src/certtool-args.def, src/cli-args.def, src/cli-debug-args.def,
	src/ocsptool-args.def, src/p11tool-args.def, src/psk-args.def,
	src/serv-args.def, src/srptool-args.def: Optimizations in command
	line argument handling. Patch by Bruce Korb.

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/gnutls_pcert.c: Deinitialize the correct
	number of certificates. Reported by Remi Gacogne.

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-loss-time.c: force kill of child process.

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: update in cryptodev

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: register the .fast function for
	cryptodev

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls, tests/dtls/dtls-nb: Added more tests.

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: Added new dtls-stress.c by Sean

2012-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/m4/libopts.m4: Included libopts is not installed by
	default.

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-loss-time.c: updated description

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: corrected latex output

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: added date

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ecc.c, lib/crypto-api.c, lib/gnutls_alert.c,
	lib/gnutls_cert.c, lib/gnutls_dtls.c, lib/gnutls_global.c,
	lib/gnutls_pcert.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_record.c, lib/gnutls_state.c,
	lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
	lib/system_override.c, lib/verify-tofu.c, lib/x509/common.c,
	lib/x509/crl.c, lib/x509/privkey.c, lib/x509/verify-high.c,
	lib/x509/x509.c: Since: 3.0.0 -> Since 3.0 to reflect that it might
	be on a later version than 3.0.0.

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: Added new functions

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-tdb.c: verify that the correct error code is returned

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: do not stick parameters to the next word.

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: return the documented error code

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: copy gnutls.epub to webdir

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: gaa is no longer needed

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Set the handshake type when calling
	record_add_to_buffers().

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: do not try to verify certificates when not needed.

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in: properly report unexpected EOF.

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls-stress.c: increase the total timeout in the tests
	since they seem to exceed the default DTLS maximum timeout.

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: Do not update twice the DTLS retransmission
	timer on finished messages. Report and patch by Sean Buckheister.

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: Cleanups in DTLS timers usage.

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-tofu.c: corrected memory leak

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, doc/cha-cert-auth.texi,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/verify-tofu.c, tests/Makefile.am, tests/mini-deflate.c,
	tests/mini-tdb.c: The public key storage backend was made
	extendable.  Added self test for the pubkey  trust default backend.

2012-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dn.c, tests/dn2.c: corrected var names

2012-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool-args.def: updated doc

2012-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: Added missing functions.

2012-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: corrected typo

2012-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_dtls.c,
	lib/includes/gnutls/dtls.h, lib/libgnutls.map: Added
	gnutls_dtls_get_timeout()

2012-02-15  Giuseppe Scrivano <giuseppe@southpole.se>

	* doc/examples/ex-cert-select.c: Fix file leak in an example
	application.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls, tests/dtls/dtls-nb: Added more tests.

2012-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, lib/includes/gnutls/gnutls.h.in,
	lib/verify-tofu.c: Modified the trust_db API to avoid dependendance
	on a structure.

2012-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Prevent any handshake packet except client
	hello to trigger a rehandshake error. Patch by Sean Buckheister.

2012-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-internals.texi: doc updates

2012-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/verify-tofu.c: make the default storage
	backend thread safe.

2012-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls, tests/dtls/dtls-nb: added more test cases

2012-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: Corrected DTLS retransmission in non-blocking
	mode. Based on patch by Sean Buckheister.

2012-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, lib/Makefile.am,
	lib/includes/gnutls/gnutls.h.in, lib/{verify-ssh.c =>
	verify-tofu.c}: The hash in gnutls_store_commitment() is specified
	in raw format.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-intro-tls.texi: doc updates

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog.1: removed unneeded file.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/alert-printlist.c, doc/common.c,
	doc/common.h, doc/errcodes.c, doc/printlist.c: break long strings.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/libgnutls.map: documented added function

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/Makefile.am, tests/dtls/dtls, tests/dtls/dtls-nb,
	tests/dtls/dtls-stress.c: Added tests for non-blocking DTLS

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-cert-auth.texi, doc/latex/gnutls.bib,
	lib/includes/gnutls/gnutls.h.in, lib/verify-ssh.c: Added ability to
	store commitments (hashes) of public keys.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: Avoid generation of invoke-* in platforms other
	than the development

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls: more tests

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/Makefile.am, doc/scripts/cleanup-autogen.pl: added
	cleanup-autogen.pl

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c: reset sliding window size on new epochs

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dtls/dtls, tests/dtls/dtls-stress.c: added more tests and
	updated to compile with gnutls' options

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/dtls/Makefile.am,
	tests/dtls/dtls, tests/dtls/dtls-stress.c: Added DTLS-stress test.
	Contributed by Sean Buckheister.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/Makefile.am, doc/epub.texi: Added rules to build
	epub version.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c: discard unexpected
	buffered changecipherspec

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_state.c: simplified sliding window.
	Now a different window is kept per epoch.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: documentation update

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/gnutls.texi, doc/scripts/cleanup-autogen.pl: 
	updated documentation for included programs.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
	lib/gnutls_record.c: handle GNUTLS_E_INTERRUPTED when in DTLS mode.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-id/key-id: added a valid template

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c: Do not
	treat any message from the peer as an indication that the last
	flight was correctly received.  Verify instead that the received
	handshake message has an expected sequence number.

2012-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: changecipherspec is correctly added into
	buffers.

2012-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/libopts/m4/libopts.m4: use NEED_LIBOPTS_DIR=true
	instead of modifying libopts.m4

2012-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h: update and reset timers on
	final flight and print timeout value in debugging mode.

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-loss-time.c, tests/mini-loss.c: tests with fork are
	disabled in windows

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h,
	lib/gnutls_state.c: use subsecond granularity for DTLS packet
	retransmissions.

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/mini-loss-time.c: added test to check
	whether the DTLS timeout is within a reasonable time.

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: Added more tests to
	check whether various TLS versions need to be disabled.

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: be more silent

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: do not generate .texi on make dist.

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: cross building updates

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: updated

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/m4/libopts.m4, src/libopts/makeshell.c: corrections

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
	src/libopts/Makefile.am, src/libopts/README,
	src/libopts/ag-char-map.h, src/libopts/alias.c,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.c, src/libopts/autoopts.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/usage-txt.h,
	src/libopts/boolean.c, src/libopts/check.c,
	src/libopts/compat/compat.h, src/libopts/compat/windows-config.h,
	src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c,
	src/libopts/env.c, src/libopts/file.c, src/libopts/find.c,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/libopts.c, src/libopts/load.c,
	src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
	src/libopts/makeshell.c, src/libopts/nested.c,
	src/libopts/numeric.c, src/libopts/parse-duration.c,
	src/libopts/parse-duration.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
	src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
	src/libopts/stack.c, src/libopts/streqvcmp.c,
	src/libopts/text_mmap.c, src/libopts/time.c,
	src/libopts/tokenize.c, src/libopts/usage.c,
	src/libopts/value-type.h, src/libopts/version.c,
	src/libopts/xat-attribute.h: updated libopts

2012-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: corrected move of files

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: escaped brackets

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: depend on p11-kit 0.11

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: disabled dead code when PKCS11 is not there

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: depend on p11-kit 0.11

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, lib/includes/gnutls/gnutls.h.in,
	lib/verify-ssh.c: updated documentation for back-end.

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex: index after bibliography

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/latex/.gitignore: more files to ignore

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/alert-printlist.c, doc/errcodes.c, doc/printlist.c: avoid
	headers in tables

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: documentation update

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/verify-ssh.c: documentation update

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/latex/Makefile.am, doc/scripts/gdoc,
	doc/scripts/mytexi2latex: updated doc generation

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/p11tool-args.def, src/srptool-args.def: 
	doc fixes

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated NEWS

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am: added missing files

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: resolve port only when needed to.

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated makefile

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: fix in non-blocking case.

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: small correction

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/Makefile.am: corrected subdirs for libopts

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/extensions.c, lib/x509/mpi.c,
	lib/x509/output.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_write.c, src/cli.c, src/dh.c,
	src/serv.c: ENABLE_PKI is no more

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4, src/Makefile.am: fix

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, src/Makefile.am, src/socket.c: fix
	compilation

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: fixed leak

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: cleanup enable/disable options stuff.

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/libopts/compat/compat.h, src/libopts/cook.c,
	src/libopts/makeshell.c, src/libopts/text_mmap.c: fixes to allow
	libopts to compile in windows

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: corrected typo

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-verify-ssh.c,
	lib/includes/gnutls/gnutls.h.in, lib/verify-ssh.c,
	src/cli-args.def, src/cli.c: gnutls_verify_stored_pubkey() and
	gnutls_store_pubkey() allow for alternative storage back-end.

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/socket.c, src/socket.h: use getservbyport() to
	obtain the service name.

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4: added servent

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-verify-ssh.c, src/cli.c: use updated api

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: updated for new eagain-common.h

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-gtls-examples.texi,
	doc/examples/ex-verify-ssh.c, lib/includes/gnutls/gnutls.h.in,
	lib/verify-ssh.c: Removed the application field and added an
	expiration field.

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509.c: updated example

2012-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_record.c: More robust behavior
	against packet loss

2012-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c, lib/system.h: removed unneeded function.

2012-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-srp.c: updated example

2012-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: updated

2012-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: prevent sending EOF to caller.

2012-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
	tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c: 
	print client/server when in debugging

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, tests/mini-loss.c: Added Sean.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/eagain-common.h, tests/mini-deflate.c,
	tests/mini-eagain-dtls.c, tests/mini-eagain.c,
	tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c: 
	tests print server or client side in debugging output.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c: 
	gnutls_record_check_pending() accounts data not yet processed.  DTLS
	layer avoids multiple retransmissions in non-blocking mode.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: avoid many allocations for transmitting DTLS
	packets.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/loss-common.h, tests/mini-loss.c,
	tests/mini-loss2.c: mini-loss2 is more robust.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
	lib/gnutls_record.c: DTLS is more tolerant in packet loss during
	last flight.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/mini-loss2.c: Added test
	program mini-loss2.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-anon.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-dtls.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv-x509.c: updated examples

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: enable crywrap only if function daemon exists.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h: Be
	conservative when sending GNUTLS_E_AGAIN and check for a DTLS
	timeout before.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, gl/Makefile.am, gl/argp-help.c, gl/argp-parse.c,
	gl/argp.h, gl/base64.c, gl/fseeko.c, gl/fseterr.c,
	gl/gettimeofday.c, gl/m4/exponentd.m4, gl/m4/gettimeofday.m4,
	gl/m4/gnulib-cache.m4, gl/m4/po.m4, gl/m4/stdalign.m4,
	gl/m4/sys_time_h.m4, gl/m4/vasnprintf.m4, gl/select.c, gl/sleep.c,
	gl/stdio-impl.h, gl/stdio.in.h, gl/sys_select.in.h,
	gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/tests/init.sh, gl/tests/ioctl.c, gl/tests/test-base64.c,
	gl/tests/test-init.sh, gl/tests/test-strerror.c,
	gl/tests/test-sys_select.c, gl/tests/test-sys_time.c,
	gl/tests/w32sock.h, gl/vasnprintf.c, gl/version-etc.h,
	gl/w32sock.h, maint.mk: added strndup and updated gnulib.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, tests/Makefile.am, tests/loss-common.h,
	tests/mini-loss.c: Added test to simulate loss of packets in DTLS.

2012-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
	lib/gnutls_record.c: DTLS fixes.  Corrected bugs in DTLS sliding
	window code to account for lost packets arriving after an epoch
	change. The last handshake flight is now being kept by both parties
	in order to be used as a lost packet indication.

2012-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Discard unexpected handshake or other packets
	in DTLS

2012-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: initial_negotiation_completed type changed to
	unsigned

2012-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am: Included missing file in windows
	builds.

2012-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: Corrected check for the callback for
	gnutls_certificate_set_retrieve_function(). Reported by Dan Winship.

2012-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: updated documentation for
	gnutls_certificate_set_retrieve_function2.

2012-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h: include
	gnutls_certificate_set_retrieve_function2() to documentation.
	Reported by Dan Winship.

2012-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
	lib/gnutls_int.h, lib/gnutls_state.c: Corrected DTLS retransmission
	timeouts. Added the _ms suffix to the time variables in
	milliseconds. Report and patch by Sean Buckheister.

2012-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: updated information in manpages.

2012-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: updated manpages

2012-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected added function

2012-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: text update

2012-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, lib/gnutls_pubkey.c: Updated
	documentation for gnutls_pubkey.

2012-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, doc/Makefile.am, doc/manpages/Makefile.am: replacing
	the version is not enough. Regenerate all files depending on .dep on
	dist-hook.

2012-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, configure.ac, src/{certtool-args.def.in
	=> certtool-args.def}, src/{cli-args.def.in => cli-args.def},
	src/{cli-debug-args.def.in => cli-debug-args.def},
	src/{ocsptool-args.def.in => ocsptool-args.def},
	src/{p11tool-args.def.in => p11tool-args.def}, src/{psk-args.def.in
	=> psk-args.def}, src/{serv-args.def.in => serv-args.def},
	src/{srptool-args.def.in => srptool-args.def}: No need for .def.in
	files.  The @VERSION@ is now being replaced on dist-hook.  Also
	corrected the dist-hook for ChangeLog.

2012-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: updates

2012-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: make configure detect valgrind.  This is by creating
	the suppressions.valgrind file.

2012-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: use gnulib's base64 code

2012-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/funny-spacing.pem,
	tests/cert-tests/pem-decoding: Added test to ensure we can decode
	PEM encoded certificates with carriage returns, spaces and tabs.

2012-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: use gnulib's base64 encoding/decoding code

2012-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-certs/testcerts: silence test

2012-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: align crc32 table

2012-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: __MINGW32__ -> _WIN32

2012-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c, lib/opencdk/main.h: removed dummy function

2012-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/write-packet.c: corrected spacing

2012-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/write-packet.c: Correct export of openpgp packets that
	have no private keying material in it's primary key.  Patch by Sean
	Buckheister.

2012-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c, src/common.h: added
	print_cert_info_compact().

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool-common.c: send_ocsp_request is more tolerant on
	errors.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated doc

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/m4/valgrind-tests.m4: valgrind with suppressions.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: until autogen supports subheading tag
	live with a workaround.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def.in, src/psk-args.def.in: updated manpages

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: autogen required for building.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: Revert "autogen failure is not fatal." This reverts commit 175e021fd8d0c195690b2d8806bd3a07e84415ce.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: autogen failure is not fatal.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/override/m4/valgrind-tests.m4.diff: Added --leak-check=full to
	valgrind options.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ocsp.c: updated for new gnutls_ocsp_resp_verify_direct
	semantics.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/.gitignore: more files to ignore

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.h, lib/includes/gnutls/ocsp.h,
	lib/openpgp/openpgp_int.h, lib/x509/ocsp.c, lib/x509/ocsp_output.c: 
	small fixes

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.h, lib/includes/gnutls/ocsp.h, lib/libgnutls.map,
	lib/openpgp/openpgp_int.h, lib/x509/ocsp.c, lib/x509/ocsp_output.c: 
	Revert "Added gnutls_ocsp_resp_verify() and some sign fixes." This reverts commit efaa2ee176568fcd009ff2ca9daa1b7fdac4c491.  Conflicts:         lib/x509/ocsp.c

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/m4/valgrind-tests.m4, gl/override/m4/valgrind-tests.m4.diff: 
	Revert "Enable valgrind again." This commit disabled the
	suppressions which is required for tests to succeed.  This reverts commit 82498bad27645c47222fa932a7caa2e95747980a.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/ocsptool-args.def.in: updated text

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool.c: removed debugging code

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp.c: gnutls_ocsp_resp_verify_direct() will use the
	intermediate certificates in the response in order to verify the
	validity, thus aligning its functionality with
	gnutls_ocsp_resp_verify().

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c, src/common.h, src/ocsptool-common.c,
	src/ocsptool-common.h, src/ocsptool.c, src/serv.c, src/tests.c: 
	cleanup a bit the printing information stuff.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: corrected dependencies

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
	doc/cha-programs.texi, doc/cha-shared-key.texi,
	src/certtool-args.def.in, src/cli-args.def.in,
	src/cli-debug-args.def.in, src/ocsptool-args.def.in,
	src/p11tool-args.def.in, src/psk-args.def.in, src/serv-args.def.in,
	src/srptool-args.def.in: Manual pages for included programs are
	auto-generated using the autoopts definitions.

2012-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: corrected dependencies

2012-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli-args.def.in, src/cli.c, src/common.c,
	src/common.h, src/ocsptool-common.c, src/ocsptool-common.h,
	src/ocsptool.c, src/serv.c: gnutls-cli will try to verify ocsp
	responses if --ocsp is given.

2012-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.h, lib/includes/gnutls/ocsp.h, lib/libgnutls.map,
	lib/openpgp/openpgp_int.h, lib/x509/ocsp.c, lib/x509/ocsp_output.c: 
	Added gnutls_ocsp_resp_verify() and some sign fixes.

2012-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated todo

2012-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated text.

2012-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-verify-ssh.c, src/cli.c: Do not store a key when
	it already exists.

2012-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/cli-args.def.in, src/cli.c: ssh flag is has the option
	to be disabled/enabled.

2012-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, doc/cha-cert-auth.texi,
	doc/cha-gtls-examples.texi, doc/examples/Makefile.am,
	doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-x509.c, doc/examples/ex-serv-dtls.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv-x509.c, doc/examples/ex-verify-ssh.c,
	doc/examples/examples.h, lib/Makefile.am,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/openpgp/output.c, lib/system.c, lib/system.h, lib/verify-ssh.c,
	lib/x509/output.c, src/cli-args.def.in, src/cli.c, src/common.c,
	src/common.h, src/tests.c: Added gnutls_verify_stored_pubkey() and
	gnutls_store_pubkey().  This enables using ssh-like authentication
	for TLS sessions.

2012-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool.c: allow the usage of --load-trust with --ask

2012-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/strtok_r.m4, gl/strtok_r.c: Added strtok_r.

2012-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/base64.c, gl/base64.h, gl/m4/base64.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/stdalign.m4,
	gl/tests/Makefile.am, gl/tests/malloca.c, gl/tests/test-base64.c: 
	added base64 module

2012-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: added fixme

2012-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/ocsptool-args.def.in: updated description

2012-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-examples.texi, doc/examples/Makefile.am,
	doc/examples/ex-ocsp-client.c, doc/examples/ex-ocsp-verify.c: 
	Combined ocsp apps to 1 using libcurl.

2012-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/ocsp.h, lib/x509/ocsp_output.c,
	src/Makefile.am, src/cli.c, src/common.c, src/common.h,
	src/ocsptool-args.def.in, src/ocsptool.c, src/serv.c, src/socket.c,
	src/socket.h, src/tls_test.c: Added --ask option to ocsptool.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, src/Makefile.am: Fix builddir != srcdir
	builds.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* lib/extras/randomart.c: Revert template fix.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* tests/infoaccess.c, tests/mpi.c, tests/openpgp-auth.c,
	tests/openpgp-auth2.c, tests/openssl.c, tests/pkcs12_encode.c,
	tests/rng-fork.c: Fix mem leaks.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* gl/m4/valgrind-tests.m4, gl/override/m4/valgrind-tests.m4.diff: 
	Enable valgrind again.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* lib/abstract_int.h, lib/crypto-api.c, lib/crypto-backend.c,
	lib/crypto.h, lib/debug.c, lib/ext/max_record.c,
	lib/ext/max_record.h, lib/ext/safe_renegotiation.c,
	lib/ext/server_name.c, lib/ext/server_name.h,
	lib/ext/session_ticket.c, lib/ext/signature.c, lib/ext/signature.h,
	lib/ext/srp.c, lib/ext/srp.h, lib/gnutls.pc.in, lib/gnutls_alert.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
	lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
	lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_ecc.h,
	lib/gnutls_errors.c, lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_hash_int.c, lib/gnutls_helper.c, lib/gnutls_helper.h,
	lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_mpi.c,
	lib/gnutls_num.c, lib/gnutls_priority.c, lib/gnutls_psk.c,
	lib/gnutls_rsa_export.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
	lib/gnutls_supplemental.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/gnutlsxx.cpp, lib/hash.h, lib/locks.h, lib/nettle/cipher.c,
	lib/nettle/ecc.h, lib/nettle/egd.c, lib/nettle/egd.h,
	lib/nettle/init.c, lib/nettle/mac.c, lib/nettle/mpi.c,
	lib/nettle/pk.c, lib/nettle/rnd.c, lib/opencdk/armor.c,
	lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
	lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
	lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/stream.h, lib/opencdk/types.h,
	lib/opencdk/write-packet.c, lib/openpgp/compat.c,
	lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.h,
	lib/openpgp/openpgp_int.h, lib/openpgp/output.c,
	lib/openpgp/pgpverify.c, lib/pkcs11_int.h, lib/random.c,
	lib/system.c, lib/system.h, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/mpi.c,
	lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
	lib/x509/x509_write.c, src/benchmark.h, src/certtool-cfg.h,
	src/certtool-common.h, src/common.h, src/p11common.h,
	src/p11tool.h, src/pkcs11.c, src/serv.c, src/tests.h,
	src/udp-serv.h, tests/anonself.c, tests/certder.c,
	tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
	tests/chainverify.c, tests/crq_apis.c, tests/cve-2008-4989.c,
	tests/cve-2009-1415.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
	tests/gc.c, tests/hostname-check.c, tests/init_roundtrip.c,
	tests/mini-deflate.c, tests/mini-eagain-dtls.c,
	tests/mini-eagain.c, tests/mini-x509-rehandshake.c,
	tests/mini-x509.c, tests/mini.c, tests/moredn.c, tests/mpi.c,
	tests/nul-in-x509-names.c, tests/openpgp-keyring.c,
	tests/openpgpself.c, tests/openssl.c, tests/parse_ca.c,
	tests/pgps2kgnu.c, tests/pkcs12_encode.c, tests/pkcs12_s2k.c,
	tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
	tests/rng-fork.c, tests/set_pkcs12_cred.c, tests/setcredcrash.c,
	tests/simple.c, tests/utils.h, tests/x509_altname.c,
	tests/x509_test.c, tests/x509dn.c, tests/x509self.c: Cleanup
	copyright headers.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, lib/extras/randomart.c: Silence update-copyright.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, doc/cha-programs.texi, src/cli-args.def.in: Fix
	syntax-check nits.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Add ChangeLog.  Sort.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath, build-aux/pmccabe.css, gl/Makefile.am,
	gl/argp-pin.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/thread.m4, gl/m4/yield.m4, gl/stdint.in.h,
	gl/tests/Makefile.am, gl/tests/glthread/thread.c,
	gl/tests/glthread/thread.h, gl/tests/glthread/yield.h,
	gl/tests/test-accept.c, gl/tests/test-bind.c,
	gl/tests/test-connect.c, gl/tests/test-getpeername.c,
	gl/tests/test-isnand-nolibm.c, gl/tests/test-listen.c,
	gl/tests/test-lock.c, gl/tests/test-recv.c,
	gl/tests/test-recvfrom.c, gl/tests/test-send.c,
	gl/tests/test-sendto.c, gl/tests/test-setsockopt.c,
	gl/tests/test-shutdown.c, gl/tests/test-thread_create.c,
	gl/tests/test-thread_self.c, maint.mk: Update gnulib files.  Drop
	slow test-lock check.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Silence autoreconf with a dummy ChangeLog file.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* ChangeLog, ChangeLog.1: Don't store generated ChangeLog in git.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* tests/cert-tests/template-test, tests/pkcs1-padding/pkcs1-pad: Fix
	datefudge checks, for when datefudge is missing.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Only rebuild autogen sources if the real input
	file is modified.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/manpages/Makefile.am,
	tests/cert-tests/Makefile.am: Fix distcheck.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-padding/pkcs1-pad, tests/suite/testcompat: Fix
	datefudge checks.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2012-01-25  Simon Josefsson <simon@josefsson.org>

	* tests/cert-tests/template-test: Improve datefudge check.  Fix
	builddir != srcdir.

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented update

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: corrected prototypes.

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/libopts/m4/libopts.m4: generate libopts makefile outside the
	conditional.

2012-01-24  Patrick Pelletier <code@funwithsoftware.org>

	* doc/cha-internals.texi, extra/includes/gnutls/openssl.h,
	lib/accelerated/x86/hmac-padlock.c, lib/crypto-backend.h,
	lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/cipher.c, lib/nettle/init.c, lib/nettle/mac.c: Fix up
	some typos and obsolete comments Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-programs.texi, lib/gnutls_priority.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/common.c: 
	Added functions to allow quering a priority structure.  That is to
	allow more information being extracted than only the ciphersuites.  gnutls_priority_certificate_type_list: Added
	gnutls_priority_sign_list: Added gnutls_priority_protocol_list:
	Added gnutls_priority_compression_list: Added
	gnutls_priority_ecc_curve_list: Added

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/printlist.c, lib/algorithms/ecc.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/common.c: 
	Allow quering available elliptic curves by adding
	gnutls_ecc_curve_list().

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: updated

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-id/key-id: it seems libopts does not want completely
	empty templates.

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: correct typo

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c: Do not print the same things twice.

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: libcfg is no longer required.

2012-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: updated
	interoperability and priority strings sections.

2012-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Added more text on interoperability

2012-01-24  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, src/Makefile.am: Fix make dist.

2012-01-24  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.ac, libopts/Makefile.am, src/Makefile.am,
	src/cli-gaa.c, src/cli-gaa.h, {libopts =>
	src/libopts}/COPYING.gplv3, {libopts =>
	src/libopts}/COPYING.lgplv3, {libopts => src/libopts}/COPYING.mbsd,
	{libopts => src/libopts}/MakeDefs.inc, src/libopts/Makefile.am,
	{libopts => src/libopts}/README, {libopts =>
	src/libopts}/ag-char-map.h, {libopts => src/libopts}/autoopts.c,
	{libopts => src/libopts}/autoopts.h, {libopts =>
	src/libopts}/autoopts/options.h, {libopts =>
	src/libopts}/autoopts/project.h, {libopts =>
	src/libopts}/autoopts/usage-txt.h, {libopts =>
	src/libopts}/boolean.c, {libopts => src/libopts}/check.c, {libopts
	=> src/libopts}/compat/compat.h, {libopts =>
	src/libopts}/compat/pathfind.c, {libopts =>
	src/libopts}/compat/snprintf.c, {libopts =>
	src/libopts}/compat/strchr.c, {libopts =>
	src/libopts}/compat/strdup.c, {libopts =>
	src/libopts}/compat/windows-config.h, {libopts =>
	src/libopts}/configfile.c, {libopts => src/libopts}/cook.c,
	{libopts => src/libopts}/enum.c, {libopts => src/libopts}/env.c,
	{libopts => src/libopts}/file.c, {libopts => src/libopts}/find.c,
	{libopts => src/libopts}/genshell.c, {libopts =>
	src/libopts}/genshell.h, {libopts => src/libopts}/libopts.c,
	{libopts => src/libopts}/load.c, {m4 => src/libopts/m4}/libopts.m4,
	{m4 => src/libopts/m4}/liboptschk.m4, {libopts =>
	src/libopts}/makeshell.c, {libopts => src/libopts}/nested.c,
	{libopts => src/libopts}/numeric.c, {libopts =>
	src/libopts}/parse-duration.c, {libopts =>
	src/libopts}/parse-duration.h, {libopts => src/libopts}/pgusage.c,
	{libopts => src/libopts}/proto.h, {libopts =>
	src/libopts}/putshell.c, {libopts => src/libopts}/reset.c, {libopts
	=> src/libopts}/restore.c, {libopts => src/libopts}/save.c,
	{libopts => src/libopts}/sort.c, {libopts => src/libopts}/stack.c,
	{libopts => src/libopts}/streqvcmp.c, {libopts =>
	src/libopts}/text_mmap.c, {libopts => src/libopts}/time.c, {libopts
	=> src/libopts}/tokenize.c, {libopts => src/libopts}/usage.c,
	{libopts => src/libopts}/value-type.c, {libopts =>
	src/libopts}/value-type.h, {libopts => src/libopts}/version.c,
	{libopts => src/libopts}/xat-attribute.c, {libopts =>
	src/libopts}/xat-attribute.h, src/srptool-gaa.c, src/srptool-gaa.h: 
	Move libopts/ to src/libopts/.  Drop gaa remains.

2012-01-24  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, lib/x509/crl.c: Doc fixes.

2012-01-24  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Drop src/cfg/ stuff.

2012-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/psk-args.def.in: corrected typo

2012-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, doc/manpages/Makefile.am,
	src/Makefile.am, src/ocsptool-args.def.in, src/ocsptool.c,
	src/ocsptool.gaa: ocsptool uses libopts

2012-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def.in, src/p11tool.c: updated inder and inraw
	commands.

2012-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def.in, src/cli-args.def.in,
	src/cli-debug-args.def.in, src/p11tool-args.def.in,
	src/psk-args.def.in, src/serv-args.def.in, src/srptool-args.def.in: 
	the short version of --help is -h.

2012-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth2.texi, lib/includes/gnutls/pkcs11.h,
	lib/libgnutls.map, lib/pkcs11.c: Added gnutls_pkcs11_reinit().

2012-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: corrected token parsing.

2012-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: READ_MULTI_LINE_TOKENIZED was corrected to
	account the whole string.

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_priority.c: Updated SUITEB requirements according
	to rfc6460.

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, src/Makefile.am, src/certtool-cfg.c,
	src/cfg/Makefile.am, src/cfg/README, src/cfg/cfg+.c,
	src/cfg/cfg+.h, src/cfg/cfgfile.c, src/cfg/cfgfile.h,
	src/cfg/cmdline.c, src/cfg/cmdline.h, src/cfg/parse.c,
	src/cfg/platon/Makefile.am, src/cfg/platon/str/Makefile.am,
	src/cfg/platon/str/dynfgets.c, src/cfg/platon/str/dynfgets.h,
	src/cfg/platon/str/strctype.c, src/cfg/platon/str/strctype.h,
	src/cfg/platon/str/strdyn.c, src/cfg/platon/str/strdyn.h,
	src/cfg/platon/str/strplus.c, src/cfg/platon/str/strplus.h,
	src/cfg/props.c, src/cfg/shared.c, src/cfg/shared.h,
	tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
	tests/cert-tests/template-test.key,
	tests/cert-tests/template-test.pem,
	tests/cert-tests/template-test.tmpl: Certtool completely relies on
	libopts. As a side-effect the syntax of dn_oid and key_purpose_oids
	has changed.

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: check for --inraw  and --outraw.

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/certtool.1: removed certtool.1.

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool.c, src/p11tool.h: No need for action enumerations.

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/manpages/Makefile.am, src/Makefile.am,
	src/certtool-args.def.in, src/certtool-common.h,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa, src/p11tool-args.def.in: certtool uses libopts for
	command line parsing.

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: enums.texi is not run multiple times. Suggested
	by Eli Zaretskii.

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli-args.def.in, src/cli-debug-args.def.in,
	src/p11tool-args.def.in, src/psk-args.def.in, src/serv-args.def.in,
	src/srptool-args.def.in: updated docs

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def.in, src/p11tool.c: p11tool parses arguments
	are before (with gaa).

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli-args.def.in, src/cli-debug-args.def.in,
	src/cli.c, src/p11tool-args.def.in, src/p11tool.c,
	src/psk-args.def.in, src/serv-args.def.in, src/serv.c,
	src/srptool-args.def.in: corrected command line parsing issues.

2012-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c, lib/x509/x509.c: Added Since

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: disable parallel builds.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: Do not allow space between section name and ':'.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.bib, doc/latex/gnutls.tex: updated bibliography
	and changed style.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa: removed old
	files.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls-guile.texi: removed references to IA

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-args.def.in, src/p11tool.c: updated p11tool def.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, doc/manpages/Makefile.am,
	doc/manpages/p11tool.1, src/Makefile.am, src/cli-args.def.in,
	src/cli-debug-args.def.in, src/p11tool-args.def.in, src/p11tool.c,
	src/psk-args.def.in, src/serv-args.def.in, src/srptool-args.def.in: 
	p11tool uses libopts

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def.in, src/serv-args.def.in: keyfile and certfile
	types were changed to string, to allow for PKCS #11 urls

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/fdl-1.3.texi: replaced smallexample
	with example.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, src/cli-args.c, src/cli-args.h, src/cli-debug-args.c,
	src/cli-debug-args.h, src/psk-args.c, src/psk-args.h,
	src/serv-args.c, src/serv-args.h, src/srptool-args.c,
	src/srptool-args.h: Removed all auto-generated files.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c, tests/cert-tests/aki-cert.pem: corrected AKI
	test.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected typo

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, README-alpha, doc/manpages/gnutls-cli-debug.1,
	doc/manpages/gnutls-serv.1, doc/manpages/psktool.1,
	doc/manpages/srptool.1: Do not store auto-generated manpages to git.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/ca-no-pathlen.pem,
	tests/cert-tests/no-ca-or-pathlen.pem: uploaded for new legacy sec
	level

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/manpages/gnutls-cli-debug.1,
	doc/manpages/gnutls-serv.1, doc/manpages/psktool.1,
	doc/manpages/srptool.1, src/cli-args.c, src/cli-args.h,
	src/cli-debug-args.c, src/cli-debug-args.h, src/psk-args.c,
	src/psk-args.h, src/serv-args.c, src/serv-args.h,
	src/srptool-args.c, src/srptool-args.h: Added missing files.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, lib/gnutls_errors.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
	lib/x509/crl.c, lib/x509/output.c, lib/x509/x509.c,
	tests/Makefile.am, tests/{pathlen => cert-tests}/Makefile.am,
	tests/cert-tests/aki, tests/cert-tests/aki-cert.pem, tests/{pathlen
	=> cert-tests}/ca-no-pathlen.pem, tests/{pathlen =>
	cert-tests}/no-ca-or-pathlen.pem, tests/{pathlen =>
	cert-tests}/pathlen: Added functions to parse authority key
	identifiers when stored as a 'general name' and serial combo.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: Corrected bug in _gnutls_parse_aia()

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.c, src/cli-args.def.in, src/cli-args.h,
	src/serv-args.c, src/serv-args.def.in, src/serv-args.h, src/serv.c,
	src/srptool-args.c, src/srptool-args.def.in, src/srptool-args.h: 
	updated parameter parsing.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-gaa.c, src/serv-gaa.h, src/serv.gaa: removed serv gaa
	files

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/gnutls-cli-debug.1, doc/manpages/psktool.1,
	doc/manpages/srptool.1, src/cli-args.c, src/cli-args.h,
	src/srptool-args.c, src/srptool-args.h: updates.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, doc/manpages/Makefile.am,
	doc/manpages/gnutls-serv.1, src/Makefile.am, src/serv-args.c,
	src/serv-args.def.in, src/serv-args.h, src/serv.c: gnutls-serv uses
	libopts.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-ocsp-client.c, doc/examples/ex-ocsp-verify.c,
	lib/x509/ocsp.c, lib/x509/ocsp_output.c, src/ocsptool.c: sign fixes.

2012-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/gnutls.h.in: Documented updates.

2012-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/algorithms/secparams.c,
	lib/includes/gnutls/gnutls.h.in, tests/slow/keygen.c: Added new
	security level "legacy" for 96-bit security.

2012-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, doc/manpages/Makefile.am,
	doc/manpages/gnutls-cli-debug.1, doc/manpages/psktool.1,
	doc/manpages/srptool.1, src/Makefile.am, src/cli-args.c,
	src/cli-args.h, src/psk-args.def.in, src/psk-gaa.c, src/psk-gaa.h,
	src/psk.c, src/psk.gaa, src/srptool-args.c, src/srptool-args.h: 
	psktool also uses libopt.

2012-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, configure.ac, doc/manpages/Makefile.am,
	doc/manpages/gnutls-cli.1, doc/manpages/srptool.1,
	libopts/COPYING.gplv3, libopts/COPYING.lgplv3,
	libopts/COPYING.mbsd, libopts/MakeDefs.inc, libopts/Makefile.am,
	libopts/README, libopts/ag-char-map.h, libopts/autoopts.c,
	libopts/autoopts.h, libopts/autoopts/options.h,
	libopts/autoopts/project.h, libopts/autoopts/usage-txt.h,
	libopts/boolean.c, libopts/check.c, libopts/compat/compat.h,
	libopts/compat/pathfind.c, libopts/compat/snprintf.c,
	libopts/compat/strchr.c, libopts/compat/strdup.c,
	libopts/compat/windows-config.h, libopts/configfile.c,
	libopts/cook.c, libopts/enum.c, libopts/env.c, libopts/file.c,
	libopts/find.c, libopts/genshell.c, libopts/genshell.h,
	libopts/libopts.c, libopts/load.c, libopts/makeshell.c,
	libopts/nested.c, libopts/numeric.c, libopts/parse-duration.c,
	libopts/parse-duration.h, libopts/pgusage.c, libopts/proto.h,
	libopts/putshell.c, libopts/reset.c, libopts/restore.c,
	libopts/save.c, libopts/sort.c, libopts/stack.c,
	libopts/streqvcmp.c, libopts/text_mmap.c, libopts/time.c,
	libopts/tokenize.c, libopts/usage.c, libopts/value-type.c,
	libopts/value-type.h, libopts/version.c, libopts/xat-attribute.c,
	libopts/xat-attribute.h, m4/libopts.m4, m4/liboptschk.m4,
	src/Makefile.am, src/cli-args.c, src/cli-args.def.in,
	src/cli-args.h, src/cli-debug-args.def.in, src/cli.c, src/cli.gaa,
	src/common.h, src/srptool-args.c, src/srptool-args.def.in,
	src/srptool-args.h, src/srptool.c, src/srptool.gaa,
	src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.c,
	src/tls_test.gaa: gnutls-cli, gnutls-cli-debug and srptool use
	libopts.

2012-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: If peer doesn't send any issuers and we have a
	single certificate then send that one.

2012-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/examples/ex-client-psk.c,
	doc/examples/ex-pkcs11-list.c, doc/examples/ex-pkcs12.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv-x509.c, doc/examples/tcp.c,
	lib/abstract_int.h, lib/accelerated/cryptodev.c, lib/algorithms.h,
	lib/algorithms/ciphersuites.c, lib/algorithms/secparams.c,
	lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/cert.c,
	lib/auth/cert.h, lib/auth/dh_common.c, lib/auth/dh_common.h,
	lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/ecdh_common.c,
	lib/auth/ecdh_common.h, lib/auth/psk.c, lib/auth/psk_passwd.c,
	lib/auth/rsa.c, lib/auth/rsa_export.c, lib/auth/srp.c,
	lib/auth/srp.h, lib/auth/srp_passwd.c, lib/auth/srp_passwd.h,
	lib/auth/srp_rsa.c, lib/auth/srp_sb64.c, lib/ext/cert_type.c,
	lib/ext/ecc.c, lib/ext/ecc.h, lib/ext/max_record.c,
	lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
	lib/ext/server_name.h, lib/ext/session_ticket.c,
	lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
	lib/extras/randomart.c, lib/gnutls_auth.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_constate.c, lib/gnutls_datum.c,
	lib/gnutls_datum.h, lib/gnutls_dh_primes.c, lib/gnutls_dtls.c,
	lib/gnutls_ecc.c, lib/gnutls_ecc.h, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_mbuffers.c, lib/gnutls_mpi.c, lib/gnutls_num.c,
	lib/gnutls_num.h, lib/gnutls_pcert.c, lib/gnutls_pk.c,
	lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_str_array.h, lib/gnutls_supplemental.c, lib/gnutls_ui.c,
	lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/x509.h, lib/nettle/cipher.c, lib/nettle/egd.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
	lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/kbnode.c,
	lib/opencdk/main.h, lib/opencdk/stream.c, lib/opencdk/stream.h,
	lib/opencdk/write-packet.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
	lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_secret.c,
	lib/pkcs11_write.c, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/extensions.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify-high.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
	lib/x509/x509_write.c, lib/x509_b64.c, lib/x509_b64.h,
	src/benchmark-tls.c, src/certtool-common.c, src/certtool.c,
	src/cli.c, src/common.c, src/crywrap/crywrap.c, src/dh.c,
	src/pkcs11.c, src/serv.c, src/srptool.c, tests/anonself.c,
	tests/certificate_set_x509_crl.c, tests/chainverify.c,
	tests/cve-2008-4989.c, tests/cve-2009-1415.c, tests/dhepskself.c,
	tests/dn.c, tests/dn2.c, tests/gc.c, tests/hostname-check.c,
	tests/infoaccess.c, tests/mini-deflate.c, tests/mini-eagain-dtls.c,
	tests/mini-eagain.c, tests/mini.c, tests/moredn.c,
	tests/nul-in-x509-names.c, tests/openpgp-auth.c,
	tests/openpgp-auth2.c, tests/openpgpself.c, tests/parse_ca.c,
	tests/pkcs12_encode.c, tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
	tests/pskself.c, tests/resume.c, tests/rsa-encrypt-decrypt.c,
	tests/slow/cipher-test.c, tests/utils.c, tests/utils.h,
	tests/x509_altname.c, tests/x509cert.c, tests/x509dn.c,
	tests/x509self.c, tests/x509sign-verify.c: Fixed signed/unsigned
	warnings.  Dropped opaque type (replaced with uint8_t)

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/opencdk/misc.c, lib/x509/common.c, lib/x509/crl.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509_b64.c: Modulo
	operations are only occuring on unsigned integers.

2012-01-20  Ludovic Courtès <ludo@gnu.org>

	* cfg.mk, guile/modules/gnutls/build/priorities.scm,
	guile/src/core.c: guile: Don't cast return value of `alloca'.

2012-01-20  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm: 
	guile: Update the list of error codes.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* po/cs.po.in, po/de.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in,
	po/nl.po.in, po/pl.po.in, po/sv.po.in, po/uk.po.in, po/zh_CN.po.in: 
	Sync with TP.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Ignore assembler code.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* doc/latex/cover-epub.tex, doc/latex/cover.tex,
	doc/scripts/Makefile.am, doc/scripts/getfuncs.pl,
	doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
	doc/scripts/sort2.pl, doc/scripts/split-texi.pl,
	doc/scripts/split.pl, lib/gnutls_dtls.c, lib/gnutls_mbuffers.c,
	lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
	lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
	lib/x509/verify.c, tests/openpgp-auth.c, tests/openpgp-auth2.c,
	tests/scripts/common.sh: Add/fix copyright headers.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Add rules to generate clang analysis.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, doc/gendocs_template, gl/Makefile.am,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/stdlib_h.m4,
	gl/stdlib.in.h, gl/sys_stat.in.h, gl/tests/fcntl.in.h,
	gl/unistd.in.h: Update gnulib files.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac: Version 3.0.12.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, po/POTFILES.in: Fix syntax-check rules.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* .gitignore, NEWS, configure.ac, doc/Makefile.am,
	doc/cha-bib.texi, doc/cha-cert-auth2.texi, doc/cha-functions.texi,
	doc/cha-gtls-examples.texi, doc/examples/Makefile.am,
	doc/examples/ex-ocsp-client.c, doc/examples/ex-ocsp-verify.c,
	doc/manpages/Makefile.am, doc/reference/gnutls-docs.sgml,
	lib/includes/Makefile.am, lib/includes/gnutls/ocsp.h,
	lib/libgnutls.map, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/Makefile.am, lib/x509/ocsp.c, lib/x509/ocsp_output.c,
	m4/hooks.m4, src/Makefile.am, src/ocsptool-common.h,
	src/ocsptool.c, src/ocsptool.gaa, tests/Makefile.am, tests/ocsp.c: 
	Add OCSP functionality.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify-high.c, lib/x509/verify-high.h: Fix semantics of
	(unused) _gnutls_trustlist_inlist.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Bump copyright year on manpages.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Fix mem leak.

2012-01-20  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Cosmetic improvement of build output.

2012-01-19  Simon Josefsson <simon@josefsson.org>

	* guile/tests/Makefile.am: Print detailed guile warnings (for
	obsolete functions).

2012-01-18  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix doc/enums/ generation to work with 'make
	distcheck'.

2012-01-18  Simon Josefsson <simon@josefsson.org>

	* guile/pre-inst-guile.in: Fix builddir != srcdir builds.

2012-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc fix

2012-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_errors.c, lib/gnutls_priority.c, src/cli.c: 
	GNUTLS_E_NO_PRIORITIES_WERE_SET is also returned by
	gnutls_priority_set_* This allows to warn when an incomplete set of
	priorities is specified.  Reported by Yaroslav Stavnichiy.

2012-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_handshake.c,
	lib/includes/gnutls/gnutls.h.in: introduced
	GNUTLS_E_NO_PRIORITIES_WERE_SET.

2012-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/texinfo.css: more documentation
	updates.

2012-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: added more information to internals''

2012-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/printlist.c: better print supported algorithms.

2012-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-x509.c: Added
	gnutls_certificate_set_x509_key_file in a comment.

2012-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-pkcs11-list.c, doc/examples/print-ciphersuites.c: 
	added boilerplate

2012-01-17  Ludovic Courtès <ludo@gnu.org>

	* guile/pre-inst-guile.in: Fix $(srcdir) != $(builddir) for Guile.  Now that modules/gnutls.scm is generated, $(builddir) must be in the
	search path.

2012-01-16  Simon Josefsson <simon@josefsson.org>

	* tests/ecdsa/ecdsa: Fix srcdir != builddir builds.  Tiny patch from Elias Pipping <pipping@lavabit.com>.

2012-01-16  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in, lib/nettle/ecc_mulmod.c: GTK-DOC
	fixes.

2012-01-16  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2012-01-16  Simon Josefsson <simon@josefsson.org>

	* doc/cha-programs.texi: Fix sc_space_tab syntax-check nit.

2012-01-16  Simon Josefsson <simon@josefsson.org>

	* .clcopying, AUTHORS, cfg.mk, doc/Makefile.am,
	doc/alert-printlist.c, doc/credentials/Makefile.am, doc/errcodes.c,
	doc/examples/Makefile.am, doc/extract-guile-c-doc.scm,
	doc/fdl-1.3.texi, doc/gpl-3.0.texi, doc/lgpl-2.1.texi,
	doc/printlist.c, extra/Makefile.am, extra/gnutls_openssl.c,
	extra/includes/Makefile.am, extra/includes/gnutls/openssl.h,
	extra/openssl_compat.c, extra/openssl_compat.h, guile/Makefile.am,
	guile/modules/Makefile.am, guile/modules/gnutls.in,
	guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/priorities.scm,
	guile/modules/gnutls/build/smobs.scm,
	guile/modules/gnutls/build/utils.scm,
	guile/modules/gnutls/extra.scm,
	guile/modules/system/documentation/c-snarf.scm,
	guile/modules/system/documentation/output.scm,
	guile/pre-inst-guile.in, guile/src/errors.c, guile/src/utils.c,
	guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
	guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
	guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
	guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
	guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
	lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/dh_common.c,
	lib/auth/dhe.c, lib/auth/dhe_psk.c, lib/auth/psk.c,
	lib/auth/psk_passwd.c, lib/auth/rsa.c, lib/auth/rsa_export.c,
	lib/auth/srp_passwd.c, lib/auth/srp_rsa.c, lib/auth/srp_sb64.c: 
	Collapse and cleanup copyright information.

2012-01-16  Simon Josefsson <simon@josefsson.org>

	* .clcopying, AUTHORS, ChangeLog, ChangeLog.1, Makefile.am, NEWS,
	README, README-alpha, THANKS, configure.ac, doc/Makefile.am,
	doc/alert-printlist.c, doc/credentials/Makefile.am,
	doc/cyclo/Makefile.am, doc/errcodes.c, doc/examples/Makefile.am,
	doc/extract-guile-c-doc.scm, doc/fdl-1.3.texi,
	doc/gnutls-guile.texi, doc/gnutls.texi, doc/gpl-3.0.texi,
	doc/lgpl-2.1.texi, doc/manpages/Makefile.am, doc/printlist.c,
	extra/Makefile.am, extra/gnutls_openssl.c,
	extra/includes/Makefile.am, extra/includes/gnutls/openssl.h,
	extra/openssl_compat.c, extra/openssl_compat.h, guile/Makefile.am,
	guile/modules/Makefile.am, guile/modules/gnutls.in,
	guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/priorities.scm,
	guile/modules/gnutls/build/smobs.scm,
	guile/modules/gnutls/build/tests.scm,
	guile/modules/gnutls/build/utils.scm,
	guile/modules/gnutls/extra.scm,
	guile/modules/system/documentation/c-snarf.scm,
	guile/modules/system/documentation/output.scm,
	guile/pre-inst-guile.in, guile/src/Makefile.am, guile/src/core.c,
	guile/src/errors.c, guile/src/errors.h,
	guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
	guile/src/make-session-priorities.scm,
	guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
	guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
	guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
	guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
	guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
	guile/tests/priorities.scm, guile/tests/session-record-port.scm,
	guile/tests/srp-base64.scm, guile/tests/x509-auth.scm,
	guile/tests/x509-certificates.scm, lib/Makefile.am,
	lib/accelerated/Makefile.am, lib/accelerated/accelerated.c,
	lib/accelerated/cryptodev.c, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86.c,
	lib/accelerated/x86/aes-padlock.c, lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
	lib/accelerated/x86/asm-coff/cpuid-x86-coff.s,
	lib/accelerated/x86/asm/cpuid-x86-64.s,
	lib/accelerated/x86/asm/cpuid-x86.s,
	lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/sha-padlock.c, lib/accelerated/x86/x86.h,
	lib/algorithms.h, lib/algorithms/Makefile.am,
	lib/algorithms/cert_types.c, lib/algorithms/ciphers.c,
	lib/algorithms/ciphersuites.c, lib/algorithms/ecc.c,
	lib/algorithms/kx.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/publickey.c,
	lib/algorithms/secparams.c, lib/algorithms/sign.c,
	lib/auth/Makefile.am, lib/auth/anon.c, lib/auth/anon.h,
	lib/auth/anon_ecdh.c, lib/auth/cert.c, lib/auth/cert.h,
	lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c,
	lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
	lib/auth/psk.c, lib/auth/psk.h, lib/auth/psk_passwd.c,
	lib/auth/psk_passwd.h, lib/auth/rsa.c, lib/auth/rsa_export.c,
	lib/auth/srp.c, lib/auth/srp.h, lib/auth/srp_passwd.c,
	lib/auth/srp_passwd.h, lib/auth/srp_rsa.c, lib/auth/srp_sb64.c,
	lib/crypto-api.c, lib/crypto-backend.c, lib/crypto-backend.h,
	lib/crypto.h, lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
	lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
	lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
	lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
	lib/ext/server_name.c, lib/ext/server_name.h,
	lib/ext/session_ticket.c, lib/ext/session_ticket.h,
	lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
	lib/ext/srp.h, lib/extras/Makefile.am, lib/gnutls.pc.in,
	lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
	lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
	lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
	lib/gnutls_dtls.h, lib/gnutls_ecc.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_mbuffers.h, lib/gnutls_mem.c, lib/gnutls_mem.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_num.c,
	lib/gnutls_num.h, lib/gnutls_pcert.c, lib/gnutls_pk.h,
	lib/gnutls_priority.c, lib/gnutls_psk.c, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
	lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.c,
	lib/gnutls_str.h, lib/gnutls_str_array.h,
	lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/hash.c,
	lib/includes/Makefile.am, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
	lib/includes/gnutls/dtls.h, lib/includes/gnutls/gnutlsxx.h,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/libgnutlsxx.map, lib/locks.c,
	lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
	lib/minitasn1/decoding.c, lib/minitasn1/element.c,
	lib/minitasn1/element.h, lib/minitasn1/errors.c,
	lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
	lib/minitasn1/structure.h, lib/minitasn1/version.c,
	lib/nettle/Makefile.am, lib/nettle/cipher.c, lib/nettle/ecc_free.c,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
	lib/nettle/ecc_mulmod.c, lib/nettle/ecc_mulmod_timing.c,
	lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_check_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/init.c,
	lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
	lib/nettle/rnd.c, lib/opencdk/Makefile.am, lib/opencdk/armor.c,
	lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
	lib/opencdk/main.h, lib/opencdk/misc.c, lib/opencdk/new-packet.c,
	lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/stream.h, lib/opencdk/types.h,
	lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
	lib/openpgp/compat.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
	lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
	lib/random.c, lib/random.h, lib/system.c, lib/system_override.c,
	lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/extensions.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
	lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify-high.h,
	lib/x509/x509_int.h, lib/x509/x509_write.c, lib/x509_b64.c,
	lib/x509_b64.h, m4/gcc.m4, m4/guile.m4, m4/hooks.m4, po/cs.po.in,
	po/de.po.in, po/fr.po.in, po/it.po.in, po/ms.po.in, po/nl.po.in,
	po/pl.po.in, po/sv.po.in, po/uk.po.in, po/zh_CN.po.in,
	src/Makefile.am, src/benchmark-cipher.c, src/benchmark-tls.c,
	src/benchmark.c, src/certtool-cfg.c, src/certtool-common.c,
	src/certtool.c, src/cli.c, src/common.c, src/crywrap/Makefile.am,
	src/dh.c, src/p11common.c, src/p11tool.c, src/pkcs11.c, src/psk.c,
	src/serv.c, src/srptool.c, src/tests.c, src/tls_test.c,
	src/udp-serv.c, tests/Makefile.am, tests/anonself.c,
	tests/certder.c, tests/certificate_set_x509_crl.c,
	tests/certuniqueid.c, tests/chainverify.c, tests/crq_apis.c,
	tests/crq_key_id.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
	tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
	tests/dsa/Makefile.am, tests/dsa/testdsa, tests/ecdsa/Makefile.am,
	tests/ecdsa/ecdsa, tests/gc.c, tests/hostname-check.c,
	tests/infoaccess.c, tests/init_roundtrip.c,
	tests/key-id/Makefile.am, tests/key-id/README, tests/key-id/key-id,
	tests/mini-deflate.c, tests/mini-eagain-dtls.c,
	tests/mini-eagain.c, tests/mini-x509-rehandshake.c,
	tests/mini-x509.c, tests/mini.c, tests/moredn.c, tests/mpi.c,
	tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
	tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
	tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
	tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
	tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
	tests/openpgpself.c, tests/openssl.c, tests/parse_ca.c,
	tests/pathlen/Makefile.am, tests/pathlen/pathlen,
	tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
	tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
	tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
	tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
	tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
	tests/rng-fork.c, tests/rsa-encrypt-decrypt.c,
	tests/rsa-md5-collision/Makefile.am,
	tests/rsa-md5-collision/README,
	tests/rsa-md5-collision/rsa-md5-collision,
	tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
	tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
	tests/scripts/Makefile.am, tests/set_pkcs12_cred.c,
	tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
	tests/sha2/sha2-dsa, tests/simple.c, tests/slow/Makefile.am,
	tests/slow/gendh.c, tests/slow/keygen.c, tests/suite/Makefile.am,
	tests/suite/chain, tests/suite/eagain, tests/suite/testcompat,
	tests/suite/testcompat-main, tests/suite/testsrn,
	tests/suppressions.valgrind, tests/userid/Makefile.am,
	tests/userid/userid, tests/userid/userid.pem, tests/utils.c,
	tests/utils.h, tests/x509_altname.c, tests/x509cert-tl.c,
	tests/x509cert.c, tests/x509dn.c, tests/x509self.c,
	tests/x509sign-verify.c: Run 'make update-copyright'.

2012-01-16  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Ignore pkg.m4.  Copyright fixes.

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: improved doc

2012-01-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pk.c: Fix memory leak.

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/cha-intro-tls.texi: properly spread authentication and
	credentials doc.

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: updated text

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: no longer use texi2html. makeinfo --html has decent
	output.

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/errcodes.c: print numeric error codes everywhere.

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-programs.texi: SECURE256 -> SECURE192

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/alert-printlist.c, doc/scripts/gdoc,
	doc/scripts/split-texi.pl, doc/texinfo.css: updated css for better
	html output.

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: better indent
	gnutls_certificate_set_x509_simple_pkcs12_file to allow them being
	found by doc script.

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi, doc/scripts/gdoc, doc/scripts/split-texi.pl: 
	caption is set on enumerations in texinfo. Unfortunately they are
	not visible to the pdf output due to a probable bug in texinfo.

2012-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi: Added pkcs12_simple function.

2012-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2012-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/argp-parse.c, gl/inet_ntop.c,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/ld-version-script.m4, gl/m4/printf.m4, gl/m4/stdlib_h.m4,
	gl/m4/usleep.m4, gl/select.c, gl/stdlib.in.h, gl/tests/Makefile.am,
	gl/tests/ignore-value.h, gl/tests/pipe.c, gl/tests/test-init.sh,
	gl/tests/test-usleep.c, gl/usleep.c, maint.mk, src/udp-serv.c: 
	usleep() is no longer used.

2012-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi, doc/errcodes.c: documentation updates

2012-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: improved gdoc output for function parameters.

2012-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c, lib/algorithms/mac.c,
	lib/crypto-backend.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/nettle/cipher.c, lib/nettle/mac.c: Only
	list algorithms if they are implemented.

2012-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c: reordered ciphers to place on top the
	most used.

2012-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
	doc/cha-programs.texi, doc/examples/Makefile.am,
	doc/examples/print-ciphersuites.c: Documented ways to list the
	enabled ciphersuites.

2012-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: updated

2012-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: documentation update

2012-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_session_resumption_requested().

2012-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2012-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdh_common.c: avoid allocating a privkey param for the
	public key.

2012-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc_shared_secret.c: corrected issue in ECDH key
	generation.  This issue prevented an ECDH key that was smaller than
	the prime from being correctly aligned.

2012-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c: better handle alert for
	GNUTLS_E_PREMATURE_TERMINATION

2012-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: do not absorb error message

2012-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/nettle/ecc_projective_check_point.c: Eliminated memory
	leak in ecc_projective_check_point().

2012-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2012-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/common.c, lib/x509/dn.c: 
	gnutls_x509_dn_oid_name() was extended with a flags option that
	accepts currently GNUTLS_X509_DN_OID_RETURN_OID or 0.

2012-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-cert-auth.texi, doc/latex/gnutls.bib,
	lib/includes/gnutls/compat.h, lib/x509/crl.c, lib/x509/dn.c,
	lib/x509/x509.c: Added discussion of distinguished names.

2012-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi: describe gnutls_privkey_import_ext in
	more detail.

2012-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c: Added
	gnutls_x509_dn_oid_name().

2012-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi: discuss the change
	in Diffie-Hellman parameters.

2012-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: Defined more
	precisely the SECURE levels.

2012-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi: updated for
	pkg-config autoconf macro and added gnutls_pubkey_encrypt_data.

2012-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: updated descriptions

2012-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: removed not applicable comments.

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map, tests/Makefile.am, tests/rsa-encrypt-decrypt.c: 
	Added gnutls_pubkey_encrypt_data().

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: more gcc warnings to ignore

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c, src/udp-serv.c, src/udp-serv.h: tcp and udp server are
	now void functions.

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool.c: --outder option works for public keys.

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool.c: certtool --outder option now works for
	private keys as well.

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am: removed trailing slash.

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: updated thanks

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: remove trailing slash.

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* GNUmakefile, build-aux/config.rpath, build-aux/pmccabe2html,
	build-aux/snippet/arg-nonnull.h, build-aux/snippet/c++defs.h,
	build-aux/snippet/warn-on-use.h, build-aux/useless-if-before-free,
	build-aux/vc-list-files, gl/Makefile.am, gl/accept.c, gl/alloca.c,
	gl/alloca.in.h, gl/alphasort.c, gl/argp-ba.c, gl/argp-eexst.c,
	gl/argp-fmtstream.c, gl/argp-fmtstream.h, gl/argp-fs-xinl.c,
	gl/argp-help.c, gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c,
	gl/argp-pv.c, gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h,
	gl/arpa_inet.in.h, gl/asnprintf.c, gl/asprintf.c,
	gl/basename-lgpl.c, gl/bind.c, gl/byteswap.in.h, gl/c-ctype.c,
	gl/c-ctype.h, gl/close.c, gl/closedir.c, gl/connect.c,
	gl/dirent-private.h, gl/dirent.in.h, gl/dirname-lgpl.c,
	gl/dirname.h, gl/dosname.h, gl/errno.in.h, gl/error.c, gl/error.h,
	gl/fd-hook.c, gl/fd-hook.h, gl/filename.h, gl/float+.h, gl/float.c,
	gl/float.in.h, gl/fpucw.h, gl/frexp.c, gl/frexpl.c, gl/fseek.c,
	gl/fseeko.c, gl/fseterr.c, gl/fseterr.h, gl/fstat.c, gl/ftell.c,
	gl/ftello.c, gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c,
	gl/getline.c, gl/getopt.c, gl/getopt.in.h, gl/getopt1.c,
	gl/getopt_int.h, gl/getpass.c, gl/getpass.h, gl/getpeername.c,
	gl/getsubopt.c, gl/gettext.h, gl/gettime.c, gl/gettimeofday.c,
	gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h, gl/isnan.c,
	gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
	gl/isnanl-nolibm.h, gl/isnanl.c, gl/itold.c, gl/listen.c,
	gl/lseek.c, gl/m4/00gnulib.m4, gl/m4/alloca.m4, gl/m4/alphasort.m4,
	gl/m4/argp.m4, gl/m4/arpa_inet_h.m4, gl/m4/byteswap.m4,
	gl/m4/clock_time.m4, gl/m4/close.m4, gl/m4/closedir.m4,
	gl/m4/codeset.m4, gl/m4/dirent_h.m4, gl/m4/dirname.m4,
	gl/m4/double-slash-root.m4, gl/m4/dup2.m4, gl/m4/eealloc.m4,
	gl/m4/environ.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
	gl/m4/exponentd.m4, gl/m4/exponentf.m4, gl/m4/exponentl.m4,
	gl/m4/extensions.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
	gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4, gl/m4/frexp.m4,
	gl/m4/frexpl.m4, gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/fstat.m4,
	gl/m4/ftell.m4, gl/m4/ftello.m4, gl/m4/ftruncate.m4, gl/m4/func.m4,
	gl/m4/getaddrinfo.m4, gl/m4/getcwd.m4, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/getopt.m4, gl/m4/getpagesize.m4,
	gl/m4/getpass.m4, gl/m4/getsubopt.m4, gl/m4/gettext.m4,
	gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/glibc2.m4,
	gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
	gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
	gl/m4/inet_pton.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
	gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
	gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
	gl/m4/inttypes_h.m4, gl/m4/ioctl.m4, gl/m4/isnand.m4,
	gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/largefile.m4,
	gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
	gl/m4/ld-version-script.m4, gl/m4/ldexpl.m4, gl/m4/lib-ld.m4,
	gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/lock.m4,
	gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/lstat.m4, gl/m4/malloc.m4,
	gl/m4/malloca.m4, gl/m4/manywarnings.m4, gl/m4/math_h.m4,
	gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/mempcpy.m4,
	gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/mode_t.m4,
	gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4, gl/m4/multiarch.m4,
	gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, gl/m4/nls.m4,
	gl/m4/nocrash.m4, gl/m4/open.m4, gl/m4/opendir.m4,
	gl/m4/pathmax.m4, gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/po.m4,
	gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4,
	gl/m4/printf-posix.m4, gl/m4/printf.m4, gl/m4/progtest.m4,
	gl/m4/putenv.m4, gl/m4/rawmemchr.m4, gl/m4/read-file.m4,
	gl/m4/readdir.m4, gl/m4/realloc.m4, gl/m4/scandir.m4,
	gl/m4/select.m4, gl/m4/servent.m4, gl/m4/setenv.m4,
	gl/m4/signal_h.m4, gl/m4/signbit.m4, gl/m4/size_max.m4,
	gl/m4/sleep.m4, gl/m4/snprintf.m4, gl/m4/socketlib.m4,
	gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
	gl/m4/ssize_t.m4, gl/m4/stat.m4, gl/m4/stdalign.m4,
	gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/strchrnul.m4,
	gl/m4/strdup.m4, gl/m4/strerror.m4, gl/m4/strerror_r.m4,
	gl/m4/string_h.m4, gl/m4/strings_h.m4, gl/m4/strndup.m4,
	gl/m4/strnlen.m4, gl/m4/strverscmp.m4, gl/m4/symlink.m4,
	gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
	gl/m4/sys_uio_h.m4, gl/m4/sysexits.m4, gl/m4/thread.m4,
	gl/m4/threadlib.m4, gl/m4/time_h.m4, gl/m4/time_r.m4,
	gl/m4/timespec.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
	gl/m4/unistd_h.m4, gl/m4/usleep.m4, gl/m4/valgrind-tests.m4,
	gl/m4/vasnprintf.m4, gl/m4/vasprintf.m4, gl/m4/version-etc.m4,
	gl/m4/vfprintf-posix.m4, gl/m4/visibility.m4,
	gl/m4/vprintf-posix.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
	gl/m4/warnings.m4, gl/m4/wchar_h.m4, gl/m4/wchar_t.m4,
	gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/m4/yield.m4, gl/malloc.c,
	gl/math.in.h, gl/memchr.c, gl/memmem.c, gl/mempcpy.c, gl/minmax.h,
	gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
	gl/msvc-nothrow.h, gl/netdb.in.h, gl/netinet_in.in.h, gl/opendir.c,
	gl/override/m4/valgrind-tests.m4.diff, gl/printf-args.c,
	gl/printf-args.h, gl/printf-frexp.c, gl/printf-frexp.h,
	gl/printf-frexpl.c, gl/printf-frexpl.h, gl/printf-parse.c,
	gl/printf-parse.h, gl/progname.c, gl/progname.h, gl/rawmemchr.c,
	gl/read-file.c, gl/read-file.h, gl/readdir.c, gl/realloc.c,
	gl/recv.c, gl/recvfrom.c, gl/scandir.c, gl/select.c, gl/send.c,
	gl/sendto.c, gl/setsockopt.c, gl/shutdown.c, gl/signal.in.h,
	gl/signbitd.c, gl/signbitf.c, gl/signbitl.c, gl/size_max.h,
	gl/sleep.c, gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
	gl/stdalign.in.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
	gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
	gl/str-two-way.h, gl/strcasecmp.c, gl/strchrnul.c, gl/strdup.c,
	gl/strerror-override.c, gl/strerror-override.h, gl/strerror.c,
	gl/string.in.h, gl/strings.in.h, gl/stripslash.c, gl/strncasecmp.c,
	gl/strndup.c, gl/strnlen.c, gl/strverscmp.c, gl/sys_select.in.h,
	gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/sys_uio.in.h, gl/sysexits.in.h,
	gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/dup2.c,
	gl/tests/fcntl.in.h, gl/tests/fdopen.c, gl/tests/getcwd-lgpl.c,
	gl/tests/getpagesize.c, gl/tests/glthread/lock.c,
	gl/tests/glthread/lock.h, gl/tests/glthread/thread.c,
	gl/tests/glthread/thread.h, gl/tests/glthread/threadlib.c,
	gl/tests/glthread/yield.h, gl/tests/ignore-value.h,
	gl/tests/infinity.h, gl/tests/init.sh, gl/tests/inttypes.in.h,
	gl/tests/ioctl.c, gl/tests/lstat.c, gl/tests/macros.h,
	gl/tests/malloca.c, gl/tests/malloca.h, gl/tests/minus-zero.h,
	gl/tests/nan.h, gl/tests/open.c, gl/tests/pathmax.h,
	gl/tests/perror.c, gl/tests/pipe.c, gl/tests/putenv.c,
	gl/tests/same-inode.h, gl/tests/setenv.c, gl/tests/signature.h,
	gl/tests/stat.c, gl/tests/strerror_r.c, gl/tests/symlink.c,
	gl/tests/sys_ioctl.in.h, gl/tests/test-accept.c,
	gl/tests/test-alloca-opt.c, gl/tests/test-argp-2.sh,
	gl/tests/test-argp.c, gl/tests/test-arpa_inet.c,
	gl/tests/test-binary-io.c, gl/tests/test-binary-io.sh,
	gl/tests/test-bind.c, gl/tests/test-byteswap.c,
	gl/tests/test-c-ctype.c, gl/tests/test-close.c,
	gl/tests/test-connect.c, gl/tests/test-dirent.c,
	gl/tests/test-dup2.c, gl/tests/test-environ.c,
	gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
	gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
	gl/tests/test-float.c, gl/tests/test-fprintf-posix.h,
	gl/tests/test-fputc.c, gl/tests/test-fread.c,
	gl/tests/test-frexp.c, gl/tests/test-frexpl.c,
	gl/tests/test-fseek.c, gl/tests/test-fseeko.c,
	gl/tests/test-fseeko3.c, gl/tests/test-fseeko4.c,
	gl/tests/test-fseterr.c, gl/tests/test-fstat.c,
	gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
	gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
	gl/tests/test-ftello4.c, gl/tests/test-ftruncate.c,
	gl/tests/test-func.c, gl/tests/test-fwrite.c,
	gl/tests/test-getaddrinfo.c, gl/tests/test-getcwd-lgpl.c,
	gl/tests/test-getdelim.c, gl/tests/test-getline.c,
	gl/tests/test-getopt.c, gl/tests/test-getopt.h,
	gl/tests/test-getopt_long.h, gl/tests/test-getpeername.c,
	gl/tests/test-gettimeofday.c, gl/tests/test-ignore-value.c,
	gl/tests/test-inet_ntop.c, gl/tests/test-inet_pton.c,
	gl/tests/test-init.sh, gl/tests/test-intprops.c,
	gl/tests/test-inttypes.c, gl/tests/test-ioctl.c,
	gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h,
	gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h,
	gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h,
	gl/tests/test-listen.c, gl/tests/test-lock.c,
	gl/tests/test-lstat.c, gl/tests/test-lstat.h,
	gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
	gl/tests/test-math.c, gl/tests/test-memchr.c,
	gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
	gl/tests/test-open.c, gl/tests/test-open.h,
	gl/tests/test-pathmax.c, gl/tests/test-perror.c,
	gl/tests/test-perror2.c, gl/tests/test-pipe.c,
	gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
	gl/tests/test-printf-posix.h, gl/tests/test-rawmemchr.c,
	gl/tests/test-read-file.c, gl/tests/test-recv.c,
	gl/tests/test-recvfrom.c, gl/tests/test-select-fd.c,
	gl/tests/test-select-stdin.c, gl/tests/test-select.c,
	gl/tests/test-select.h, gl/tests/test-send.c,
	gl/tests/test-sendto.c, gl/tests/test-setenv.c,
	gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
	gl/tests/test-signal-h.c, gl/tests/test-signbit.c,
	gl/tests/test-sleep.c, gl/tests/test-snprintf.c,
	gl/tests/test-sockets.c, gl/tests/test-stat.c,
	gl/tests/test-stat.h, gl/tests/test-stdalign.c,
	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
	gl/tests/test-stdint.c, gl/tests/test-stdio.c,
	gl/tests/test-stdlib.c, gl/tests/test-strchrnul.c,
	gl/tests/test-strerror.c, gl/tests/test-strerror_r.c,
	gl/tests/test-string.c, gl/tests/test-strings.c,
	gl/tests/test-strnlen.c, gl/tests/test-strverscmp.c,
	gl/tests/test-symlink.c, gl/tests/test-symlink.h,
	gl/tests/test-sys_ioctl.c, gl/tests/test-sys_select.c,
	gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
	gl/tests/test-sys_time.c, gl/tests/test-sys_types.c,
	gl/tests/test-sys_uio.c, gl/tests/test-sys_wait.h,
	gl/tests/test-sysexits.c, gl/tests/test-thread_create.c,
	gl/tests/test-thread_self.c, gl/tests/test-time.c,
	gl/tests/test-u64.c, gl/tests/test-unistd.c,
	gl/tests/test-unsetenv.c, gl/tests/test-usleep.c,
	gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
	gl/tests/test-vfprintf-posix.c, gl/tests/test-vprintf-posix.c,
	gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
	gl/tests/unsetenv.c, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
	gl/time.in.h, gl/time_r.c, gl/timespec.h, gl/u64.h, gl/unistd.in.h,
	gl/usleep.c, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
	gl/verify.h, gl/version-etc-fsf.c, gl/version-etc.c,
	gl/version-etc.h, gl/vfprintf.c, gl/vprintf.c, gl/vsnprintf.c,
	gl/w32sock.h, gl/wchar.in.h, gl/xsize.h, maint.mk: Updated gnulib
	and added usleep and getaddrinfo modules.

2012-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: Authority information access information ->
	Authority information access

2012-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/auth/cert.h, lib/auth/dhe.c, lib/auth/rsa.c,
	lib/auth/rsa_export.c, lib/auth/srp_rsa.c: 
	_gnutls_proc_cert_client_certificate and
	_gnutls_proc_cert_server_certificate renamed to
	_gnutls_proc_certificate.

2012-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated news

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c: gnutls_dh_params_cpy() copies the
	src->q_bits.

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/gendh.c: properly deinitialize.

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mpi.c: corrected leak in DH parameter generation.

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: updated changelog

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mpi.c: removed old comment

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS: updated changelog and news for release

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: corrected typo

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: Corrected functionality of
	gnutls_record_get_direction(). Reported by Philip Allison.

2012-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cipher.c: provide less timing information when
	decoding packets. Patch by Nadhem Alfardan.

2012-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: use AI_ADDRCONFIG if available.

2012-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: prevent building of crywrap in windows

2012-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: updated

2012-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: updated

2012-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/Makefile.am: added missing file

2012-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2012-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/p11tool-gaa.c: Updated
	auto-generated files

2012-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/.gitignore, doc/latex/cover.tex: added missing file

2012-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: print the RSA and DH bits as well as EC bits
	for comparison.

2012-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: use 1840 bit DH and RSA to compare with 192
	bits of ECDH

2012-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/publickey.c, lib/algorithms/secparams.c,
	lib/algorithms/sign.c, lib/auth/cert.c, lib/auth/ecdh_common.c,
	lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/output.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/verify.c, src/certtool.c,
	src/p11tool.gaa, tests/slow/keygen.c: GNUTLS_PK_ECC -> GNUTLS_PK_EC

2011-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/gnutls_openpgp.c: CDK_EOF error code now returns
	GNUTLS_E_PARSING_ERROR

2011-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c, lib/opencdk/opencdk.h: removed
	cdk_armor_filter_use()

2011-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: correctly report 0 keys on a keyring

2011-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/kbnode.c, lib/opencdk/opencdk.h,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c: more opencdk simplifications

2011-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-certs/testselfsigs: specify key type (raw) to
	certtool

2011-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/Makefile.am, lib/opencdk/armor.c,
	lib/opencdk/keydb.c, lib/opencdk/main.c, lib/opencdk/opencdk.h,
	lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c: Removed unneeded
	opencdk functionality.

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: verify signatures on download

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/gnutls_mem.c: _gnutls_is_secure_memory is
	no more.

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/cli.c: gnutls-cli can now read input from win32.

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/openpgp/pgp.c, lib/openpgp/privkey.c: Avoid using base64
	armor auto-detection which causes decoding errors in win32.  For
	some reason reading from the stream modifies the stream and this
	work-around avoids that issue.

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pgps2kgnu.c: enable debugging in pgps2kgnu

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/openpgp-auth2.c: do not use valgrind in
	windows

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: gmp is compiled with --enable-fat.

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: link libutils with libgnu.

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: Added missing function names.

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cross.mk: Added a preliminary win32 compilation makefile.

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: win32 fixes

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: do not build crywrap on win32

2011-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* extra/includes/gnutls/openssl.h: undefine possible system macros.

2011-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-dtls.c: updated DTLS example

2011-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
	doc/cha-programs.texi: more updates

2011-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-ciphersuites.texi, doc/cha-copying.texi,
	doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
	doc/cha-internals.texi, doc/cha-library.texi,
	doc/cha-shared-key.texi, doc/gnutls.texi: Small improvements in
	documentation.

2011-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/privkey.c: corrected bug in DSA private key
	parsing.

2011-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.gaa: Added --rsa option which is a no-op for now.

2011-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_ui.c,
	lib/openpgp/output.c, lib/x509/output.c,
	tests/pathlen/ca-no-pathlen.pem, tests/pathlen/no-ca-or-pathlen.pem: 
	Allow the insertion of characters to align the randomart.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Print the fingerprint of PGP keys and not only the
	key ID.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: Add random art to keys.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-deflate.c: Skip deflate test if libz is not available.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c, lib/x509/output.c, src/certtool.c: updated
	random art's messages.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Print the pgp key's randomart as well.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c, lib/x509/output.c: Print the randomart on
	the key ID and not the fingerprint.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: Updated GNUTLS_E_NO_CERTIFICATE_FOUND
	description.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_ui.c,
	lib/openpgp/output.c, lib/x509/output.c, src/certtool.c: print
	randomart for private keys as well.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/extras/randomart.c, lib/system.c, lib/system.h,
	lib/x509/output.c: gnutls_atfork was no longer in use.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, lib/Makefile.am, lib/extras/Makefile.am,
	lib/extras/randomart.c, lib/extras/randomart.h, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/openpgp/output.c, lib/x509/output.c: Added function
	gnutls_random_art() to convert fingerprints to images (currently
	ascii-art).

2011-12-28  Patrick Pelletier <code@funwithsoftware.org>

	* doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
	doc/cha-internals.texi, lib/algorithms/ciphers.c,
	lib/algorithms/protocols.c, lib/algorithms/secparams.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_db.c,
	lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_priority.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/nettle/rnd.c: minor doc and
	comment fixes Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-gtls-app.texi,
	doc/cha-gtls-examples.texi, doc/cha-intro-tls.texi,
	doc/examples/Makefile.am, doc/examples/{ex-client1.c =>
	ex-client-anon.c}, doc/examples/{ex-client-udp.c =>
	ex-client-dtls.c}, doc/examples/ex-client-psk.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/{ex-rfc2818.c => ex-client-x509.c},
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-srp.c,
	doc/examples/{ex-serv1.c => ex-serv-x509.c}: updated examples and
	added new "handling alerts" section.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-examples.texi, doc/examples/udp.c: updated and
	included in the documentation the udp code.

2011-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/cli.c, src/serv.c: Set don't fragment bit in Linux as
	well as in BSD variants.

2011-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/examples/ex-serv-dtls.c, doc/examples/ex-serv1.c: 
	updated server examples

2011-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-cert-auth2.texi,
	doc/cha-gtls-app.texi, doc/cha-programs.texi,
	doc/cha-shared-key.texi: smallexample is no longer used. It is
	intended only for typesetting with smaller pages and had no relation
	to our usage.

2011-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: prepend UDP to server application name when in UDP
	mode.

2011-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-gtls-examples.texi,
	doc/examples/Makefile.am, doc/examples/ex-serv-dtls.c,
	doc/examples/ex-serv1.c: Added DTLS server example.

2011-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/udp-serv.c: corrected a leak

2011-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Added SECP192R1 curve.

2011-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h: 
	pkcs11.h and abstract.h use extern C idiom for C++.

2011-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphersuites.c: Added ciphersuites:
	GNUTLS_PSK_WITH_AES_256_GCM_SHA384 and
	GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384.

2011-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphersuites.c: Corrected ciphersuite
	GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384

2011-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: Only use configured interfaces. Patch by Pino Toscano.

2011-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/protocols.c: better comments.

2011-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c: 
	gnutls_protocol_get_version() and _gnutls_set_current_version() are
	now inline functions

2011-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: documented
	_gnutls_supported_ciphersuites()

2011-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: renamed the _SHA ciphersuites to
	_SHA1.

2011-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mpi.c: correctly set the odd bits.

2011-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, Makefile.am, cfg.mk: make dist forces regeneration of
	ChangeLog and manpages.

2011-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: Added missing file

2011-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2011-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: documented new priority strings.

2011-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: server precedence also used in compression
	methods.

2011-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/auth/dh_common.c, lib/auth/rsa.c, lib/auth/rsa_export.c,
	lib/gnutls_auth.c, lib/gnutls_constate.c, lib/gnutls_constate.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_session_pack.c, lib/gnutls_state.c,
	lib/gnutls_v2_compat.c: cipher_suite_st is no longer used
	internally. We only use a point to 2 bytes.

2011-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_priority.c: Added new priority string %SERVER_PRECEDENCE.

2011-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Removed 128-bit ciphers from secure192, but
	added SHA256 (or no ciphersuites are there).

2011-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/Makefile.am, src/certtool-common.h, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/{prime.c
	=> dh.c}: Added the --dh-info parameter to certtool.

2011-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/manpages/Makefile.am, lib/algorithms/ciphersuites.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/common.c: 
	gnutls_priority_get_cipher_suite was renamed to
	gnutls_priority_get_cipher_suite_index.  This makes a more
	consistent API at the cost of requiring
	gnutls_get_cipher_suite_info().  An advantage however is that more
	information can now be accessed.

2011-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth/anon.c, lib/auth/dh_common.c,
	lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c,
	lib/crypto-backend.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/nettle/mpi.c,
	src/benchmark-tls.c, src/benchmark.c, src/prime.c: Diffie Hellman
	PKCS #3 parameters now contain the recommended private key size.  By
	using the recommended key size the calculations for the server side
	are reduced, giving a 50% increase in DH calculations.

2011-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mpi.c: small cleanups.

2011-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk_passwd.c, lib/auth/rsa.c, lib/auth/rsa_export.c,
	lib/auth/srp_passwd.c, lib/crypto-api.c, lib/ext/session_ticket.c,
	lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_mpi.c,
	lib/gnutls_pk.c, lib/nettle/gnettle.h, lib/nettle/mpi.c,
	lib/nettle/pk.c, lib/nettle/rnd.c, lib/opencdk/misc.c,
	lib/pkcs11_secret.c, lib/random.c, lib/random.h, lib/x509/pkcs12.c,
	lib/x509/privkey_pkcs8.c: Optimizations in DH parameter generation.  The larger prime is find first and the big loop needs to find a
	smaller prime, increasing performance.  The _gnutls_rnd() function
	is now inline and GNUTLS_RND_NONCE doesn't update random generator
	state.

2011-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2011-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h: If a ticket is sent to client then don't store the
	session information in the session cache.

2011-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphersuites.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli-gaa.c,
	src/cli.gaa, src/common.c, src/common.h, src/serv-gaa.c,
	src/serv.gaa: Added gnutls_priority_get_cipher_suite().  This allows
	listing the ciphersuites enabled in a priority structure.  The
	certtool -l option was overloaded so if combined with --priority it
	will only list the ciphersuites that are enabled by the given
	priority string.

2011-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc_mulmod.c: removed unused variables.

2011-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Added 192-bit curve in normal priorities.

2011-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updates

2011-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: Print ephemeral information after certificate
	information.

2011-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/gnutls_handshake.c: Optimized ciphersuite sorting.

2011-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: modified the test to a level of 80bits of
	security.

2011-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ecc.c, lib/includes/gnutls/gnutls.h.in: Added
	SECP192R1 curve.

2011-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert.c: be less verbose.

2011-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2011-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: Added ECDHE-ECDSA test.

2011-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am, lib/nettle/ecc.h,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_mulmod.c,
	lib/nettle/ecc_mulmod_timing.c, lib/nettle/ecc_sign_hash.c: The
	timing resistant ecc_mulmod() is only used when signing using the
	ECDSA private key. This improves performance in all other cases that
	do not require timing resistance.

2011-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86.h: corrected have_cpuid for x86-64.

2011-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-cert-auth2.texi: renamed hardware tokens
	to security modules.

2011-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi: Added section 'Managing encrypted keys'
	to include PKCS 12 structures.

2011-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: Added RSA key exchange to comparison.

2011-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* devel/perlasm/cpuid-x86.pl, devel/perlasm/cpuid-x86_64.pl,
	lib/accelerated/accelerated.c, lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-x86.c,
	lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
	lib/accelerated/x86/asm-coff/cpuid-x86-coff.s,
	lib/accelerated/x86/asm/cpuid-x86-64.s,
	lib/accelerated/x86/asm/cpuid-x86.s, lib/accelerated/x86/x86.h: 
	Exported gnutls_cpuid() and gnutls_have_cpuid().

2011-12-06  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix descriptive text.

2011-12-06  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, doc/scripts/getfuncs.pl: Fix getfuncs.pl
	parse bug; require non-empty list of function parameters.  Otherwise it would detect a comment like '* foo()' as another
	function.

2011-12-06  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/gnutls_init.3,
	doc/manpages/gnutls_pk_algorithm_get_name.3: Really remove manpages.

2011-12-06  Simon Josefsson <simon@josefsson.org>

	* .gitignore, doc/manpages/Makefile.am: Fix whitespace in last
	commit.

2011-12-06  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Don't rebuild man pages on every 'make'
	invocation.

2011-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, doc/manpages/gnutls_alert_get.3,
	doc/manpages/gnutls_alert_get_name.3,
	doc/manpages/gnutls_alert_get_strname.3,
	doc/manpages/gnutls_alert_send.3,
	doc/manpages/gnutls_alert_send_appropriate.3,
	doc/manpages/gnutls_anon_allocate_client_credentials.3,
	doc/manpages/gnutls_anon_allocate_server_credentials.3,
	doc/manpages/gnutls_anon_free_client_credentials.3,
	doc/manpages/gnutls_anon_free_server_credentials.3,
	doc/manpages/gnutls_anon_set_params_function.3,
	doc/manpages/gnutls_anon_set_server_dh_params.3,
	doc/manpages/gnutls_anon_set_server_params_function.3,
	doc/manpages/gnutls_auth_client_get_type.3,
	doc/manpages/gnutls_auth_get_type.3,
	doc/manpages/gnutls_auth_server_get_type.3,
	doc/manpages/gnutls_bye.3,
	doc/manpages/gnutls_certificate_activation_time_peers.3,
	doc/manpages/gnutls_certificate_allocate_credentials.3,
	doc/manpages/gnutls_certificate_client_get_request_status.3,
	doc/manpages/gnutls_certificate_expiration_time_peers.3,
	doc/manpages/gnutls_certificate_free_ca_names.3,
	doc/manpages/gnutls_certificate_free_cas.3,
	doc/manpages/gnutls_certificate_free_credentials.3,
	doc/manpages/gnutls_certificate_free_crls.3,
	doc/manpages/gnutls_certificate_free_keys.3,
	doc/manpages/gnutls_certificate_get_issuer.3,
	doc/manpages/gnutls_certificate_get_openpgp_keyring.3,
	doc/manpages/gnutls_certificate_get_ours.3,
	doc/manpages/gnutls_certificate_get_peers.3,
	doc/manpages/gnutls_certificate_send_x509_rdn_sequence.3,
	doc/manpages/gnutls_certificate_server_set_request.3,
	doc/manpages/gnutls_certificate_set_dh_params.3,
	doc/manpages/gnutls_certificate_set_key.3,
	doc/manpages/gnutls_certificate_set_openpgp_key.3,
	doc/manpages/gnutls_certificate_set_openpgp_key_file.3,
	doc/manpages/gnutls_certificate_set_openpgp_key_file2.3,
	doc/manpages/gnutls_certificate_set_openpgp_key_mem.3,
	doc/manpages/gnutls_certificate_set_openpgp_key_mem2.3,
	doc/manpages/gnutls_certificate_set_params_function.3,
	doc/manpages/gnutls_certificate_set_rsa_export_params.3,
	doc/manpages/gnutls_certificate_set_verify_flags.3,
	doc/manpages/gnutls_certificate_set_verify_function.3,
	doc/manpages/gnutls_certificate_set_verify_limits.3,
	doc/manpages/gnutls_certificate_set_x509_crl.3,
	doc/manpages/gnutls_certificate_set_x509_crl_file.3,
	doc/manpages/gnutls_certificate_set_x509_crl_mem.3,
	doc/manpages/gnutls_certificate_set_x509_key.3,
	doc/manpages/gnutls_certificate_set_x509_key_file.3,
	doc/manpages/gnutls_certificate_set_x509_key_mem.3,
	doc/manpages/gnutls_certificate_set_x509_trust.3,
	doc/manpages/gnutls_certificate_set_x509_trust_file.3,
	doc/manpages/gnutls_certificate_set_x509_trust_mem.3,
	doc/manpages/gnutls_certificate_type_get.3,
	doc/manpages/gnutls_certificate_type_get_id.3,
	doc/manpages/gnutls_certificate_type_get_name.3,
	doc/manpages/gnutls_certificate_type_list.3,
	doc/manpages/gnutls_certificate_type_set_priority.3,
	doc/manpages/gnutls_certificate_verify_peers2.3,
	doc/manpages/gnutls_check_version.3,
	doc/manpages/gnutls_cipher_add_auth.3,
	doc/manpages/gnutls_cipher_decrypt.3,
	doc/manpages/gnutls_cipher_decrypt2.3,
	doc/manpages/gnutls_cipher_deinit.3,
	doc/manpages/gnutls_cipher_encrypt.3,
	doc/manpages/gnutls_cipher_encrypt2.3,
	doc/manpages/gnutls_cipher_get.3,
	doc/manpages/gnutls_cipher_get_block_size.3,
	doc/manpages/gnutls_cipher_get_id.3,
	doc/manpages/gnutls_cipher_get_key_size.3,
	doc/manpages/gnutls_cipher_get_name.3,
	doc/manpages/gnutls_cipher_init.3,
	doc/manpages/gnutls_cipher_list.3,
	doc/manpages/gnutls_cipher_set_iv.3,
	doc/manpages/gnutls_cipher_set_priority.3,
	doc/manpages/gnutls_cipher_suite_get_name.3,
	doc/manpages/gnutls_cipher_suite_info.3,
	doc/manpages/gnutls_cipher_tag.3,
	doc/manpages/gnutls_compression_get.3,
	doc/manpages/gnutls_compression_get_id.3,
	doc/manpages/gnutls_compression_get_name.3,
	doc/manpages/gnutls_compression_list.3,
	doc/manpages/gnutls_compression_set_priority.3,
	doc/manpages/gnutls_credentials_clear.3,
	doc/manpages/gnutls_credentials_set.3,
	doc/manpages/gnutls_db_check_entry.3,
	doc/manpages/gnutls_db_get_ptr.3,
	doc/manpages/gnutls_db_remove_session.3,
	doc/manpages/gnutls_db_set_cache_expiration.3,
	doc/manpages/gnutls_db_set_ptr.3,
	doc/manpages/gnutls_db_set_remove_function.3,
	doc/manpages/gnutls_db_set_retrieve_function.3,
	doc/manpages/gnutls_db_set_store_function.3,
	doc/manpages/gnutls_deinit.3, doc/manpages/gnutls_dh_get_group.3,
	doc/manpages/gnutls_dh_get_peers_public_bits.3,
	doc/manpages/gnutls_dh_get_prime_bits.3,
	doc/manpages/gnutls_dh_get_pubkey.3,
	doc/manpages/gnutls_dh_get_secret_bits.3,
	doc/manpages/gnutls_dh_params_cpy.3,
	doc/manpages/gnutls_dh_params_deinit.3,
	doc/manpages/gnutls_dh_params_export_pkcs3.3,
	doc/manpages/gnutls_dh_params_export_raw.3,
	doc/manpages/gnutls_dh_params_generate2.3,
	doc/manpages/gnutls_dh_params_import_pkcs3.3,
	doc/manpages/gnutls_dh_params_import_raw.3,
	doc/manpages/gnutls_dh_params_init.3,
	doc/manpages/gnutls_dh_set_prime_bits.3,
	doc/manpages/gnutls_dtls_cookie_send.3,
	doc/manpages/gnutls_dtls_cookie_verify.3,
	doc/manpages/gnutls_dtls_get_data_mtu.3,
	doc/manpages/gnutls_dtls_get_mtu.3,
	doc/manpages/gnutls_dtls_prestate_set.3,
	doc/manpages/gnutls_dtls_set_mtu.3,
	doc/manpages/gnutls_dtls_set_timeouts.3,
	doc/manpages/gnutls_ecc_curve_get.3,
	doc/manpages/gnutls_ecc_curve_get_name.3,
	doc/manpages/gnutls_ecc_curve_get_size.3,
	doc/manpages/gnutls_error_is_fatal.3,
	doc/manpages/gnutls_error_to_alert.3,
	doc/manpages/gnutls_fingerprint.3,
	doc/manpages/gnutls_global_deinit.3,
	doc/manpages/gnutls_global_init.3,
	doc/manpages/gnutls_global_set_audit_log_function.3,
	doc/manpages/gnutls_global_set_log_function.3,
	doc/manpages/gnutls_global_set_log_level.3,
	doc/manpages/gnutls_global_set_mem_functions.3,
	doc/manpages/gnutls_global_set_mutex.3,
	doc/manpages/gnutls_global_set_time_function.3,
	doc/manpages/gnutls_handshake.3,
	doc/manpages/gnutls_handshake_get_last_in.3,
	doc/manpages/gnutls_handshake_get_last_out.3,
	doc/manpages/gnutls_handshake_set_max_packet_length.3,
	doc/manpages/gnutls_handshake_set_post_client_hello_function.3,
	doc/manpages/gnutls_handshake_set_private_extensions.3,
	doc/manpages/gnutls_hash.3, doc/manpages/gnutls_hash_deinit.3,
	doc/manpages/gnutls_hash_fast.3,
	doc/manpages/gnutls_hash_get_len.3,
	doc/manpages/gnutls_hash_init.3, doc/manpages/gnutls_hash_output.3,
	doc/manpages/gnutls_hex2bin.3, doc/manpages/gnutls_hex_decode.3,
	doc/manpages/gnutls_hex_encode.3, doc/manpages/gnutls_hmac.3,
	doc/manpages/gnutls_hmac_deinit.3, doc/manpages/gnutls_hmac_fast.3,
	doc/manpages/gnutls_hmac_get_len.3,
	doc/manpages/gnutls_hmac_init.3, doc/manpages/gnutls_hmac_output.3,
	doc/manpages/gnutls_init.3, doc/manpages/gnutls_key_generate.3,
	doc/manpages/gnutls_kx_get.3, doc/manpages/gnutls_kx_get_id.3,
	doc/manpages/gnutls_kx_get_name.3, doc/manpages/gnutls_kx_list.3,
	doc/manpages/gnutls_kx_set_priority.3,
	doc/manpages/gnutls_mac_get.3, doc/manpages/gnutls_mac_get_id.3,
	doc/manpages/gnutls_mac_get_key_size.3,
	doc/manpages/gnutls_mac_get_name.3, doc/manpages/gnutls_mac_list.3,
	doc/manpages/gnutls_mac_set_priority.3,
	doc/manpages/gnutls_openpgp_crt_check_hostname.3,
	doc/manpages/gnutls_openpgp_crt_deinit.3,
	doc/manpages/gnutls_openpgp_crt_export.3,
	doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3,
	doc/manpages/gnutls_openpgp_crt_get_creation_time.3,
	doc/manpages/gnutls_openpgp_crt_get_expiration_time.3,
	doc/manpages/gnutls_openpgp_crt_get_fingerprint.3,
	doc/manpages/gnutls_openpgp_crt_get_key_id.3,
	doc/manpages/gnutls_openpgp_crt_get_key_usage.3,
	doc/manpages/gnutls_openpgp_crt_get_name.3,
	doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3,
	doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3,
	doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3,
	doc/manpages/gnutls_openpgp_crt_get_preferred_key_id.3,
	doc/manpages/gnutls_openpgp_crt_get_revoked_status.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_count.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_creation_time.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_expiration_time.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_fingerprint.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_id.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_pk_algorithm.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_revoked_status.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3,
	doc/manpages/gnutls_openpgp_crt_get_version.3,
	doc/manpages/gnutls_openpgp_crt_import.3,
	doc/manpages/gnutls_openpgp_crt_init.3,
	doc/manpages/gnutls_openpgp_crt_print.3,
	doc/manpages/gnutls_openpgp_crt_set_preferred_key_id.3,
	doc/manpages/gnutls_openpgp_crt_verify_ring.3,
	doc/manpages/gnutls_openpgp_crt_verify_self.3,
	doc/manpages/gnutls_openpgp_keyring_check_id.3,
	doc/manpages/gnutls_openpgp_keyring_deinit.3,
	doc/manpages/gnutls_openpgp_keyring_get_crt.3,
	doc/manpages/gnutls_openpgp_keyring_get_crt_count.3,
	doc/manpages/gnutls_openpgp_keyring_import.3,
	doc/manpages/gnutls_openpgp_keyring_init.3,
	doc/manpages/gnutls_openpgp_privkey_deinit.3,
	doc/manpages/gnutls_openpgp_privkey_export.3,
	doc/manpages/gnutls_openpgp_privkey_export_dsa_raw.3,
	doc/manpages/gnutls_openpgp_privkey_export_rsa_raw.3,
	doc/manpages/gnutls_openpgp_privkey_export_subkey_dsa_raw.3,
	doc/manpages/gnutls_openpgp_privkey_export_subkey_rsa_raw.3,
	doc/manpages/gnutls_openpgp_privkey_get_fingerprint.3,
	doc/manpages/gnutls_openpgp_privkey_get_key_id.3,
	doc/manpages/gnutls_openpgp_privkey_get_pk_algorithm.3,
	doc/manpages/gnutls_openpgp_privkey_get_preferred_key_id.3,
	doc/manpages/gnutls_openpgp_privkey_get_revoked_status.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_count.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_creation_time.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_fingerprint.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_id.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_idx.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_pk_algorithm.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_revoked_status.3,
	doc/manpages/gnutls_openpgp_privkey_import.3,
	doc/manpages/gnutls_openpgp_privkey_init.3,
	doc/manpages/gnutls_openpgp_privkey_sec_param.3,
	doc/manpages/gnutls_openpgp_privkey_set_preferred_key_id.3,
	doc/manpages/gnutls_openpgp_privkey_sign_hash.3,
	doc/manpages/gnutls_openpgp_send_cert.3,
	doc/manpages/gnutls_openpgp_set_recv_key_function.3,
	doc/manpages/gnutls_pcert_deinit.3,
	doc/manpages/gnutls_pcert_import_openpgp.3,
	doc/manpages/gnutls_pcert_import_openpgp_raw.3,
	doc/manpages/gnutls_pcert_import_x509.3,
	doc/manpages/gnutls_pcert_import_x509_raw.3,
	doc/manpages/gnutls_pcert_list_import_x509_raw.3,
	doc/manpages/gnutls_pem_base64_decode.3,
	doc/manpages/gnutls_pem_base64_decode_alloc.3,
	doc/manpages/gnutls_pem_base64_encode.3,
	doc/manpages/gnutls_pem_base64_encode_alloc.3,
	doc/manpages/gnutls_perror.3,
	doc/manpages/gnutls_pk_algorithm_get_name.3,
	doc/manpages/gnutls_pk_bits_to_sec_param.3,
	doc/manpages/gnutls_pk_get_id.3, doc/manpages/gnutls_pk_get_name.3,
	doc/manpages/gnutls_pk_list.3,
	doc/manpages/gnutls_pkcs11_add_provider.3,
	doc/manpages/gnutls_pkcs11_copy_secret_key.3,
	doc/manpages/gnutls_pkcs11_copy_x509_crt.3,
	doc/manpages/gnutls_pkcs11_copy_x509_privkey.3,
	doc/manpages/gnutls_pkcs11_deinit.3,
	doc/manpages/gnutls_pkcs11_delete_url.3,
	doc/manpages/gnutls_pkcs11_init.3,
	doc/manpages/gnutls_pkcs11_obj_deinit.3,
	doc/manpages/gnutls_pkcs11_obj_export.3,
	doc/manpages/gnutls_pkcs11_obj_export_url.3,
	doc/manpages/gnutls_pkcs11_obj_get_info.3,
	doc/manpages/gnutls_pkcs11_obj_get_type.3,
	doc/manpages/gnutls_pkcs11_obj_import_url.3,
	doc/manpages/gnutls_pkcs11_obj_init.3,
	doc/manpages/gnutls_pkcs11_obj_list_import_url.3,
	doc/manpages/gnutls_pkcs11_privkey_deinit.3,
	doc/manpages/gnutls_pkcs11_privkey_export_url.3,
	doc/manpages/gnutls_pkcs11_privkey_generate.3,
	doc/manpages/gnutls_pkcs11_privkey_get_info.3,
	doc/manpages/gnutls_pkcs11_privkey_get_pk_algorithm.3,
	doc/manpages/gnutls_pkcs11_privkey_import_url.3,
	doc/manpages/gnutls_pkcs11_privkey_init.3,
	doc/manpages/gnutls_pkcs11_set_pin_function.3,
	doc/manpages/gnutls_pkcs11_set_token_function.3,
	doc/manpages/gnutls_pkcs11_token_get_flags.3,
	doc/manpages/gnutls_pkcs11_token_get_info.3,
	doc/manpages/gnutls_pkcs11_token_get_mechanism.3,
	doc/manpages/gnutls_pkcs11_token_get_url.3,
	doc/manpages/gnutls_pkcs11_token_init.3,
	doc/manpages/gnutls_pkcs11_token_set_pin.3,
	doc/manpages/gnutls_pkcs11_type_get_name.3,
	doc/manpages/gnutls_pkcs12_bag_decrypt.3,
	doc/manpages/gnutls_pkcs12_bag_deinit.3,
	doc/manpages/gnutls_pkcs12_bag_encrypt.3,
	doc/manpages/gnutls_pkcs12_bag_get_count.3,
	doc/manpages/gnutls_pkcs12_bag_get_data.3,
	doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3,
	doc/manpages/gnutls_pkcs12_bag_get_key_id.3,
	doc/manpages/gnutls_pkcs12_bag_get_type.3,
	doc/manpages/gnutls_pkcs12_bag_init.3,
	doc/manpages/gnutls_pkcs12_bag_set_crl.3,
	doc/manpages/gnutls_pkcs12_bag_set_crt.3,
	doc/manpages/gnutls_pkcs12_bag_set_data.3,
	doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3,
	doc/manpages/gnutls_pkcs12_bag_set_key_id.3,
	doc/manpages/gnutls_pkcs12_deinit.3,
	doc/manpages/gnutls_pkcs12_export.3,
	doc/manpages/gnutls_pkcs12_generate_mac.3,
	doc/manpages/gnutls_pkcs12_get_bag.3,
	doc/manpages/gnutls_pkcs12_import.3,
	doc/manpages/gnutls_pkcs12_init.3,
	doc/manpages/gnutls_pkcs12_set_bag.3,
	doc/manpages/gnutls_pkcs12_verify_mac.3,
	doc/manpages/gnutls_pkcs7_deinit.3,
	doc/manpages/gnutls_pkcs7_delete_crl.3,
	doc/manpages/gnutls_pkcs7_delete_crt.3,
	doc/manpages/gnutls_pkcs7_export.3,
	doc/manpages/gnutls_pkcs7_get_crl_count.3,
	doc/manpages/gnutls_pkcs7_get_crl_raw.3,
	doc/manpages/gnutls_pkcs7_get_crt_count.3,
	doc/manpages/gnutls_pkcs7_get_crt_raw.3,
	doc/manpages/gnutls_pkcs7_import.3,
	doc/manpages/gnutls_pkcs7_init.3,
	doc/manpages/gnutls_pkcs7_set_crl.3,
	doc/manpages/gnutls_pkcs7_set_crl_raw.3,
	doc/manpages/gnutls_pkcs7_set_crt.3,
	doc/manpages/gnutls_pkcs7_set_crt_raw.3, doc/manpages/gnutls_prf.3,
	doc/manpages/gnutls_prf_raw.3,
	doc/manpages/gnutls_priority_deinit.3,
	doc/manpages/gnutls_priority_init.3,
	doc/manpages/gnutls_priority_set.3,
	doc/manpages/gnutls_priority_set_direct.3,
	doc/manpages/gnutls_privkey_decrypt_data.3,
	doc/manpages/gnutls_privkey_deinit.3,
	doc/manpages/gnutls_privkey_get_pk_algorithm.3,
	doc/manpages/gnutls_privkey_get_type.3,
	doc/manpages/gnutls_privkey_import_ext.3,
	doc/manpages/gnutls_privkey_import_openpgp.3,
	doc/manpages/gnutls_privkey_import_pkcs11.3,
	doc/manpages/gnutls_privkey_import_x509.3,
	doc/manpages/gnutls_privkey_init.3,
	doc/manpages/gnutls_privkey_sign_data.3,
	doc/manpages/gnutls_privkey_sign_hash.3,
	doc/manpages/gnutls_protocol_get_id.3,
	doc/manpages/gnutls_protocol_get_name.3,
	doc/manpages/gnutls_protocol_get_version.3,
	doc/manpages/gnutls_protocol_list.3,
	doc/manpages/gnutls_protocol_set_priority.3,
	doc/manpages/gnutls_psk_allocate_client_credentials.3,
	doc/manpages/gnutls_psk_allocate_server_credentials.3,
	doc/manpages/gnutls_psk_client_get_hint.3,
	doc/manpages/gnutls_psk_free_client_credentials.3,
	doc/manpages/gnutls_psk_free_server_credentials.3,
	doc/manpages/gnutls_psk_server_get_username.3,
	doc/manpages/gnutls_psk_set_client_credentials.3,
	doc/manpages/gnutls_psk_set_params_function.3,
	doc/manpages/gnutls_psk_set_server_credentials_file.3,
	doc/manpages/gnutls_psk_set_server_credentials_hint.3,
	doc/manpages/gnutls_psk_set_server_dh_params.3,
	doc/manpages/gnutls_psk_set_server_params_function.3,
	doc/manpages/gnutls_pubkey_deinit.3,
	doc/manpages/gnutls_pubkey_export.3,
	doc/manpages/gnutls_pubkey_get_key_id.3,
	doc/manpages/gnutls_pubkey_get_key_usage.3,
	doc/manpages/gnutls_pubkey_get_openpgp_key_id.3,
	doc/manpages/gnutls_pubkey_get_pk_algorithm.3,
	doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3,
	doc/manpages/gnutls_pubkey_get_pk_ecc_raw.3,
	doc/manpages/gnutls_pubkey_get_pk_ecc_x962.3,
	doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3,
	doc/manpages/gnutls_pubkey_get_preferred_hash_algorithm.3,
	doc/manpages/gnutls_pubkey_get_verify_algorithm.3,
	doc/manpages/gnutls_pubkey_import.3,
	doc/manpages/gnutls_pubkey_import_dsa_raw.3,
	doc/manpages/gnutls_pubkey_import_ecc_raw.3,
	doc/manpages/gnutls_pubkey_import_ecc_x962.3,
	doc/manpages/gnutls_pubkey_import_openpgp.3,
	doc/manpages/gnutls_pubkey_import_pkcs11.3,
	doc/manpages/gnutls_pubkey_import_pkcs11_url.3,
	doc/manpages/gnutls_pubkey_import_privkey.3,
	doc/manpages/gnutls_pubkey_import_rsa_raw.3,
	doc/manpages/gnutls_pubkey_import_x509.3,
	doc/manpages/gnutls_pubkey_init.3,
	doc/manpages/gnutls_pubkey_set_key_usage.3,
	doc/manpages/gnutls_pubkey_verify_data.3,
	doc/manpages/gnutls_pubkey_verify_data2.3,
	doc/manpages/gnutls_pubkey_verify_hash.3,
	doc/manpages/gnutls_record_check_pending.3,
	doc/manpages/gnutls_record_disable_padding.3,
	doc/manpages/gnutls_record_get_direction.3,
	doc/manpages/gnutls_record_get_discarded.3,
	doc/manpages/gnutls_record_get_max_size.3,
	doc/manpages/gnutls_record_recv.3,
	doc/manpages/gnutls_record_recv_seq.3,
	doc/manpages/gnutls_record_send.3,
	doc/manpages/gnutls_record_set_max_size.3,
	doc/manpages/gnutls_rehandshake.3, doc/manpages/gnutls_rnd.3,
	doc/manpages/gnutls_rsa_export_get_modulus_bits.3,
	doc/manpages/gnutls_rsa_export_get_pubkey.3,
	doc/manpages/gnutls_rsa_params_cpy.3,
	doc/manpages/gnutls_rsa_params_deinit.3,
	doc/manpages/gnutls_rsa_params_export_pkcs1.3,
	doc/manpages/gnutls_rsa_params_export_raw.3,
	doc/manpages/gnutls_rsa_params_generate2.3,
	doc/manpages/gnutls_rsa_params_import_pkcs1.3,
	doc/manpages/gnutls_rsa_params_import_raw.3,
	doc/manpages/gnutls_rsa_params_init.3,
	doc/manpages/gnutls_safe_renegotiation_status.3,
	doc/manpages/gnutls_sec_param_get_name.3,
	doc/manpages/gnutls_sec_param_to_pk_bits.3,
	doc/manpages/gnutls_server_name_get.3,
	doc/manpages/gnutls_server_name_set.3,
	doc/manpages/gnutls_session_channel_binding.3,
	doc/manpages/gnutls_session_enable_compatibility_mode.3,
	doc/manpages/gnutls_session_get_data.3,
	doc/manpages/gnutls_session_get_data2.3,
	doc/manpages/gnutls_session_get_id.3,
	doc/manpages/gnutls_session_get_ptr.3,
	doc/manpages/gnutls_session_is_resumed.3,
	doc/manpages/gnutls_session_set_data.3,
	doc/manpages/gnutls_session_set_ptr.3,
	doc/manpages/gnutls_session_ticket_enable_client.3,
	doc/manpages/gnutls_session_ticket_enable_server.3,
	doc/manpages/gnutls_session_ticket_key_generate.3,
	doc/manpages/gnutls_set_default_export_priority.3,
	doc/manpages/gnutls_set_default_priority.3,
	doc/manpages/gnutls_sign_algorithm_get_requested.3,
	doc/manpages/gnutls_sign_callback_get.3,
	doc/manpages/gnutls_sign_callback_set.3,
	doc/manpages/gnutls_sign_get_id.3,
	doc/manpages/gnutls_sign_get_name.3,
	doc/manpages/gnutls_sign_list.3,
	doc/manpages/gnutls_srp_allocate_client_credentials.3,
	doc/manpages/gnutls_srp_allocate_server_credentials.3,
	doc/manpages/gnutls_srp_base64_decode.3,
	doc/manpages/gnutls_srp_base64_decode_alloc.3,
	doc/manpages/gnutls_srp_base64_encode.3,
	doc/manpages/gnutls_srp_base64_encode_alloc.3,
	doc/manpages/gnutls_srp_free_client_credentials.3,
	doc/manpages/gnutls_srp_free_server_credentials.3,
	doc/manpages/gnutls_srp_server_get_username.3,
	doc/manpages/gnutls_srp_set_client_credentials.3,
	doc/manpages/gnutls_srp_set_prime_bits.3,
	doc/manpages/gnutls_srp_set_server_credentials_file.3,
	doc/manpages/gnutls_srp_verifier.3, doc/manpages/gnutls_strerror.3,
	doc/manpages/gnutls_strerror_name.3,
	doc/manpages/gnutls_supplemental_get_name.3,
	doc/manpages/gnutls_transport_get_ptr.3,
	doc/manpages/gnutls_transport_get_ptr2.3,
	doc/manpages/gnutls_transport_set_errno.3,
	doc/manpages/gnutls_transport_set_errno_function.3,
	doc/manpages/gnutls_transport_set_ptr.3,
	doc/manpages/gnutls_transport_set_ptr2.3,
	doc/manpages/gnutls_transport_set_pull_function.3,
	doc/manpages/gnutls_transport_set_pull_timeout_function.3,
	doc/manpages/gnutls_transport_set_push_function.3,
	doc/manpages/gnutls_transport_set_vec_push_function.3,
	doc/manpages/gnutls_x509_crl_check_issuer.3,
	doc/manpages/gnutls_x509_crl_deinit.3,
	doc/manpages/gnutls_x509_crl_export.3,
	doc/manpages/gnutls_x509_crl_get_authority_key_id.3,
	doc/manpages/gnutls_x509_crl_get_crt_count.3,
	doc/manpages/gnutls_x509_crl_get_crt_serial.3,
	doc/manpages/gnutls_x509_crl_get_dn_oid.3,
	doc/manpages/gnutls_x509_crl_get_extension_data.3,
	doc/manpages/gnutls_x509_crl_get_extension_info.3,
	doc/manpages/gnutls_x509_crl_get_extension_oid.3,
	doc/manpages/gnutls_x509_crl_get_issuer_dn.3,
	doc/manpages/gnutls_x509_crl_get_issuer_dn_by_oid.3,
	doc/manpages/gnutls_x509_crl_get_next_update.3,
	doc/manpages/gnutls_x509_crl_get_number.3,
	doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3,
	doc/manpages/gnutls_x509_crl_get_signature.3,
	doc/manpages/gnutls_x509_crl_get_signature_algorithm.3,
	doc/manpages/gnutls_x509_crl_get_this_update.3,
	doc/manpages/gnutls_x509_crl_get_version.3,
	doc/manpages/gnutls_x509_crl_import.3,
	doc/manpages/gnutls_x509_crl_init.3,
	doc/manpages/gnutls_x509_crl_list_import.3,
	doc/manpages/gnutls_x509_crl_list_import2.3,
	doc/manpages/gnutls_x509_crl_print.3,
	doc/manpages/gnutls_x509_crl_privkey_sign.3,
	doc/manpages/gnutls_x509_crl_set_authority_key_id.3,
	doc/manpages/gnutls_x509_crl_set_crt.3,
	doc/manpages/gnutls_x509_crl_set_crt_serial.3,
	doc/manpages/gnutls_x509_crl_set_next_update.3,
	doc/manpages/gnutls_x509_crl_set_number.3,
	doc/manpages/gnutls_x509_crl_set_this_update.3,
	doc/manpages/gnutls_x509_crl_set_version.3,
	doc/manpages/gnutls_x509_crl_sign.3,
	doc/manpages/gnutls_x509_crl_sign2.3,
	doc/manpages/gnutls_x509_crl_verify.3,
	doc/manpages/gnutls_x509_crq_deinit.3,
	doc/manpages/gnutls_x509_crq_export.3,
	doc/manpages/gnutls_x509_crq_get_attribute_by_oid.3,
	doc/manpages/gnutls_x509_crq_get_attribute_data.3,
	doc/manpages/gnutls_x509_crq_get_attribute_info.3,
	doc/manpages/gnutls_x509_crq_get_basic_constraints.3,
	doc/manpages/gnutls_x509_crq_get_challenge_password.3,
	doc/manpages/gnutls_x509_crq_get_dn.3,
	doc/manpages/gnutls_x509_crq_get_dn_by_oid.3,
	doc/manpages/gnutls_x509_crq_get_dn_oid.3,
	doc/manpages/gnutls_x509_crq_get_extension_by_oid.3,
	doc/manpages/gnutls_x509_crq_get_extension_data.3,
	doc/manpages/gnutls_x509_crq_get_extension_info.3,
	doc/manpages/gnutls_x509_crq_get_key_id.3,
	doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3,
	doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3,
	doc/manpages/gnutls_x509_crq_get_key_usage.3,
	doc/manpages/gnutls_x509_crq_get_pk_algorithm.3,
	doc/manpages/gnutls_x509_crq_get_subject_alt_name.3,
	doc/manpages/gnutls_x509_crq_get_subject_alt_othername_oid.3,
	doc/manpages/gnutls_x509_crq_get_version.3,
	doc/manpages/gnutls_x509_crq_import.3,
	doc/manpages/gnutls_x509_crq_init.3,
	doc/manpages/gnutls_x509_crq_print.3,
	doc/manpages/gnutls_x509_crq_privkey_sign.3,
	doc/manpages/gnutls_x509_crq_set_attribute_by_oid.3,
	doc/manpages/gnutls_x509_crq_set_basic_constraints.3,
	doc/manpages/gnutls_x509_crq_set_challenge_password.3,
	doc/manpages/gnutls_x509_crq_set_dn_by_oid.3,
	doc/manpages/gnutls_x509_crq_set_key.3,
	doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3,
	doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3,
	doc/manpages/gnutls_x509_crq_set_key_usage.3,
	doc/manpages/gnutls_x509_crq_set_pubkey.3,
	doc/manpages/gnutls_x509_crq_set_subject_alt_name.3,
	doc/manpages/gnutls_x509_crq_set_version.3,
	doc/manpages/gnutls_x509_crq_sign.3,
	doc/manpages/gnutls_x509_crq_sign2.3,
	doc/manpages/gnutls_x509_crq_verify.3,
	doc/manpages/gnutls_x509_crt_check_hostname.3,
	doc/manpages/gnutls_x509_crt_check_issuer.3,
	doc/manpages/gnutls_x509_crt_check_revocation.3,
	doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3,
	doc/manpages/gnutls_x509_crt_deinit.3,
	doc/manpages/gnutls_x509_crt_export.3,
	doc/manpages/gnutls_x509_crt_get_activation_time.3,
	doc/manpages/gnutls_x509_crt_get_authority_info_access.3,
	doc/manpages/gnutls_x509_crt_get_authority_key_id.3,
	doc/manpages/gnutls_x509_crt_get_basic_constraints.3,
	doc/manpages/gnutls_x509_crt_get_ca_status.3,
	doc/manpages/gnutls_x509_crt_get_crl_dist_points.3,
	doc/manpages/gnutls_x509_crt_get_dn.3,
	doc/manpages/gnutls_x509_crt_get_dn_by_oid.3,
	doc/manpages/gnutls_x509_crt_get_dn_oid.3,
	doc/manpages/gnutls_x509_crt_get_expiration_time.3,
	doc/manpages/gnutls_x509_crt_get_extension_by_oid.3,
	doc/manpages/gnutls_x509_crt_get_extension_data.3,
	doc/manpages/gnutls_x509_crt_get_extension_info.3,
	doc/manpages/gnutls_x509_crt_get_extension_oid.3,
	doc/manpages/gnutls_x509_crt_get_fingerprint.3,
	doc/manpages/gnutls_x509_crt_get_issuer.3,
	doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3,
	doc/manpages/gnutls_x509_crt_get_issuer_alt_name2.3,
	doc/manpages/gnutls_x509_crt_get_issuer_alt_othername_oid.3,
	doc/manpages/gnutls_x509_crt_get_issuer_dn.3,
	doc/manpages/gnutls_x509_crt_get_issuer_dn_by_oid.3,
	doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3,
	doc/manpages/gnutls_x509_crt_get_issuer_unique_id.3,
	doc/manpages/gnutls_x509_crt_get_key_id.3,
	doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3,
	doc/manpages/gnutls_x509_crt_get_key_usage.3,
	doc/manpages/gnutls_x509_crt_get_pk_algorithm.3,
	doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3,
	doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3,
	doc/manpages/gnutls_x509_crt_get_preferred_hash_algorithm.3,
	doc/manpages/gnutls_x509_crt_get_proxy.3,
	doc/manpages/gnutls_x509_crt_get_raw_dn.3,
	doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3,
	doc/manpages/gnutls_x509_crt_get_serial.3,
	doc/manpages/gnutls_x509_crt_get_signature.3,
	doc/manpages/gnutls_x509_crt_get_signature_algorithm.3,
	doc/manpages/gnutls_x509_crt_get_subject.3,
	doc/manpages/gnutls_x509_crt_get_subject_alt_name.3,
	doc/manpages/gnutls_x509_crt_get_subject_alt_name2.3,
	doc/manpages/gnutls_x509_crt_get_subject_alt_othername_oid.3,
	doc/manpages/gnutls_x509_crt_get_subject_key_id.3,
	doc/manpages/gnutls_x509_crt_get_subject_unique_id.3,
	doc/manpages/gnutls_x509_crt_get_verify_algorithm.3,
	doc/manpages/gnutls_x509_crt_get_version.3,
	doc/manpages/gnutls_x509_crt_import.3,
	doc/manpages/gnutls_x509_crt_import_pkcs11.3,
	doc/manpages/gnutls_x509_crt_import_pkcs11_url.3,
	doc/manpages/gnutls_x509_crt_init.3,
	doc/manpages/gnutls_x509_crt_list_import.3,
	doc/manpages/gnutls_x509_crt_list_import2.3,
	doc/manpages/gnutls_x509_crt_list_import_pkcs11.3,
	doc/manpages/gnutls_x509_crt_list_verify.3,
	doc/manpages/gnutls_x509_crt_print.3,
	doc/manpages/gnutls_x509_crt_privkey_sign.3,
	doc/manpages/gnutls_x509_crt_set_activation_time.3,
	doc/manpages/gnutls_x509_crt_set_authority_key_id.3,
	doc/manpages/gnutls_x509_crt_set_basic_constraints.3,
	doc/manpages/gnutls_x509_crt_set_ca_status.3,
	doc/manpages/gnutls_x509_crt_set_crl_dist_points.3,
	doc/manpages/gnutls_x509_crt_set_crl_dist_points2.3,
	doc/manpages/gnutls_x509_crt_set_crq.3,
	doc/manpages/gnutls_x509_crt_set_crq_extensions.3,
	doc/manpages/gnutls_x509_crt_set_dn_by_oid.3,
	doc/manpages/gnutls_x509_crt_set_expiration_time.3,
	doc/manpages/gnutls_x509_crt_set_extension_by_oid.3,
	doc/manpages/gnutls_x509_crt_set_issuer_dn_by_oid.3,
	doc/manpages/gnutls_x509_crt_set_key.3,
	doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3,
	doc/manpages/gnutls_x509_crt_set_key_usage.3,
	doc/manpages/gnutls_x509_crt_set_proxy.3,
	doc/manpages/gnutls_x509_crt_set_proxy_dn.3,
	doc/manpages/gnutls_x509_crt_set_pubkey.3,
	doc/manpages/gnutls_x509_crt_set_serial.3,
	doc/manpages/gnutls_x509_crt_set_subject_alt_name.3,
	doc/manpages/gnutls_x509_crt_set_subject_alternative_name.3,
	doc/manpages/gnutls_x509_crt_set_subject_key_id.3,
	doc/manpages/gnutls_x509_crt_set_version.3,
	doc/manpages/gnutls_x509_crt_sign.3,
	doc/manpages/gnutls_x509_crt_sign2.3,
	doc/manpages/gnutls_x509_crt_verify.3,
	doc/manpages/gnutls_x509_crt_verify_data.3,
	doc/manpages/gnutls_x509_crt_verify_hash.3,
	doc/manpages/gnutls_x509_dn_deinit.3,
	doc/manpages/gnutls_x509_dn_export.3,
	doc/manpages/gnutls_x509_dn_get_rdn_ava.3,
	doc/manpages/gnutls_x509_dn_import.3,
	doc/manpages/gnutls_x509_dn_init.3,
	doc/manpages/gnutls_x509_dn_oid_known.3,
	doc/manpages/gnutls_x509_privkey_cpy.3,
	doc/manpages/gnutls_x509_privkey_deinit.3,
	doc/manpages/gnutls_x509_privkey_export.3,
	doc/manpages/gnutls_x509_privkey_export_dsa_raw.3,
	doc/manpages/gnutls_x509_privkey_export_ecc_raw.3,
	doc/manpages/gnutls_x509_privkey_export_pkcs8.3,
	doc/manpages/gnutls_x509_privkey_export_rsa_raw.3,
	doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3,
	doc/manpages/gnutls_x509_privkey_fix.3,
	doc/manpages/gnutls_x509_privkey_generate.3,
	doc/manpages/gnutls_x509_privkey_get_key_id.3,
	doc/manpages/gnutls_x509_privkey_get_pk_algorithm.3,
	doc/manpages/gnutls_x509_privkey_import.3,
	doc/manpages/gnutls_x509_privkey_import_dsa_raw.3,
	doc/manpages/gnutls_x509_privkey_import_ecc_raw.3,
	doc/manpages/gnutls_x509_privkey_import_pkcs8.3,
	doc/manpages/gnutls_x509_privkey_import_rsa_raw.3,
	doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3,
	doc/manpages/gnutls_x509_privkey_init.3,
	doc/manpages/gnutls_x509_privkey_sec_param.3,
	doc/manpages/gnutls_x509_privkey_sign_data.3,
	doc/manpages/gnutls_x509_privkey_sign_hash.3,
	doc/manpages/gnutls_x509_privkey_verify_params.3,
	doc/manpages/gnutls_x509_rdn_get.3,
	doc/manpages/gnutls_x509_rdn_get_by_oid.3,
	doc/manpages/gnutls_x509_rdn_get_oid.3,
	doc/manpages/gnutls_x509_trust_list_add_cas.3,
	doc/manpages/gnutls_x509_trust_list_add_crls.3,
	doc/manpages/gnutls_x509_trust_list_add_named_crt.3,
	doc/manpages/gnutls_x509_trust_list_deinit.3,
	doc/manpages/gnutls_x509_trust_list_get_issuer.3,
	doc/manpages/gnutls_x509_trust_list_init.3,
	doc/manpages/gnutls_x509_trust_list_verify_crt.3,
	doc/manpages/gnutls_x509_trust_list_verify_named_crt.3: manpages
	don't need to be in the repository.

2011-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/slow/Makefile.am, tests/{ =>
	slow}/cipher-test.c: cipher-test is now run without valgrind

2011-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.h: removed superfluous check.

2011-11-29  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, tests/suite/chain: Fix syntax-check nits.

2011-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/scripts/mytexi2latex: documentation updates.

2011-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: use emph instead of cite since cite produces bad
	output in texi2html.

2011-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/scripts/mytexi2latex: updates in
	sectioning. Subheading was used instead of subsection in few cases.

2011-11-25  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/system/documentation/output.scm: guile: Fix the
	(unused) `output-procedure-texi-documentation-from-c-file'.  Reported by Mike Gran <spk121@yahoo.com>.

2011-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: copy images to html_node

2011-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi: added missing node

2011-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
	doc/cha-internals.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, doc/cha-programs.texi, doc/scripts/gdoc,
	doc/scripts/mytexi2latex: updates in texi and tex documentation.

2011-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/Makefile.am, lib/opencdk/dummy.c, lib/opencdk/main.h: 
	dropped unneeded function.

2011-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/Makefile.am, doc/cha-functions.texi,
	doc/cha-gtls-app.texi, doc/gnutls.texi, doc/scripts/gdoc,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/openpgp.h: Separated API reference to header
	files in the texi manual.

2011-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-examples.texi: removed text for tcp functions.

2011-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, cfg.mk, doc/manpages/Makefile.am,
	doc/manpages/gnutls_alert_get.3,
	doc/manpages/gnutls_alert_get_name.3,
	doc/manpages/gnutls_alert_get_strname.3,
	doc/manpages/gnutls_alert_send.3,
	doc/manpages/gnutls_alert_send_appropriate.3,
	doc/manpages/gnutls_anon_allocate_client_credentials.3,
	doc/manpages/gnutls_anon_allocate_server_credentials.3,
	doc/manpages/gnutls_anon_free_client_credentials.3,
	doc/manpages/gnutls_anon_free_server_credentials.3,
	doc/manpages/gnutls_anon_set_params_function.3,
	doc/manpages/gnutls_anon_set_server_dh_params.3,
	doc/manpages/gnutls_anon_set_server_params_function.3,
	doc/manpages/gnutls_auth_client_get_type.3,
	doc/manpages/gnutls_auth_get_type.3,
	doc/manpages/gnutls_auth_server_get_type.3,
	doc/manpages/gnutls_bye.3,
	doc/manpages/gnutls_certificate_activation_time_peers.3,
	doc/manpages/gnutls_certificate_allocate_credentials.3,
	doc/manpages/gnutls_certificate_client_get_request_status.3,
	doc/manpages/gnutls_certificate_expiration_time_peers.3,
	doc/manpages/gnutls_certificate_free_ca_names.3,
	doc/manpages/gnutls_certificate_free_cas.3,
	doc/manpages/gnutls_certificate_free_credentials.3,
	doc/manpages/gnutls_certificate_free_crls.3,
	doc/manpages/gnutls_certificate_free_keys.3,
	doc/manpages/gnutls_certificate_get_issuer.3,
	doc/manpages/gnutls_certificate_get_openpgp_keyring.3,
	doc/manpages/gnutls_certificate_get_ours.3,
	doc/manpages/gnutls_certificate_get_peers.3,
	doc/manpages/gnutls_certificate_send_x509_rdn_sequence.3,
	doc/manpages/gnutls_certificate_server_set_request.3,
	doc/manpages/gnutls_certificate_set_dh_params.3,
	doc/manpages/gnutls_certificate_set_key.3,
	doc/manpages/gnutls_certificate_set_openpgp_key.3,
	doc/manpages/gnutls_certificate_set_openpgp_key_file.3,
	doc/manpages/gnutls_certificate_set_openpgp_key_file2.3,
	doc/manpages/gnutls_certificate_set_openpgp_key_mem.3,
	doc/manpages/gnutls_certificate_set_openpgp_key_mem2.3,
	doc/manpages/gnutls_certificate_set_params_function.3,
	doc/manpages/gnutls_certificate_set_rsa_export_params.3,
	doc/manpages/gnutls_certificate_set_verify_flags.3,
	doc/manpages/gnutls_certificate_set_verify_function.3,
	doc/manpages/gnutls_certificate_set_verify_limits.3,
	doc/manpages/gnutls_certificate_set_x509_crl.3,
	doc/manpages/gnutls_certificate_set_x509_crl_file.3,
	doc/manpages/gnutls_certificate_set_x509_crl_mem.3,
	doc/manpages/gnutls_certificate_set_x509_key.3,
	doc/manpages/gnutls_certificate_set_x509_key_file.3,
	doc/manpages/gnutls_certificate_set_x509_key_mem.3,
	doc/manpages/gnutls_certificate_set_x509_trust.3,
	doc/manpages/gnutls_certificate_set_x509_trust_file.3,
	doc/manpages/gnutls_certificate_set_x509_trust_mem.3,
	doc/manpages/gnutls_certificate_type_get.3,
	doc/manpages/gnutls_certificate_type_get_id.3,
	doc/manpages/gnutls_certificate_type_get_name.3,
	doc/manpages/gnutls_certificate_type_list.3,
	doc/manpages/gnutls_certificate_type_set_priority.3,
	doc/manpages/gnutls_certificate_verify_peers2.3,
	doc/manpages/gnutls_check_version.3,
	doc/manpages/gnutls_cipher_add_auth.3,
	doc/manpages/gnutls_cipher_decrypt.3,
	doc/manpages/gnutls_cipher_decrypt2.3,
	doc/manpages/gnutls_cipher_deinit.3,
	doc/manpages/gnutls_cipher_encrypt.3,
	doc/manpages/gnutls_cipher_encrypt2.3,
	doc/manpages/gnutls_cipher_get.3,
	doc/manpages/gnutls_cipher_get_block_size.3,
	doc/manpages/gnutls_cipher_get_id.3,
	doc/manpages/gnutls_cipher_get_key_size.3,
	doc/manpages/gnutls_cipher_get_name.3,
	doc/manpages/gnutls_cipher_init.3,
	doc/manpages/gnutls_cipher_list.3,
	doc/manpages/gnutls_cipher_set_iv.3,
	doc/manpages/gnutls_cipher_set_priority.3,
	doc/manpages/gnutls_cipher_suite_get_name.3,
	doc/manpages/gnutls_cipher_suite_info.3,
	doc/manpages/gnutls_cipher_tag.3,
	doc/manpages/gnutls_compression_get.3,
	doc/manpages/gnutls_compression_get_id.3,
	doc/manpages/gnutls_compression_get_name.3,
	doc/manpages/gnutls_compression_list.3,
	doc/manpages/gnutls_compression_set_priority.3,
	doc/manpages/gnutls_credentials_clear.3,
	doc/manpages/gnutls_credentials_set.3,
	doc/manpages/gnutls_db_check_entry.3,
	doc/manpages/gnutls_db_get_ptr.3,
	doc/manpages/gnutls_db_remove_session.3,
	doc/manpages/gnutls_db_set_cache_expiration.3,
	doc/manpages/gnutls_db_set_ptr.3,
	doc/manpages/gnutls_db_set_remove_function.3,
	doc/manpages/gnutls_db_set_retrieve_function.3,
	doc/manpages/gnutls_db_set_store_function.3,
	doc/manpages/gnutls_deinit.3, doc/manpages/gnutls_dh_get_group.3,
	doc/manpages/gnutls_dh_get_peers_public_bits.3,
	doc/manpages/gnutls_dh_get_prime_bits.3,
	doc/manpages/gnutls_dh_get_pubkey.3,
	doc/manpages/gnutls_dh_get_secret_bits.3,
	doc/manpages/gnutls_dh_params_cpy.3,
	doc/manpages/gnutls_dh_params_deinit.3,
	doc/manpages/gnutls_dh_params_export_pkcs3.3,
	doc/manpages/gnutls_dh_params_export_raw.3,
	doc/manpages/gnutls_dh_params_generate2.3,
	doc/manpages/gnutls_dh_params_import_pkcs3.3,
	doc/manpages/gnutls_dh_params_import_raw.3,
	doc/manpages/gnutls_dh_params_init.3,
	doc/manpages/gnutls_dh_set_prime_bits.3,
	doc/manpages/gnutls_dtls_cookie_send.3,
	doc/manpages/gnutls_dtls_cookie_verify.3,
	doc/manpages/gnutls_dtls_get_data_mtu.3,
	doc/manpages/gnutls_dtls_get_mtu.3,
	doc/manpages/gnutls_dtls_prestate_set.3,
	doc/manpages/gnutls_dtls_set_mtu.3,
	doc/manpages/gnutls_dtls_set_timeouts.3,
	doc/manpages/gnutls_ecc_curve_get.3,
	doc/manpages/gnutls_ecc_curve_get_name.3,
	doc/manpages/gnutls_ecc_curve_get_size.3,
	doc/manpages/gnutls_error_is_fatal.3,
	doc/manpages/gnutls_error_to_alert.3,
	doc/manpages/gnutls_fingerprint.3,
	doc/manpages/gnutls_global_deinit.3,
	doc/manpages/gnutls_global_init.3,
	doc/manpages/gnutls_global_set_audit_log_function.3,
	doc/manpages/gnutls_global_set_log_function.3,
	doc/manpages/gnutls_global_set_log_level.3,
	doc/manpages/gnutls_global_set_mem_functions.3,
	doc/manpages/gnutls_global_set_mutex.3,
	doc/manpages/gnutls_global_set_time_function.3,
	doc/manpages/gnutls_handshake.3,
	doc/manpages/gnutls_handshake_get_last_in.3,
	doc/manpages/gnutls_handshake_get_last_out.3,
	doc/manpages/gnutls_handshake_set_max_packet_length.3,
	doc/manpages/gnutls_handshake_set_post_client_hello_function.3,
	doc/manpages/gnutls_handshake_set_private_extensions.3,
	doc/manpages/gnutls_hash.3, doc/manpages/gnutls_hash_deinit.3,
	doc/manpages/gnutls_hash_fast.3,
	doc/manpages/gnutls_hash_get_len.3,
	doc/manpages/gnutls_hash_init.3, doc/manpages/gnutls_hash_output.3,
	doc/manpages/gnutls_hex2bin.3, doc/manpages/gnutls_hex_decode.3,
	doc/manpages/gnutls_hex_encode.3, doc/manpages/gnutls_hmac.3,
	doc/manpages/gnutls_hmac_deinit.3, doc/manpages/gnutls_hmac_fast.3,
	doc/manpages/gnutls_hmac_get_len.3,
	doc/manpages/gnutls_hmac_init.3, doc/manpages/gnutls_hmac_output.3,
	doc/manpages/gnutls_init.3, doc/manpages/gnutls_key_generate.3,
	doc/manpages/gnutls_kx_get.3, doc/manpages/gnutls_kx_get_id.3,
	doc/manpages/gnutls_kx_get_name.3, doc/manpages/gnutls_kx_list.3,
	doc/manpages/gnutls_kx_set_priority.3,
	doc/manpages/gnutls_mac_get.3, doc/manpages/gnutls_mac_get_id.3,
	doc/manpages/gnutls_mac_get_key_size.3,
	doc/manpages/gnutls_mac_get_name.3, doc/manpages/gnutls_mac_list.3,
	doc/manpages/gnutls_mac_set_priority.3,
	doc/manpages/gnutls_openpgp_crt_check_hostname.3,
	doc/manpages/gnutls_openpgp_crt_deinit.3,
	doc/manpages/gnutls_openpgp_crt_export.3,
	doc/manpages/gnutls_openpgp_crt_get_auth_subkey.3,
	doc/manpages/gnutls_openpgp_crt_get_creation_time.3,
	doc/manpages/gnutls_openpgp_crt_get_expiration_time.3,
	doc/manpages/gnutls_openpgp_crt_get_fingerprint.3,
	doc/manpages/gnutls_openpgp_crt_get_key_id.3,
	doc/manpages/gnutls_openpgp_crt_get_key_usage.3,
	doc/manpages/gnutls_openpgp_crt_get_name.3,
	doc/manpages/gnutls_openpgp_crt_get_pk_algorithm.3,
	doc/manpages/gnutls_openpgp_crt_get_pk_dsa_raw.3,
	doc/manpages/gnutls_openpgp_crt_get_pk_rsa_raw.3,
	doc/manpages/gnutls_openpgp_crt_get_preferred_key_id.3,
	doc/manpages/gnutls_openpgp_crt_get_revoked_status.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_count.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_creation_time.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_expiration_time.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_fingerprint.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_id.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_idx.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_pk_algorithm.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_pk_dsa_raw.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_pk_rsa_raw.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_revoked_status.3,
	doc/manpages/gnutls_openpgp_crt_get_subkey_usage.3,
	doc/manpages/gnutls_openpgp_crt_get_version.3,
	doc/manpages/gnutls_openpgp_crt_import.3,
	doc/manpages/gnutls_openpgp_crt_init.3,
	doc/manpages/gnutls_openpgp_crt_print.3,
	doc/manpages/gnutls_openpgp_crt_set_preferred_key_id.3,
	doc/manpages/gnutls_openpgp_crt_verify_ring.3,
	doc/manpages/gnutls_openpgp_crt_verify_self.3,
	doc/manpages/gnutls_openpgp_keyring_check_id.3,
	doc/manpages/gnutls_openpgp_keyring_deinit.3,
	doc/manpages/gnutls_openpgp_keyring_get_crt.3,
	doc/manpages/gnutls_openpgp_keyring_get_crt_count.3,
	doc/manpages/gnutls_openpgp_keyring_import.3,
	doc/manpages/gnutls_openpgp_keyring_init.3,
	doc/manpages/gnutls_openpgp_privkey_deinit.3,
	doc/manpages/gnutls_openpgp_privkey_export.3,
	doc/manpages/gnutls_openpgp_privkey_export_dsa_raw.3,
	doc/manpages/gnutls_openpgp_privkey_export_rsa_raw.3,
	doc/manpages/gnutls_openpgp_privkey_export_subkey_dsa_raw.3,
	doc/manpages/gnutls_openpgp_privkey_export_subkey_rsa_raw.3,
	doc/manpages/gnutls_openpgp_privkey_get_fingerprint.3,
	doc/manpages/gnutls_openpgp_privkey_get_key_id.3,
	doc/manpages/gnutls_openpgp_privkey_get_pk_algorithm.3,
	doc/manpages/gnutls_openpgp_privkey_get_preferred_key_id.3,
	doc/manpages/gnutls_openpgp_privkey_get_revoked_status.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_count.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_creation_time.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_fingerprint.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_id.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_idx.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_pk_algorithm.3,
	doc/manpages/gnutls_openpgp_privkey_get_subkey_revoked_status.3,
	doc/manpages/gnutls_openpgp_privkey_import.3,
	doc/manpages/gnutls_openpgp_privkey_init.3,
	doc/manpages/gnutls_openpgp_privkey_sec_param.3,
	doc/manpages/gnutls_openpgp_privkey_set_preferred_key_id.3,
	doc/manpages/gnutls_openpgp_privkey_sign_hash.3,
	doc/manpages/gnutls_openpgp_send_cert.3,
	doc/manpages/gnutls_openpgp_set_recv_key_function.3,
	doc/manpages/gnutls_pcert_deinit.3,
	doc/manpages/gnutls_pcert_import_openpgp.3,
	doc/manpages/gnutls_pcert_import_openpgp_raw.3,
	doc/manpages/gnutls_pcert_import_x509.3,
	doc/manpages/gnutls_pcert_import_x509_raw.3,
	doc/manpages/gnutls_pcert_list_import_x509_raw.3,
	doc/manpages/gnutls_pem_base64_decode.3,
	doc/manpages/gnutls_pem_base64_decode_alloc.3,
	doc/manpages/gnutls_pem_base64_encode.3,
	doc/manpages/gnutls_pem_base64_encode_alloc.3,
	doc/manpages/gnutls_perror.3,
	doc/manpages/gnutls_pk_algorithm_get_name.3,
	doc/manpages/gnutls_pk_bits_to_sec_param.3,
	doc/manpages/gnutls_pk_get_id.3, doc/manpages/gnutls_pk_get_name.3,
	doc/manpages/gnutls_pk_list.3,
	doc/manpages/gnutls_pkcs11_add_provider.3,
	doc/manpages/gnutls_pkcs11_copy_secret_key.3,
	doc/manpages/gnutls_pkcs11_copy_x509_crt.3,
	doc/manpages/gnutls_pkcs11_copy_x509_privkey.3,
	doc/manpages/gnutls_pkcs11_deinit.3,
	doc/manpages/gnutls_pkcs11_delete_url.3,
	doc/manpages/gnutls_pkcs11_init.3,
	doc/manpages/gnutls_pkcs11_obj_deinit.3,
	doc/manpages/gnutls_pkcs11_obj_export.3,
	doc/manpages/gnutls_pkcs11_obj_export_url.3,
	doc/manpages/gnutls_pkcs11_obj_get_info.3,
	doc/manpages/gnutls_pkcs11_obj_get_type.3,
	doc/manpages/gnutls_pkcs11_obj_import_url.3,
	doc/manpages/gnutls_pkcs11_obj_init.3,
	doc/manpages/gnutls_pkcs11_obj_list_import_url.3,
	doc/manpages/gnutls_pkcs11_privkey_deinit.3,
	doc/manpages/gnutls_pkcs11_privkey_export_url.3,
	doc/manpages/gnutls_pkcs11_privkey_generate.3,
	doc/manpages/gnutls_pkcs11_privkey_get_info.3,
	doc/manpages/gnutls_pkcs11_privkey_get_pk_algorithm.3,
	doc/manpages/gnutls_pkcs11_privkey_import_url.3,
	doc/manpages/gnutls_pkcs11_privkey_init.3,
	doc/manpages/gnutls_pkcs11_set_pin_function.3,
	doc/manpages/gnutls_pkcs11_set_token_function.3,
	doc/manpages/gnutls_pkcs11_token_get_flags.3,
	doc/manpages/gnutls_pkcs11_token_get_info.3,
	doc/manpages/gnutls_pkcs11_token_get_mechanism.3,
	doc/manpages/gnutls_pkcs11_token_get_url.3,
	doc/manpages/gnutls_pkcs11_token_init.3,
	doc/manpages/gnutls_pkcs11_token_set_pin.3,
	doc/manpages/gnutls_pkcs11_type_get_name.3,
	doc/manpages/gnutls_pkcs12_bag_decrypt.3,
	doc/manpages/gnutls_pkcs12_bag_deinit.3,
	doc/manpages/gnutls_pkcs12_bag_encrypt.3,
	doc/manpages/gnutls_pkcs12_bag_get_count.3,
	doc/manpages/gnutls_pkcs12_bag_get_data.3,
	doc/manpages/gnutls_pkcs12_bag_get_friendly_name.3,
	doc/manpages/gnutls_pkcs12_bag_get_key_id.3,
	doc/manpages/gnutls_pkcs12_bag_get_type.3,
	doc/manpages/gnutls_pkcs12_bag_init.3,
	doc/manpages/gnutls_pkcs12_bag_set_crl.3,
	doc/manpages/gnutls_pkcs12_bag_set_crt.3,
	doc/manpages/gnutls_pkcs12_bag_set_data.3,
	doc/manpages/gnutls_pkcs12_bag_set_friendly_name.3,
	doc/manpages/gnutls_pkcs12_bag_set_key_id.3,
	doc/manpages/gnutls_pkcs12_deinit.3,
	doc/manpages/gnutls_pkcs12_export.3,
	doc/manpages/gnutls_pkcs12_generate_mac.3,
	doc/manpages/gnutls_pkcs12_get_bag.3,
	doc/manpages/gnutls_pkcs12_import.3,
	doc/manpages/gnutls_pkcs12_init.3,
	doc/manpages/gnutls_pkcs12_set_bag.3,
	doc/manpages/gnutls_pkcs12_verify_mac.3,
	doc/manpages/gnutls_pkcs7_deinit.3,
	doc/manpages/gnutls_pkcs7_delete_crl.3,
	doc/manpages/gnutls_pkcs7_delete_crt.3,
	doc/manpages/gnutls_pkcs7_export.3,
	doc/manpages/gnutls_pkcs7_get_crl_count.3,
	doc/manpages/gnutls_pkcs7_get_crl_raw.3,
	doc/manpages/gnutls_pkcs7_get_crt_count.3,
	doc/manpages/gnutls_pkcs7_get_crt_raw.3,
	doc/manpages/gnutls_pkcs7_import.3,
	doc/manpages/gnutls_pkcs7_init.3,
	doc/manpages/gnutls_pkcs7_set_crl.3,
	doc/manpages/gnutls_pkcs7_set_crl_raw.3,
	doc/manpages/gnutls_pkcs7_set_crt.3,
	doc/manpages/gnutls_pkcs7_set_crt_raw.3, doc/manpages/gnutls_prf.3,
	doc/manpages/gnutls_prf_raw.3,
	doc/manpages/gnutls_priority_deinit.3,
	doc/manpages/gnutls_priority_init.3,
	doc/manpages/gnutls_priority_set.3,
	doc/manpages/gnutls_priority_set_direct.3,
	doc/manpages/gnutls_privkey_decrypt_data.3,
	doc/manpages/gnutls_privkey_deinit.3,
	doc/manpages/gnutls_privkey_get_pk_algorithm.3,
	doc/manpages/gnutls_privkey_get_type.3,
	doc/manpages/gnutls_privkey_import_ext.3,
	doc/manpages/gnutls_privkey_import_openpgp.3,
	doc/manpages/gnutls_privkey_import_pkcs11.3,
	doc/manpages/gnutls_privkey_import_x509.3,
	doc/manpages/gnutls_privkey_init.3,
	doc/manpages/gnutls_privkey_sign_data.3,
	doc/manpages/gnutls_privkey_sign_hash.3,
	doc/manpages/gnutls_protocol_get_id.3,
	doc/manpages/gnutls_protocol_get_name.3,
	doc/manpages/gnutls_protocol_get_version.3,
	doc/manpages/gnutls_protocol_list.3,
	doc/manpages/gnutls_protocol_set_priority.3,
	doc/manpages/gnutls_psk_allocate_client_credentials.3,
	doc/manpages/gnutls_psk_allocate_server_credentials.3,
	doc/manpages/gnutls_psk_client_get_hint.3,
	doc/manpages/gnutls_psk_free_client_credentials.3,
	doc/manpages/gnutls_psk_free_server_credentials.3,
	doc/manpages/gnutls_psk_server_get_username.3,
	doc/manpages/gnutls_psk_set_client_credentials.3,
	doc/manpages/gnutls_psk_set_params_function.3,
	doc/manpages/gnutls_psk_set_server_credentials_file.3,
	doc/manpages/gnutls_psk_set_server_credentials_hint.3,
	doc/manpages/gnutls_psk_set_server_dh_params.3,
	doc/manpages/gnutls_psk_set_server_params_function.3,
	doc/manpages/gnutls_pubkey_deinit.3,
	doc/manpages/gnutls_pubkey_export.3,
	doc/manpages/gnutls_pubkey_get_key_id.3,
	doc/manpages/gnutls_pubkey_get_key_usage.3,
	doc/manpages/gnutls_pubkey_get_openpgp_key_id.3,
	doc/manpages/gnutls_pubkey_get_pk_algorithm.3,
	doc/manpages/gnutls_pubkey_get_pk_dsa_raw.3,
	doc/manpages/gnutls_pubkey_get_pk_ecc_raw.3,
	doc/manpages/gnutls_pubkey_get_pk_ecc_x962.3,
	doc/manpages/gnutls_pubkey_get_pk_rsa_raw.3,
	doc/manpages/gnutls_pubkey_get_preferred_hash_algorithm.3,
	doc/manpages/gnutls_pubkey_get_verify_algorithm.3,
	doc/manpages/gnutls_pubkey_import.3,
	doc/manpages/gnutls_pubkey_import_dsa_raw.3,
	doc/manpages/gnutls_pubkey_import_ecc_raw.3,
	doc/manpages/gnutls_pubkey_import_ecc_x962.3,
	doc/manpages/gnutls_pubkey_import_openpgp.3,
	doc/manpages/gnutls_pubkey_import_pkcs11.3,
	doc/manpages/gnutls_pubkey_import_pkcs11_url.3,
	doc/manpages/gnutls_pubkey_import_privkey.3,
	doc/manpages/gnutls_pubkey_import_rsa_raw.3,
	doc/manpages/gnutls_pubkey_import_x509.3,
	doc/manpages/gnutls_pubkey_init.3,
	doc/manpages/gnutls_pubkey_set_key_usage.3,
	doc/manpages/gnutls_pubkey_verify_data.3,
	doc/manpages/gnutls_pubkey_verify_data2.3,
	doc/manpages/gnutls_pubkey_verify_hash.3,
	doc/manpages/gnutls_record_check_pending.3,
	doc/manpages/gnutls_record_disable_padding.3,
	doc/manpages/gnutls_record_get_direction.3,
	doc/manpages/gnutls_record_get_discarded.3,
	doc/manpages/gnutls_record_get_max_size.3,
	doc/manpages/gnutls_record_recv.3,
	doc/manpages/gnutls_record_recv_seq.3,
	doc/manpages/gnutls_record_send.3,
	doc/manpages/gnutls_record_set_max_size.3,
	doc/manpages/gnutls_rehandshake.3, doc/manpages/gnutls_rnd.3,
	doc/manpages/gnutls_rsa_export_get_modulus_bits.3,
	doc/manpages/gnutls_rsa_export_get_pubkey.3,
	doc/manpages/gnutls_rsa_params_cpy.3,
	doc/manpages/gnutls_rsa_params_deinit.3,
	doc/manpages/gnutls_rsa_params_export_pkcs1.3,
	doc/manpages/gnutls_rsa_params_export_raw.3,
	doc/manpages/gnutls_rsa_params_generate2.3,
	doc/manpages/gnutls_rsa_params_import_pkcs1.3,
	doc/manpages/gnutls_rsa_params_import_raw.3,
	doc/manpages/gnutls_rsa_params_init.3,
	doc/manpages/gnutls_safe_renegotiation_status.3,
	doc/manpages/gnutls_sec_param_get_name.3,
	doc/manpages/gnutls_sec_param_to_pk_bits.3,
	doc/manpages/gnutls_server_name_get.3,
	doc/manpages/gnutls_server_name_set.3,
	doc/manpages/gnutls_session_channel_binding.3,
	doc/manpages/gnutls_session_enable_compatibility_mode.3,
	doc/manpages/gnutls_session_get_data.3,
	doc/manpages/gnutls_session_get_data2.3,
	doc/manpages/gnutls_session_get_id.3,
	doc/manpages/gnutls_session_get_ptr.3,
	doc/manpages/gnutls_session_is_resumed.3,
	doc/manpages/gnutls_session_set_data.3,
	doc/manpages/gnutls_session_set_ptr.3,
	doc/manpages/gnutls_session_ticket_enable_client.3,
	doc/manpages/gnutls_session_ticket_enable_server.3,
	doc/manpages/gnutls_session_ticket_key_generate.3,
	doc/manpages/gnutls_set_default_export_priority.3,
	doc/manpages/gnutls_set_default_priority.3,
	doc/manpages/gnutls_sign_algorithm_get_requested.3,
	doc/manpages/gnutls_sign_callback_get.3,
	doc/manpages/gnutls_sign_callback_set.3,
	doc/manpages/gnutls_sign_get_id.3,
	doc/manpages/gnutls_sign_get_name.3,
	doc/manpages/gnutls_sign_list.3,
	doc/manpages/gnutls_srp_allocate_client_credentials.3,
	doc/manpages/gnutls_srp_allocate_server_credentials.3,
	doc/manpages/gnutls_srp_base64_decode.3,
	doc/manpages/gnutls_srp_base64_decode_alloc.3,
	doc/manpages/gnutls_srp_base64_encode.3,
	doc/manpages/gnutls_srp_base64_encode_alloc.3,
	doc/manpages/gnutls_srp_free_client_credentials.3,
	doc/manpages/gnutls_srp_free_server_credentials.3,
	doc/manpages/gnutls_srp_server_get_username.3,
	doc/manpages/gnutls_srp_set_client_credentials.3,
	doc/manpages/gnutls_srp_set_prime_bits.3,
	doc/manpages/gnutls_srp_set_server_credentials_file.3,
	doc/manpages/gnutls_srp_verifier.3, doc/manpages/gnutls_strerror.3,
	doc/manpages/gnutls_strerror_name.3,
	doc/manpages/gnutls_supplemental_get_name.3,
	doc/manpages/gnutls_transport_get_ptr.3,
	doc/manpages/gnutls_transport_get_ptr2.3,
	doc/manpages/gnutls_transport_set_errno.3,
	doc/manpages/gnutls_transport_set_errno_function.3,
	doc/manpages/gnutls_transport_set_ptr.3,
	doc/manpages/gnutls_transport_set_ptr2.3,
	doc/manpages/gnutls_transport_set_pull_function.3,
	doc/manpages/gnutls_transport_set_pull_timeout_function.3,
	doc/manpages/gnutls_transport_set_push_function.3,
	doc/manpages/gnutls_transport_set_vec_push_function.3,
	doc/manpages/gnutls_x509_crl_check_issuer.3,
	doc/manpages/gnutls_x509_crl_deinit.3,
	doc/manpages/gnutls_x509_crl_export.3,
	doc/manpages/gnutls_x509_crl_get_authority_key_id.3,
	doc/manpages/gnutls_x509_crl_get_crt_count.3,
	doc/manpages/gnutls_x509_crl_get_crt_serial.3,
	doc/manpages/gnutls_x509_crl_get_dn_oid.3,
	doc/manpages/gnutls_x509_crl_get_extension_data.3,
	doc/manpages/gnutls_x509_crl_get_extension_info.3,
	doc/manpages/gnutls_x509_crl_get_extension_oid.3,
	doc/manpages/gnutls_x509_crl_get_issuer_dn.3,
	doc/manpages/gnutls_x509_crl_get_issuer_dn_by_oid.3,
	doc/manpages/gnutls_x509_crl_get_next_update.3,
	doc/manpages/gnutls_x509_crl_get_number.3,
	doc/manpages/gnutls_x509_crl_get_raw_issuer_dn.3,
	doc/manpages/gnutls_x509_crl_get_signature.3,
	doc/manpages/gnutls_x509_crl_get_signature_algorithm.3,
	doc/manpages/gnutls_x509_crl_get_this_update.3,
	doc/manpages/gnutls_x509_crl_get_version.3,
	doc/manpages/gnutls_x509_crl_import.3,
	doc/manpages/gnutls_x509_crl_init.3,
	doc/manpages/gnutls_x509_crl_list_import.3,
	doc/manpages/gnutls_x509_crl_list_import2.3,
	doc/manpages/gnutls_x509_crl_print.3,
	doc/manpages/gnutls_x509_crl_privkey_sign.3,
	doc/manpages/gnutls_x509_crl_set_authority_key_id.3,
	doc/manpages/gnutls_x509_crl_set_crt.3,
	doc/manpages/gnutls_x509_crl_set_crt_serial.3,
	doc/manpages/gnutls_x509_crl_set_next_update.3,
	doc/manpages/gnutls_x509_crl_set_number.3,
	doc/manpages/gnutls_x509_crl_set_this_update.3,
	doc/manpages/gnutls_x509_crl_set_version.3,
	doc/manpages/gnutls_x509_crl_sign.3,
	doc/manpages/gnutls_x509_crl_sign2.3,
	doc/manpages/gnutls_x509_crl_verify.3,
	doc/manpages/gnutls_x509_crq_deinit.3,
	doc/manpages/gnutls_x509_crq_export.3,
	doc/manpages/gnutls_x509_crq_get_attribute_by_oid.3,
	doc/manpages/gnutls_x509_crq_get_attribute_data.3,
	doc/manpages/gnutls_x509_crq_get_attribute_info.3,
	doc/manpages/gnutls_x509_crq_get_basic_constraints.3,
	doc/manpages/gnutls_x509_crq_get_challenge_password.3,
	doc/manpages/gnutls_x509_crq_get_dn.3,
	doc/manpages/gnutls_x509_crq_get_dn_by_oid.3,
	doc/manpages/gnutls_x509_crq_get_dn_oid.3,
	doc/manpages/gnutls_x509_crq_get_extension_by_oid.3,
	doc/manpages/gnutls_x509_crq_get_extension_data.3,
	doc/manpages/gnutls_x509_crq_get_extension_info.3,
	doc/manpages/gnutls_x509_crq_get_key_id.3,
	doc/manpages/gnutls_x509_crq_get_key_purpose_oid.3,
	doc/manpages/gnutls_x509_crq_get_key_rsa_raw.3,
	doc/manpages/gnutls_x509_crq_get_key_usage.3,
	doc/manpages/gnutls_x509_crq_get_pk_algorithm.3,
	doc/manpages/gnutls_x509_crq_get_subject_alt_name.3,
	doc/manpages/gnutls_x509_crq_get_subject_alt_othername_oid.3,
	doc/manpages/gnutls_x509_crq_get_version.3,
	doc/manpages/gnutls_x509_crq_import.3,
	doc/manpages/gnutls_x509_crq_init.3,
	doc/manpages/gnutls_x509_crq_print.3,
	doc/manpages/gnutls_x509_crq_privkey_sign.3,
	doc/manpages/gnutls_x509_crq_set_attribute_by_oid.3,
	doc/manpages/gnutls_x509_crq_set_basic_constraints.3,
	doc/manpages/gnutls_x509_crq_set_challenge_password.3,
	doc/manpages/gnutls_x509_crq_set_dn_by_oid.3,
	doc/manpages/gnutls_x509_crq_set_key.3,
	doc/manpages/gnutls_x509_crq_set_key_purpose_oid.3,
	doc/manpages/gnutls_x509_crq_set_key_rsa_raw.3,
	doc/manpages/gnutls_x509_crq_set_key_usage.3,
	doc/manpages/gnutls_x509_crq_set_pubkey.3,
	doc/manpages/gnutls_x509_crq_set_subject_alt_name.3,
	doc/manpages/gnutls_x509_crq_set_version.3,
	doc/manpages/gnutls_x509_crq_sign.3,
	doc/manpages/gnutls_x509_crq_sign2.3,
	doc/manpages/gnutls_x509_crq_verify.3,
	doc/manpages/gnutls_x509_crt_check_hostname.3,
	doc/manpages/gnutls_x509_crt_check_issuer.3,
	doc/manpages/gnutls_x509_crt_check_revocation.3,
	doc/manpages/gnutls_x509_crt_cpy_crl_dist_points.3,
	doc/manpages/gnutls_x509_crt_deinit.3,
	doc/manpages/gnutls_x509_crt_export.3,
	doc/manpages/gnutls_x509_crt_get_activation_time.3,
	doc/manpages/gnutls_x509_crt_get_authority_info_access.3,
	doc/manpages/gnutls_x509_crt_get_authority_key_id.3,
	doc/manpages/gnutls_x509_crt_get_basic_constraints.3,
	doc/manpages/gnutls_x509_crt_get_ca_status.3,
	doc/manpages/gnutls_x509_crt_get_crl_dist_points.3,
	doc/manpages/gnutls_x509_crt_get_dn.3,
	doc/manpages/gnutls_x509_crt_get_dn_by_oid.3,
	doc/manpages/gnutls_x509_crt_get_dn_oid.3,
	doc/manpages/gnutls_x509_crt_get_expiration_time.3,
	doc/manpages/gnutls_x509_crt_get_extension_by_oid.3,
	doc/manpages/gnutls_x509_crt_get_extension_data.3,
	doc/manpages/gnutls_x509_crt_get_extension_info.3,
	doc/manpages/gnutls_x509_crt_get_extension_oid.3,
	doc/manpages/gnutls_x509_crt_get_fingerprint.3,
	doc/manpages/gnutls_x509_crt_get_issuer.3,
	doc/manpages/gnutls_x509_crt_get_issuer_alt_name.3,
	doc/manpages/gnutls_x509_crt_get_issuer_alt_name2.3,
	doc/manpages/gnutls_x509_crt_get_issuer_alt_othername_oid.3,
	doc/manpages/gnutls_x509_crt_get_issuer_dn.3,
	doc/manpages/gnutls_x509_crt_get_issuer_dn_by_oid.3,
	doc/manpages/gnutls_x509_crt_get_issuer_dn_oid.3,
	doc/manpages/gnutls_x509_crt_get_issuer_unique_id.3,
	doc/manpages/gnutls_x509_crt_get_key_id.3,
	doc/manpages/gnutls_x509_crt_get_key_purpose_oid.3,
	doc/manpages/gnutls_x509_crt_get_key_usage.3,
	doc/manpages/gnutls_x509_crt_get_pk_algorithm.3,
	doc/manpages/gnutls_x509_crt_get_pk_dsa_raw.3,
	doc/manpages/gnutls_x509_crt_get_pk_rsa_raw.3,
	doc/manpages/gnutls_x509_crt_get_preferred_hash_algorithm.3,
	doc/manpages/gnutls_x509_crt_get_proxy.3,
	doc/manpages/gnutls_x509_crt_get_raw_dn.3,
	doc/manpages/gnutls_x509_crt_get_raw_issuer_dn.3,
	doc/manpages/gnutls_x509_crt_get_serial.3,
	doc/manpages/gnutls_x509_crt_get_signature.3,
	doc/manpages/gnutls_x509_crt_get_signature_algorithm.3,
	doc/manpages/gnutls_x509_crt_get_subject.3,
	doc/manpages/gnutls_x509_crt_get_subject_alt_name.3,
	doc/manpages/gnutls_x509_crt_get_subject_alt_name2.3,
	doc/manpages/gnutls_x509_crt_get_subject_alt_othername_oid.3,
	doc/manpages/gnutls_x509_crt_get_subject_key_id.3,
	doc/manpages/gnutls_x509_crt_get_subject_unique_id.3,
	doc/manpages/gnutls_x509_crt_get_verify_algorithm.3,
	doc/manpages/gnutls_x509_crt_get_version.3,
	doc/manpages/gnutls_x509_crt_import.3,
	doc/manpages/gnutls_x509_crt_import_pkcs11.3,
	doc/manpages/gnutls_x509_crt_import_pkcs11_url.3,
	doc/manpages/gnutls_x509_crt_init.3,
	doc/manpages/gnutls_x509_crt_list_import.3,
	doc/manpages/gnutls_x509_crt_list_import2.3,
	doc/manpages/gnutls_x509_crt_list_import_pkcs11.3,
	doc/manpages/gnutls_x509_crt_list_verify.3,
	doc/manpages/gnutls_x509_crt_print.3,
	doc/manpages/gnutls_x509_crt_privkey_sign.3,
	doc/manpages/gnutls_x509_crt_set_activation_time.3,
	doc/manpages/gnutls_x509_crt_set_authority_key_id.3,
	doc/manpages/gnutls_x509_crt_set_basic_constraints.3,
	doc/manpages/gnutls_x509_crt_set_ca_status.3,
	doc/manpages/gnutls_x509_crt_set_crl_dist_points.3,
	doc/manpages/gnutls_x509_crt_set_crl_dist_points2.3,
	doc/manpages/gnutls_x509_crt_set_crq.3,
	doc/manpages/gnutls_x509_crt_set_crq_extensions.3,
	doc/manpages/gnutls_x509_crt_set_dn_by_oid.3,
	doc/manpages/gnutls_x509_crt_set_expiration_time.3,
	doc/manpages/gnutls_x509_crt_set_extension_by_oid.3,
	doc/manpages/gnutls_x509_crt_set_issuer_dn_by_oid.3,
	doc/manpages/gnutls_x509_crt_set_key.3,
	doc/manpages/gnutls_x509_crt_set_key_purpose_oid.3,
	doc/manpages/gnutls_x509_crt_set_key_usage.3,
	doc/manpages/gnutls_x509_crt_set_proxy.3,
	doc/manpages/gnutls_x509_crt_set_proxy_dn.3,
	doc/manpages/gnutls_x509_crt_set_pubkey.3,
	doc/manpages/gnutls_x509_crt_set_serial.3,
	doc/manpages/gnutls_x509_crt_set_subject_alt_name.3,
	doc/manpages/gnutls_x509_crt_set_subject_alternative_name.3,
	doc/manpages/gnutls_x509_crt_set_subject_key_id.3,
	doc/manpages/gnutls_x509_crt_set_version.3,
	doc/manpages/gnutls_x509_crt_sign.3,
	doc/manpages/gnutls_x509_crt_sign2.3,
	doc/manpages/gnutls_x509_crt_verify.3,
	doc/manpages/gnutls_x509_crt_verify_data.3,
	doc/manpages/gnutls_x509_crt_verify_hash.3,
	doc/manpages/gnutls_x509_dn_deinit.3,
	doc/manpages/gnutls_x509_dn_export.3,
	doc/manpages/gnutls_x509_dn_get_rdn_ava.3,
	doc/manpages/gnutls_x509_dn_import.3,
	doc/manpages/gnutls_x509_dn_init.3,
	doc/manpages/gnutls_x509_dn_oid_known.3,
	doc/manpages/gnutls_x509_privkey_cpy.3,
	doc/manpages/gnutls_x509_privkey_deinit.3,
	doc/manpages/gnutls_x509_privkey_export.3,
	doc/manpages/gnutls_x509_privkey_export_dsa_raw.3,
	doc/manpages/gnutls_x509_privkey_export_ecc_raw.3,
	doc/manpages/gnutls_x509_privkey_export_pkcs8.3,
	doc/manpages/gnutls_x509_privkey_export_rsa_raw.3,
	doc/manpages/gnutls_x509_privkey_export_rsa_raw2.3,
	doc/manpages/gnutls_x509_privkey_fix.3,
	doc/manpages/gnutls_x509_privkey_generate.3,
	doc/manpages/gnutls_x509_privkey_get_key_id.3,
	doc/manpages/gnutls_x509_privkey_get_pk_algorithm.3,
	doc/manpages/gnutls_x509_privkey_import.3,
	doc/manpages/gnutls_x509_privkey_import_dsa_raw.3,
	doc/manpages/gnutls_x509_privkey_import_ecc_raw.3,
	doc/manpages/gnutls_x509_privkey_import_pkcs8.3,
	doc/manpages/gnutls_x509_privkey_import_rsa_raw.3,
	doc/manpages/gnutls_x509_privkey_import_rsa_raw2.3,
	doc/manpages/gnutls_x509_privkey_init.3,
	doc/manpages/gnutls_x509_privkey_sec_param.3,
	doc/manpages/gnutls_x509_privkey_sign_data.3,
	doc/manpages/gnutls_x509_privkey_sign_hash.3,
	doc/manpages/gnutls_x509_privkey_verify_params.3,
	doc/manpages/gnutls_x509_rdn_get.3,
	doc/manpages/gnutls_x509_rdn_get_by_oid.3,
	doc/manpages/gnutls_x509_rdn_get_oid.3,
	doc/manpages/gnutls_x509_trust_list_add_cas.3,
	doc/manpages/gnutls_x509_trust_list_add_crls.3,
	doc/manpages/gnutls_x509_trust_list_add_named_crt.3,
	doc/manpages/gnutls_x509_trust_list_deinit.3,
	doc/manpages/gnutls_x509_trust_list_get_issuer.3,
	doc/manpages/gnutls_x509_trust_list_init.3,
	doc/manpages/gnutls_x509_trust_list_verify_crt.3,
	doc/manpages/gnutls_x509_trust_list_verify_named_crt.3,
	doc/scripts/getfuncs.pl, lib/gnutls_cert.c, lib/gnutls_str.c: Added
	a more robust manpage generation method.

2011-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c: 
	updated/fixed SRP and PSK examples.

2011-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: updated client certificate signature algorithm
	indication, to allow holding 3 algorithms.

2011-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: use texi2html to generate documentation

2011-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: corrected texinfo and manpage generation of
	documentation.

2011-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: count all discarded packets as dropped.

2011-11-15  Martin Storsjo <martin@martin.st>

	* extra/Makefile.am, lib/Makefile.am: Add dependencies from the def
	files to the libraries that generate them This avoids build failures in parallel builds, where builds could
	fail with this error message: make[2]: *** No rule to make target `libgnutls-26.def', needed by
	`all-am'.  Stop.  There is no direct rules that generate it, but it is generated as a
	byproduct when building libgnutls.la. By marking the la file as a
	dependency, make won't bail out by not finding the file until that
	dependency is built, and at that point, the def file exists.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2011-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-auth.texi, doc/cha-cert-auth.texi,
	doc/cha-cert-auth2.texi, doc/cha-gtls-app.texi,
	doc/cha-gtls-examples.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, doc/cha-shared-key.texi, doc/gnutls.texi,
	doc/latex/.gitignore, doc/latex/Makefile.am, doc/latex/gnutls.tex,
	doc/scripts/mytexi2latex: reorganized documentation

2011-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/asm-coff/appro-aes-x86-coff.s,
	lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
	lib/accelerated/x86/asm-coff/cpuid-x86-coff.s,
	lib/accelerated/x86/asm-coff/padlock-x86-coff.s,
	lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s,
	lib/accelerated/x86/asm/appro-aes-x86-64.s,
	lib/accelerated/x86/asm/appro-aes-x86.s,
	lib/accelerated/x86/asm/cpuid-x86-64.s,
	lib/accelerated/x86/asm/cpuid-x86.s,
	lib/accelerated/x86/asm/padlock-x86-64.s,
	lib/accelerated/x86/asm/padlock-x86.s: Commited new assembler files.

2011-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk, devel/perlasm/aesni-x86.pl,
	devel/perlasm/aesni-x86_64.pl, devel/perlasm/cbc.pl,
	devel/perlasm/cpuid-x86.pl, devel/perlasm/cpuid-x86_64.pl,
	devel/perlasm/e_padlock-x86.pl, devel/perlasm/e_padlock-x86_64.pl,
	devel/perlasm/ghash-x86.pl, devel/perlasm/ghash-x86_64.pl,
	devel/perlasm/license-gnutls.txt, devel/perlasm/license.txt,
	devel/perlasm/ppc-xlate.pl, devel/perlasm/readme,
	devel/perlasm/x86_64-xlate.pl, devel/perlasm/x86asm.pl,
	devel/perlasm/x86gas.pl, devel/perlasm/x86masm.pl,
	devel/perlasm/x86nasm.pl: Added rules to auto-generate the assembler
	files.

2011-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: updated

2011-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-programs.texi,
	doc/gnutls.texi: Tools are discussed in the relevant chapters and
	sections.

2011-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.0.8

2011-11-12  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Add tests/slow/Makfile and sort config files.

2011-11-12  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix wordwrap.

2011-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify-high.c, lib/x509/verify-high.h: Don't export
	verify-high structs internally.

2011-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: document the gpl modules used by gnulib

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/slow/Makefile.am, tests/slow/README,
	tests/{ => slow}/gendh.c, tests/{ => slow}/keygen.c: slow tests are
	not being run using valgrind

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ecdsa/Makefile.am: distribute pem file

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ecdsa/bad-key.pem, tests/ecdsa/ecdsa: Added test to detect a
	wrong ECDSA key.

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.h, lib/gnutls_int.h: define likely() and
	unlikely() and use them to prevent debugging code from being
	prioritized in branch prediction.

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, m4/hooks.m4: bumped library version and documented updates.

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.h, lib/gnutls_errors.c, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c,
	lib/x509/privkey.c, src/certtool.c, tests/Makefile.am,
	tests/keygen.c: Added gnutls_x509_privkey_verify_params() which
	verifies the parameters of a private key. Added test case for
	private key generation.

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-common.c, src/certtool.c,
	src/psk.c, src/srptool.c, src/tests.c, src/tls_test.c: simplified
	copyright years.

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped library versions

2011-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/scripts/mytexi2latex,
	lib/x509/crl_write.c: Added documentation on revocation lists.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/chain: account for error code 1 in certtool.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: document updates

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: Reduce pad.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: added missing dir

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_record.c: Revert "periodically print
	messages that might be used in timing attacks." This reverts commit a333d71762903ff5b716d1e3967017b1baf61bd2.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: Revert "dropped packets are also reported on
	gnutls_deinit() to ensure that they are not lost." This reverts commit 41a73fb4a147dc4773d4b546d5d8b5cfdae255d9.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: provide less timing information during packet
	MAC verification.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/ecdsa/ecdsa: silence test

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.h, lib/gnutls_ecc.c, lib/gnutls_pubkey.c,
	lib/nettle/pk.c, lib/pkcs11_write.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/privkey.c: Corrected ECC key
	generation.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: fail on certificate verification

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/ecdsa/Makefile.am, tests/ecdsa/ecdsa: 
	Added ECDSA key generation, signing and verification tests.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: verify the self signature of a CRQ when --crq-info
	parameter is given.

2011-11-10  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify-high.h: Add verify-high.h, to export some structs
	(for OCSP).

2011-11-10  Simon Josefsson <simon@josefsson.org>

	* lib/algorithms.h, lib/algorithms/mac.c: Add explicit digest
	mapping functions (for OCSP).

2011-11-10  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am, lib/x509/verify-high.c: Make verify-high
	structures internally accessible (for OCSP).

2011-11-10  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Indent.

2011-11-10  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/extensions.c: Make
	more functions available internally (for OCSP).

2011-11-10  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_str.c, lib/gnutls_str.h, lib/x509/output.c: Make
	asciiprint a globally available function.

2011-11-10  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Add.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: dropped packets are also reported on
	gnutls_deinit() to ensure that they are not lost.

2011-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_record.c: periodically print messages
	that might be used in timing attacks.

2011-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/COPYING => COPYING.LESSER: LGPLv3 license was moved to root.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* configure.ac, doc/reference/gnutls-docs.sgml,
	doc/reference/version.xml.in: Update gtk-doc template.

2011-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: updated

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/pkcs11.h: Remove redundant const keyword in
	(confuses gtk-doc parser).

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* README-alpha: Mention libidn dependency for crywrap.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pubkey.c: Don't crash if gnutls_pubkey_deinit is given
	a NULL key.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509_b64.c, lib/x509_b64.h: Remove dead code and use more
	static.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix code coverage rules.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Ignore coverage related stuff.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/Makefile.am: Don't add p11-kit to CFLAGS/LIBS
	globally, just where it is needed.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* doc/cyclo/Makefile.am: The build rule didn't really work before,
	now fixed.  Update copyright years.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Remove unneeded stuff.

2011-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c: enable _gnutls_dump_mpi() when debugging.

2011-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/debug.h: Revert "Remove dead code." This reverts commit e5d8a79fcc429902e8fb9b7cec91d66b965df5bb.

2011-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am, lib/gcrypt/Makefile.am,
	lib/gcrypt/cipher.c, lib/gcrypt/init.c, lib/gcrypt/mac.c,
	lib/gcrypt/mpi.c, lib/gcrypt/pk.c, lib/gcrypt/rnd.c: No need to
	distribute the libgcrypt backend (which cannot even be compiled).

2011-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/README: updated to include padlock.

2011-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c, lib/nettle/mac.c: release allocated memory on
	a cipher or mac failure to initialize.

2011-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: clarified usage of
	gnutls_record_check_pending().

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* lib/debug.c, lib/debug.h: Remove dead code.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Sort and add.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_db.c, lib/gnutls_db.h: Remove some redundant prototypes
	and use more static.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_db.c, lib/gnutls_db.h: Simplify redundant code.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* build-aux/pmccabe2html, gl/Makefile.am, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4: Add pmccabe2html gnulib module.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* gl/override/lib/hmac-md5.c.diff, gl/override/lib/memxor.c.diff,
	gl/override/lib/memxor.h.diff: Remove obsolete files.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* configure.ac, gl/override/lib/read-file.c.diff,
	gl/override/lib/read-file.h.diff,
	gl/override/tests/test-read-file.c.diff, gl/read-file.c,
	gl/read-file.h, gl/tests/test-read-file.c, lib/gnutls_x509.c,
	lib/openpgp/gnutls_openpgp.c, src/certtool-common.c,
	src/certtool.c, src/cli.c, src/crywrap/crywrap.c: Simplify static
	library renaming hack.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* tests/suite/Makefile.am: Cleanup and fix authorship notice (I
	didn't write this file).

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* tests/dsa/testdsa, tests/openpgp-certs/testcerts,
	tests/suite/testcompat-main, tests/suite/testsrn: Fix
	srcdir!=builddir builds.

2011-11-09  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Allow distcheck to work, the suppressions.valgrind
	file caused problems.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: enums.texi: Look in builddir too for gnutls.h.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am: doc: man pages for API functions
	were removed.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, gl/Makefile.am, gl/alignof.h, gl/argp-parse.c,
	gl/closedir.c, gl/m4/gnulib-comp.m4, gl/m4/math_h.m4,
	gl/m4/stdalign.m4, gl/math.in.h, gl/stdalign.in.h, gl/stdlib.in.h,
	gl/sys_socket.in.h, gl/tests/Makefile.am, gl/tests/putenv.c,
	gl/tests/test-stdalign.c, maint.mk: Update gnulib files.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Improve syntax-check rules.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Re-indent.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix syntax-check whitespace nit.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Fix portability quirk.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* tests/rsa-md5-collision/README: Fix 'the the' double use.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* lib/accelerated/x86/hmac-padlock.c: Remove unneeded assert.h
	inclusion.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* .gitattributes: Drop unneeded .gitattributes.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, gtk-doc.make: Update gtk-doc files.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Drop openssl API from GnuTLS API
	manual to avoid build errors.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Drop more extra stuff.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* extra/gnutls-extra.pc.in, extra/libgnutls-extra.map: Remove
	obsolete libgnutls-extra stuff.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/examples/verify.c: Include examples.h to get
	verify_certificate_callback prototype.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Improve header ignoring.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Use gettext 0.18 to avoid build error.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* lib/nettle/ecc_mulmod.c: Fix compile warnings.

2011-11-08  Simon Josefsson <simon@josefsson.org>

	* po/it.po.in: Sync with TP.

2011-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: released 3.0.7

2011-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Corrected ciphersuite
	GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256. Reported by Fabrice Gautier.

2011-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session.c: bug fix in gnutls_session_get_data().

2011-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2011-11-07  Alban Crequy <alban.crequy@collabora.co.uk>

	* lib/gnutls_session.c: gnutls_session_get_data: fix possible buffer
	overflow The test to avoid the buffer overflow was always false because
	session_data_size was set at the wrong place. This problem has been
	introduced by this commit: |commit ad4ed44c65e753e6d3a00104c049dd81826ccbf3 |Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> |Date:   Mon Nov 7 22:24:48 2005
	+0000 | |    This is the initial commit in the 1.3 branch. Ported
	from the PSK branch: |    * PSK ciphersuites have been added.  |
	* The session resumption data are now system independent.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented changes.

2011-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdh_common.c, lib/crypto-backend.h, lib/gnutls_ecc.c,
	lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/nettle/Makefile.am,
	lib/nettle/ecc.h, lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
	lib/nettle/ecc_projective_check_point.c,
	lib/nettle/ecc_projective_dbl_point.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/pk.c, lib/pkcs11_write.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/privkey.c,
	lib/x509/x509_int.h: Verify that received ECDH public key lies on
	the curve.

2011-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: ECDHE ciphersuites take precendence to
	plain DHE

2011-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS: documented fixes

2011-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc_test.c: re-removed file

2011-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c: Report correct error on ECC key parsing
	error.

2011-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc.h, lib/nettle/ecc_mulmod.c,
	lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_dbl_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c, lib/nettle/ecc_test.c: 
	converted more things to native gmp. This solves issue noticed in
	mips64 by Joseph Graham.

2011-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: Added tests for null ciphersuites.

2011-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2011-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
	doc/examples/ex-client-udp.c, doc/examples/ex-client2.c,
	doc/examples/ex-rfc2818.c, doc/examples/examples.h,
	doc/examples/verify.c: Include only a single example with X.509
	client. This example includes certificate verification.

2011-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/Makefile.am: no libextra in doc

2011-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: corrected NULL
	cipher encryption. Reported by Fabrice Gautier.

2011-11-04  Ludovic Courtès <ludo@gnu.org>

	* configure.ac, guile/modules/gnutls.in, guile/pre-inst-guile.in,
	guile/src/Makefile.am: guile: Rename `libguile-gnutls-v-2.la' to
	`guile-gnutls-v-2.la'.

2011-11-04  Ludovic Courtès <ludo@gnu.org>

	* .gitignore, configure.ac, guile/modules/Makefile.am,
	guile/modules/{gnutls.scm => gnutls.in}, guile/pre-inst-guile.in,
	guile/src/Makefile.am: guile: Install libguile-gnutls under
	$(libdir)/guile/X.Y.

2011-11-03  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls.scm, guile/pre-inst-guile.in,
	guile/src/Makefile.am: guile: Rename to `libguile-gnutls-v-2'.

2011-11-03  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls-guile.texi: doc: Make it clear that both Guile 1.8 and
	2.0 are supported.

2011-11-03  Ludovic Courtès <ludo@gnu.org>

	* doc/Makefile.am, doc/gnutls-guile.texi: guile: Update doc to
	reflect the removal of (gnutls extra).

2011-11-03  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
	guile/tests/openpgp-keys.scm: guile: Remove uses of (gnutls extra)
	from the tests.

2011-11-03  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/smobs.scm,
	guile/modules/gnutls/extra.scm, guile/pre-inst-guile.in,
	guile/src/Makefile.am, guile/src/core.c, guile/src/extra.c,
	guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
	guile/src/make-smob-header.scm, guile/src/make-smob-types.scm: 
	guile: Merge the (gnutls extra) module in (gnutls); deprecate it.

2011-11-03  Ludovic Courtès <ludo@gnu.org>

	* guile/pre-inst-guile.in, guile/src/Makefile.am: Reverting "Drop
	guile libgnutls-extra stuff."

2011-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/output.c,
	lib/x509/output.c: removed duplicate code.

2011-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/modules/gnutls/build/enums.scm: removed enumerations that
	don't exist

2011-11-02  Simon Josefsson <simon@josefsson.org>

	* lib/auth/srp.c: Fix typo.

2011-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/hmac-md5.c, gl/hmac.h, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/md5.m4, gl/m4/memxor.m4, gl/md5.c,
	gl/md5.h, gl/memxor.c, gl/memxor.h, gl/tests/Makefile.am,
	gl/tests/test-hmac-md5.c, gl/tests/test-md5.c: hmac-md5 gnulib
	module was removed (it was no longer used)

2011-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/srptool.c: print all groups.

2011-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/srp.c, lib/auth/srp_passwd.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/prime.c,
	src/srptool.c: Added 3072 and 4096-bit groups from RFC5054.

2011-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c,
	src/certtool-common.c, src/certtool.c, src/cli.c,
	src/crywrap/crywrap.c: read_file() and friends are accessed as
	gl_read_file().

2011-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/override/lib/read-file.c.diff,
	gl/override/lib/read-file.h.diff,
	gl/override/tests/test-read-file.c.diff, gl/read-file.c,
	gl/read-file.h, gl/tests/test-read-file.c: read_file and friends
	were renamed to gl_read_file.

2011-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: added David

2011-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2011-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: errcodes printlist and alert-printlist become
	EXTRA_PROGRAMS so they are not built by default.

2011-10-28  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix bootstrap rule to avoid duplicate gettext files.

2011-10-28  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Remove old hack.

2011-10-28  Simon Josefsson <simon@josefsson.org>

	* guile/pre-inst-guile.in, guile/src/Makefile.am: Drop guile
	libgnutls-extra stuff.

2011-10-28  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Avoid line wrapping copyright line.

2011-10-28  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath: Update config.rpath from gnulib.

2011-10-28  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, doc/reference/gnutls-docs.sgml: Drop
	more libgnutls-extra related stuff.

2011-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: released 3.0.5

2011-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/utils.c: added stdarg.h for vsnprintf.

2011-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c, src/benchmark.h: win32 fixes by David Hoyt.

2011-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am: more builddir fixes.

2011-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath, gl/Makefile.am, gl/{tests => }/connect.c,
	gl/inet_ntop.c, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/inet_ntop.m4, gl/recv.c, gl/send.c, gl/tests/Makefile.am,
	gl/tests/test-inet_ntop.c, gl/tests/test-recv.c,
	gl/tests/test-send.c: Added recv(), send(), connect() and
	inet_ntop() gnulib modules.

2011-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/opencdk/opencdk.h: do not unconditionally
	include sys/socket.h.

2011-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/{tests => }/close.c, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/tests/Makefile.am: Added gnulib close
	module.

2011-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: do not use NULL for device_fd in windows.

2011-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/main.c: no need to include windows.h here.

2011-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/cli.c, src/tls_test.c, src/udp-serv.c: 
	w32socket changes.

2011-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/{tests => }/arpa_inet.in.h, gl/errno.in.h,
	gl/{tests => }/inet_pton.c, gl/m4/ftruncate.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/ioctl.m4,
	gl/m4/perror.m4, gl/m4/pipe.m4, gl/m4/select.m4, gl/m4/signal_h.m4,
	gl/m4/strerror_r.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4,
	gl/m4/thread.m4, gl/m4/yield.m4, gl/math.in.h, gl/select.c,
	gl/signal.in.h, gl/strerror-override.c, gl/strerror-override.h,
	gl/sys_select.in.h, gl/tests/Makefile.am, gl/tests/connect.c,
	gl/tests/ftruncate.c, gl/tests/glthread/lock.c,
	gl/tests/glthread/lock.h, gl/tests/glthread/thread.c,
	gl/tests/glthread/thread.h, gl/tests/glthread/threadlib.c,
	gl/tests/glthread/yield.h, gl/tests/ioctl.c, gl/tests/perror.c,
	gl/tests/pipe.c, gl/tests/strerror_r.c, gl/tests/sys_ioctl.in.h,
	gl/tests/test-connect.c, gl/tests/test-ftruncate.c,
	gl/tests/test-ftruncate.sh, gl/tests/test-ioctl.c,
	gl/tests/test-lock.c, gl/tests/test-perror.c,
	gl/tests/test-perror.sh, gl/tests/test-perror2.c,
	gl/tests/test-pipe.c, gl/tests/test-select-fd.c,
	gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
	gl/tests/test-select-stdin.c, gl/tests/test-select.c,
	gl/tests/test-select.h, gl/tests/test-signal-h.c,
	gl/tests/test-strerror_r.c, gl/tests/test-sys_ioctl.c,
	gl/tests/test-sys_select.c, gl/tests/test-thread_create.c,
	gl/tests/test-thread_self.c, gl/tests/w32sock.h, gl/w32sock.h,
	maint.mk: new gnulib + added select + inet_pton.

2011-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h, src/udp-serv.c: netinet headers were put on an
	ifndef _WIN32.

2011-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: more libextra doc fixes.

2011-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-functions.texi: extra-api is no more

2011-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
	lib/accelerated/x86/asm-coff/cpuid-x86-coff.s: corrected symbols for
	coff.

2011-10-25  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/minitasn1/decoding.c, lib/minitasn1/element.c,
	lib/minitasn1/element.h, lib/minitasn1/errors.c,
	lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
	lib/minitasn1/structure.h, lib/minitasn1/version.c: Update to
	libtasn1 2.10.

2011-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: changed mingw32 detection

2011-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/asm-coff/appro-aes-gcm-x86-64-coff.s,
	lib/accelerated/x86/asm-coff/appro-aes-x86-64-coff.s,
	lib/accelerated/x86/asm-coff/cpuid-x86-64-coff.s,
	lib/accelerated/x86/asm-coff/padlock-x86-64-coff.s: added coff files
	for mingw64

2011-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am, lib/accelerated/x86/{coff =>
	asm-coff}/appro-aes-x86-coff.s,
	lib/accelerated/x86/asm-coff/cpuid-x86-coff.s,
	lib/accelerated/x86/{coff => asm-coff}/padlock-x86-coff.s: Added
	coff version of cpuid.

2011-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/coff/appro-aes-x86-coff.s,
	lib/accelerated/x86/coff/padlock-x86-coff.s: Added COFF versions of
	assembly files.

2011-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: Added Jan.

2011-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c: use coding.c from libtasn1 git, to avoid
	issue when compiled with gcc-4.6.

2011-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-padlock.c: Corrected PHE-partial test.

2011-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fixes

2011-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: library mismatch error is no longer used

2011-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h,
	lib/accelerated/x86/asm/padlock-common.s,
	lib/accelerated/x86/sha-padlock.h: PHE-partial detection is not
	being done, instead of checking for VIA nano.

2011-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-padlock.h,
	lib/accelerated/x86/asm/padlock-common.s: No need to check for
	padlock nano in 32-bit systems, so simplify things.

2011-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c: initialize only a fully available hash

2011-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/asm/padlock-common.s: is_padlock_nano is
	behaving properly and saving registers.

2011-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: removed libextra error codes.

2011-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/modules/gnutls.scm, guile/src/make-enum-header.scm: removed
	extra.h header from guile code.

2011-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: removed libextra errors.

2011-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c, src/udp-serv.c: added extra headers.

2011-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/latex/.gitignore, gl/Makefile.am, gl/accept.c,
	gl/bind.c, gl/frexp.c, gl/frexpl.c, gl/getpeername.c, gl/gettext.h,
	gl/isnan.c, gl/listen.c, gl/m4/arpa_inet_h.m4, gl/m4/frexp.m4,
	gl/m4/frexpl.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/include_next.m4, gl/m4/inet_pton.m4, gl/m4/isnand.m4,
	gl/m4/isnanl.m4, gl/m4/ldexpl.m4, gl/m4/math_h.m4,
	gl/m4/printf-frexpl.m4, gl/m4/printf.m4, gl/m4/stdlib_h.m4,
	gl/m4/vasnprintf.m4, gl/math.in.h, gl/override/lib/gettext.h.diff,
	gl/printf-frexp.c, gl/printf-frexpl.c, gl/recvfrom.c, gl/sendto.c,
	gl/setsockopt.c, gl/shutdown.c, gl/socket.c, gl/stdlib.in.h,
	gl/tests/Makefile.am, gl/tests/arpa_inet.in.h,
	gl/tests/inet_pton.c, gl/tests/test-accept.c,
	gl/tests/test-arpa_inet.c, gl/tests/test-bind.c,
	gl/tests/test-getpeername.c, gl/tests/test-inet_pton.c,
	gl/tests/test-isnanl.h, gl/tests/test-listen.c,
	gl/tests/test-recvfrom.c, gl/tests/test-sendto.c,
	gl/tests/test-setsockopt.c, gl/tests/test-shutdown.c,
	gl/vasnprintf.c, maint.mk: added new gnulib and modules.

2011-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* extra/Makefile.am, lib/Makefile.am, lib/accelerated/Makefile.am,
	lib/accelerated/x86/Makefile.am, lib/algorithms/Makefile.am,
	lib/auth/Makefile.am, lib/ext/Makefile.am, lib/nettle/Makefile.am,
	lib/opencdk/Makefile.am, lib/openpgp/Makefile.am, src/Makefile.am: 
	more builddir fixes by David Hoyt.

2011-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: Added includes in Makefile.am

2011-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/Makefile.am, lib/algorithms/Makefile.am,
	lib/auth/Makefile.am, lib/ext/Makefile.am,
	lib/minitasn1/Makefile.am, lib/nettle/Makefile.am,
	lib/opencdk/Makefile.am, lib/openpgp/Makefile.am: Added
	-I$(builddir)/../../gl to CFLAGS.

2011-10-21  Simon Josefsson <simon@josefsson.org>

	* lib/accelerated/x86/Makefile.am: Add -I to fix building.  Reported by "Hoyt, David" <hoyt6@llnl.gov>.

2011-10-21  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/x509/Makefile.am: Also add -I's for gnulib's
	build directory, for mingw.  Reported by "Hoyt, David" <hoyt6@llnl.gov>.

2011-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, extra/gnutls_extra.c, guile/src/extra.c,
	lib/auth/srp_passwd.c, lib/gnutls_srp.c: removed more extra.h
	leftovers.

2011-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/asm/appro-aes-gcm-x86-64.s,
	lib/accelerated/x86/asm/appro-aes-x86-64.s,
	lib/accelerated/x86/asm/appro-aes-x86.s,
	lib/accelerated/x86/asm/cpuid-x86-64.s,
	lib/accelerated/x86/asm/cpuid-x86.s,
	lib/accelerated/x86/asm/padlock-common.s,
	lib/accelerated/x86/asm/padlock-x86-64.s,
	lib/accelerated/x86/asm/padlock-x86.s: updated gnustack note.

2011-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/pkcs11.c, src/psk.c, src/srptool.c,
	src/tests.c, src/tls_test.c: extra.h is no more.

2011-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, NEWS, README, configure.ac, doc/Makefile.am,
	doc/cha-internals.texi, doc/examples/Makefile.am,
	doc/manpages/Makefile.am, doc/reference/Makefile.am, {libextra =>
	extra}/Makefile.am, {libextra => extra}/gnutls-extra.pc.in,
	{libextra => extra}/gnutls_extra.c, {libextra =>
	extra}/gnutls_openssl.c, {libextra => extra}/includes/Makefile.am,
	{libextra => extra}/includes/gnutls/openssl.h, {libextra =>
	extra}/libgnutls-extra.map, {libextra => extra}/openssl_compat.c,
	{libextra => extra}/openssl_compat.h, guile/src/Makefile.am,
	libextra/includes/gnutls/extra.h, src/Makefile.am,
	tests/Makefile.am, tests/openpgp-keyring.c, tests/suite/Makefile.am: 
	libgnutls-extra is no more.

2011-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c: Added Stef to authors of pkcs11.

2011-10-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS: documented fix

2011-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: Corrected bug in gnutls_x509_data2hex. Report
	and fix by Vincent Untz.

2011-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated for register_md5_handler().

2011-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/includes/gnutls/extra.h, libextra/libgnutls-extra.map: 
	completely drop gnutls_register_md5_handler()

2011-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/asm/padlock-common.s: Added gnu-stack note.

2011-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/scripts/Makefile.am: released 3.0.4

2011-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: updated tests for new key ID

2011-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: key id is being calculated the same way in
	private keys as in public keys.

2011-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-intro-tls.texi, doc/gnutls.texi,
	doc/latex/Makefile.am, doc/latex/gnutls.tex, doc/scripts/gdoc,
	doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
	doc/scripts/split-texi.pl, doc/scripts/split.pl,
	doc/{cha-tls-app.texi => sec-tls-app.texi},
	tests/nist-pkits/build-chain: 'How to use TLS in application
	protocols' section was moved to introduction to TLS.  Fixes in perl.

2011-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: Added a test for servers
	not accepting small records.

2011-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/asm/padlock-x86-64.s,
	lib/accelerated/x86/asm/padlock-x86.s: new version of padlock by
	Andy.

2011-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped versions

2011-10-12  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Add and sort.

2011-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: updated text

2011-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: check for nettle 2.4 or later

2011-10-10  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix type of keyid (finally!).

2011-10-10  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, lib/includes/gnutls/abstract.h: More doc
	fixes.

2011-10-10  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: GTK-DOC doc fix.

2011-10-10  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Use gnutls_openpgp_keyid_t type for keyid variable.

2011-10-10  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Include stdint.h to get uint8_t.

2011-10-10  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Revert "avoid usage of C99 constructs." This reverts commit 643ebdf12b415fc3edd3b7bc12654bc92d3aed24.

2011-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/asm/padlock-x86-64.s,
	lib/accelerated/x86/asm/padlock-x86.s: updated Andy's code.
	padlock_shax_blocks does not require any more, the state to be of
	128-byte size.

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: Corrected check for AES-GCM

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: test for camellia

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: avoid usage of C99 constructs.

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/asm/padlock-common.s,
	lib/accelerated/x86/asm/padlock-x86-64.s,
	lib/accelerated/x86/asm/padlock-x86.s: is_padlock_nano moved to
	padlock-common.s to allow easier upgrade to Andy's newer code.

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cipher-test.c: Added more elaborate test of hash functions.

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/x509/mpi.c: HASH2MAC macro is no more.

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_ui.c, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crq.c, lib/x509/output.c, lib/x509/x509.c, src/certtool.c: 
	Key ID calculation is now consistent on all structures. It is a SHA1
	hash of the subjectPublicKeyInfo structures.

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: simplified documentation

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-intro-tls.texi: documentation update

2011-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: Added tests for ECDHE,
	AES-GCM and SHA256.

2011-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_sig.c: fixes to enable the external signing
	callback to operate with TLS 1.2

2011-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-auth.texi, doc/cha-cert-auth.texi, lib/auth/cert.c,
	lib/gnutls_cert.c, lib/gnutls_privkey.c, lib/gnutls_x509.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added new
	signing callback in gnutls_privkey_t.

2011-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/math_h.m4, gl/math.in.h: updated gnulib.

2011-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2011-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: corrected bug in key id extraction. Reported by
	Erik Jensen.

2011-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h,
	lib/accelerated/x86/asm/padlock-x86-64.s,
	lib/accelerated/x86/asm/padlock-x86.s,
	lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/sha-padlock.c, src/benchmark-cipher.c: better
	detection of padlock PHE.

2011-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, lib/accelerated/Makefile.am,
	lib/accelerated/accelerated.c, lib/accelerated/x86/Makefile.am,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/aes-padlock.h,
	lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-padlock.h, lib/accelerated/x86/x86.h,
	lib/nettle/mac.c, tests/cipher-test.c: Updates for padlock hashes in
	C7 nano. Requires a part of nettle to be included.

2011-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/aes-gcm-padlock.c: Always use encryption
	direction.

2011-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/serv.c: libextra is not needed for neither
	gnutls-cli or serv.

2011-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected path

2011-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/asm/padlock-x86-64.s,
	lib/accelerated/x86/asm/padlock-x86.s: updated padlock code.

2011-10-04  Nikos Mavrogiannopoulos <nikos@thingfish.esat.kuleuven.be>

	* lib/gnutls_str_array.h, lib/nettle/rnd.c, lib/system.c: fixes in
	headers. Suggested by Bjorn Christensen.

2011-10-04  Nikos Mavrogiannopoulos <nikos@thingfish.esat.kuleuven.be>

	* lib/accelerated/Makefile.am, lib/accelerated/{intel =>
	x86}/.gitignore, lib/accelerated/{intel => x86}/Makefile.am,
	lib/accelerated/{intel => x86}/README, lib/accelerated/{intel =>
	x86}/aes-gcm-padlock.c, lib/accelerated/{intel =>
	x86}/aes-gcm-x86.c, lib/accelerated/{intel => x86}/aes-padlock.c,
	lib/accelerated/{intel => x86}/aes-padlock.h,
	lib/accelerated/{intel => x86}/aes-x86.c, lib/accelerated/{intel =>
	x86}/aes-x86.h, lib/accelerated/{intel =>
	x86}/asm/appro-aes-gcm-x86-64.s, lib/accelerated/{intel =>
	x86}/asm/appro-aes-x86-64.s, lib/accelerated/{intel =>
	x86}/asm/appro-aes-x86.s, lib/accelerated/{intel =>
	x86}/asm/cpuid-x86-64.s, lib/accelerated/{intel =>
	x86}/asm/cpuid-x86.s, lib/accelerated/{intel =>
	x86}/asm/padlock-x86-64.s, lib/accelerated/{intel =>
	x86}/asm/padlock-x86.s, lib/accelerated/{intel => x86}/license.txt,
	lib/accelerated/{intel => x86}/sha-padlock.c,
	lib/accelerated/{intel => x86}/x86.h: intel directory renamed to
	x86.

2011-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2011-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, gl/Makefile.am, gl/error.c, gl/float.c,
	gl/float.in.h, gl/fstat.c, gl/itold.c, gl/lseek.c, gl/m4/close.m4,
	gl/m4/dup2.m4, gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fstat.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/msvc-nothrow.m4, gl/m4/pathmax.m4,
	gl/m4/stdio_h.m4, gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4,
	gl/math.in.h, gl/msvc-inval.c, gl/msvc-inval.h, gl/msvc-nothrow.c,
	gl/msvc-nothrow.h, gl/opendir.c, gl/sockets.c, gl/sockets.h,
	gl/stdio.in.h, gl/strings.in.h, gl/sys_stat.in.h,
	gl/tests/Makefile.am, gl/tests/close.c, gl/tests/dup2.c,
	gl/tests/fdopen.c, gl/tests/msvc-inval.c, gl/tests/msvc-inval.h,
	gl/tests/test-close.c, gl/tests/test-dup2.c, gl/tests/test-fgetc.c,
	gl/tests/test-fputc.c, gl/tests/test-fread.c,
	gl/tests/test-fwrite.c, gl/unistd.in.h, gl/w32sock.h, maint.mk: 
	Added new gnulib.

2011-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: added an assert

2011-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc fixes

2011-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: replaced uint type.

2011-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/egd.c, lib/nettle/rnd.c: fix compilation in windows

2011-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: updated text.

2011-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/aes-padlock.c,
	lib/accelerated/intel/aes-padlock.h,
	lib/accelerated/intel/sha-padlock.c, lib/gnutls_str.h: Added ability
	to hash and hmac with VIA padlock.

2011-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updates

2011-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mac.c: optimizations in hmac.

2011-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-backend.h, lib/gnutls_cipher_int.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_mpi.h,
	lib/gnutls_pk.h, lib/nettle/cipher.c, lib/nettle/mac.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
	libextra/Makefile.am, libextra/fipsmd5.c, libextra/gnutls_extra.c: 
	The hash_fast() and hmac_fast() functions can be registered as well
	to allow backends with optimized (hw) implementations. In the nettle
	backend the different is one memory allocation less.

2011-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.h, lib/gnutls_hash_int.h, lib/gnutls_mpi.h,
	lib/gnutls_pk.h, lib/nettle/cipher.c, lib/nettle/mac.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c: operations
	structures were made constants.

2011-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: 
	simplified usage of resume_true and resume_false.

2011-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c: simplified assignment of server_write and
	client_write.

2011-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-padlock.c,
	lib/accelerated/intel/asm/padlock-x86.s: movdqa replaced with movaps
	(C3 doesn't support SSE2 but only SSE)

2011-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-padlock.c: manually keep the IV.

2011-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/asm/padlock-x86.s: re-added ecb

2011-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/asm/padlock-x86-64.s,
	lib/accelerated/intel/asm/padlock-x86.s: removed unused modes.

2011-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c, src/benchmark.h, src/cli-gaa.c,
	src/cli-gaa.h, src/cli.gaa: Allow benchmarking the software version
	of ciphers.

2011-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, src/p11common.c: fixed compilation without p11-kit

2011-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-padlock.c: enabled VIA acceleration.

2011-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: small update

2011-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: more people to thank

2011-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-pkcs11-list.c, src/benchmark.c, src/udp-serv.c: 
	include config.h where needed.

2011-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: worked around openssl 1.0.0e bug
	(avoid using -mtu).

2011-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/udp-serv.c: udp-serv includes config.h.

2011-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/read-packet.c, lib/opencdk/stream.c: corrections in
	debugging code.

2011-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/accelerated/Makefile.am,
	lib/accelerated/accelerated.c, lib/accelerated/intel/Makefile.am,
	lib/accelerated/{ => intel}/x86.h: Better usage of X86 conditionals
	to simplify and avoid an undefined warning in x86-32.

2011-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/egd.c: a hack to allow compilation on systems without
	AF_LOCAL.

2011-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pcert.c: Disable openpgp code when not requested.
	Reported by Bjorn Christensen.

2011-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cve-2009-1416.c, tests/mpi.c, tests/rng-fork.c,
	tests/x509cert-tl.c, tests/x509cert.c: more silent tests.

2011-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, gl/m4/valgrind-tests.m4,
	gl/override/m4/valgrind-tests.m4.diff, lib/gnutls_cipher.c,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_constate.c, lib/gnutls_int.h, tests/Makefile.am,
	tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/suppressions.valgrind,
	tests/{libgcrypt.supp => suppressions.valgrind}: Further
	optimizations in the compression code. Re-enabled the test program
	by suppressing the zlib warning.

2011-09-23  Simon Josefsson <simon@josefsson.org>

	* tests/utils.c: Redeuce self-test noise.

2011-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/latex/Makefile.am, doc/latex/{cover.tex.in =>
	cover-epub.tex}, doc/latex/epub.tex, doc/latex/macros-epub.tex: 
	Added epub version of manual

2011-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.bib: corrected typos

2011-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex, doc/scripts/mytexi2latex: pdf is the image
	format for latex.

2011-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: deflate test moved out

2011-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress.c: removed uneeded vars

2011-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_record.c, tests/Makefile.am,
	tests/eagain-common.h, tests/mini-deflate.c: Simplified and
	corrected decompression and compression.  Added test program.

2011-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: print session ID

2011-09-21  Simon Josefsson <simon@josefsson.org>

	* .gitignore, NEWS, lib/includes/gnutls/x509.h, lib/x509/output.c,
	lib/x509/x509.c, tests/infoaccess.c: libgnutls:
	gnutls_x509_crt_print supports printing AIA fields.  Support
	caIssuers.

2011-09-21  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/x509.h: Improve gnutls_info_access_what_t
	documentation.

2011-09-21  Simon Josefsson <simon@josefsson.org>

	* configure.ac, doc/scripts/gdoc, lib/auth/cert.c: Fix syntax-check
	warnings.

2011-09-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/closedir.c, gl/dirent-private.h,
	gl/dirent.in.h, gl/filename.h, gl/isnan.c, gl/m4/argp.m4,
	gl/m4/closedir.m4, gl/m4/dirent_h.m4, gl/m4/environ.m4,
	gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4, gl/m4/frexp.m4,
	gl/m4/frexpl.m4, gl/m4/getcwd.m4, gl/m4/getpass.m4,
	gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/include_next.m4,
	gl/m4/ldexpl.m4, gl/m4/lseek.m4, gl/m4/msvc-inval.m4,
	gl/m4/nocrash.m4, gl/m4/opendir.m4, gl/m4/pathmax.m4,
	gl/m4/printf-frexpl.m4, gl/m4/printf.m4, gl/m4/readdir.m4,
	gl/m4/setenv.m4, gl/m4/signbit.m4, gl/m4/sleep.m4,
	gl/m4/ssize_t.m4, gl/m4/stdint.m4, gl/m4/stdio_h.m4,
	gl/m4/strings_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
	gl/m4/sys_types_h.m4, gl/m4/time_h.m4, gl/m4/unistd_h.m4,
	gl/m4/vasnprintf.m4, gl/math.in.h, gl/opendir.c, gl/readdir.c,
	gl/stdio.in.h, gl/strings.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/sys_types.in.h, gl/sys_uio.in.h, gl/tests/Makefile.am,
	gl/tests/dup2.c, gl/tests/infinity.h, gl/tests/init.sh,
	gl/tests/msvc-inval.c, gl/tests/msvc-inval.h, gl/tests/nan.h,
	gl/tests/pathmax.h, gl/tests/putenv.c, gl/tests/stat.c,
	gl/tests/test-dup2.c, gl/tests/test-fcntl-h.c,
	gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
	gl/tests/test-fprintf-posix.h, gl/tests/test-frexp.c,
	gl/tests/test-frexpl.c, gl/tests/test-fseeko4.c,
	gl/tests/test-fseeko4.sh, gl/tests/test-fstat.c,
	gl/tests/test-ftello4.c, gl/tests/test-ftello4.sh,
	gl/tests/test-isnand.h, gl/tests/test-isnanf.h,
	gl/tests/test-isnanl.h, gl/tests/test-pathmax.c,
	gl/tests/test-printf-posix.h, gl/tests/test-signbit.c,
	gl/tests/test-sys_socket.c, gl/tests/test-sys_stat.c,
	gl/tests/test-sys_types.c, gl/tests/test-time.c, gl/unistd.in.h,
	gl/wchar.in.h, maint.mk: Update gnulib files.

2011-09-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_dtls.c, lib/pkcs11_privkey.c, lib/x509/x509.c: Fix
	gtk-doc Since: tags.

2011-09-21  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2011-09-21  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/x509.c, tests/Makefile.am, tests/infoaccess.c: Added
	gnutls_x509_crt_get_authority_info_access.

2011-09-21  Simon Josefsson <simon@josefsson.org>

	* lib/accelerated/intel/aes-padlock.c: Make it build with -Wunused.

2011-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: do not trust getaddrinfo if IPv6 is not enabled. Patch
	by Somchai Smythe.

2011-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/scripts/split-texi.pl: Added missing files

2011-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/gnutls_privkey.c, lib/pkcs11.c, src/cli.c: 
	Compilation fixes when pkcs11 is not enabled.

2011-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/gnutls.texi, doc/scripts/gdoc: enumerations
	are visible in the texinfo output.

2011-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.0.3

2011-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/Makefile.am: Added missing file.

2011-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi, doc/latex/Makefile.am: doc fixes

2011-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/intel/aes-padlock.c: VIA is disabled by
	default.

2011-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2011-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth/cert.c: Corrected memory leak in privkey
	deinitialization. Reported by Dan Winship.

2011-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/accelerated.c, lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/aes-padlock.c,
	lib/accelerated/intel/aes-x86.c,
	lib/accelerated/intel/asm/cpuid-x86-64.s,
	lib/accelerated/intel/asm/cpuid-x86.s, lib/accelerated/x86.h: 
	eliminated inline assembly.

2011-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_dtls.c, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/includes/gnutls/dtls.h, lib/libgnutls.map: Added
	gnutls_record_get_discarded() to return the number of discarded
	record packets in a DTLS session.

2011-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/accelerated/Makefile.am,
	lib/accelerated/accelerated.c, lib/accelerated/x86.h: Added better
	detection of capabilities in 386. If cpuid doesn't exist don't try
	to execute it.

2011-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/scripts/mytexi2latex: updates on SRP
	description

2011-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: stress that values are bytes and not bits

2011-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-gaa.c: new gaa

2011-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/macros.tex: removed unused macro

2011-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: corrected name of gnutls_global_set_mutex.

2011-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: 
	Functions for RSA-EXPORT were marked as deprecated.

2011-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/gnutls_errors.c: documentation update

2011-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: doc updates

2011-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi, doc/cha-support.texi: Downloading and
	installing moved to main document

2011-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex: corrected page numbers.

2011-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-padlock.c: Do not prefer GCM in padlock
	because it is slow.

2011-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated

2011-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: functions and enumerations are being added in
	index.

2011-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-internals.texi,
	doc/gnutls-objects.eps: removed gnutls-objects.

2011-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: updated

2011-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c: clarified format of
	sequence number in gnutls_record_recv_seq.

2011-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: Added a paragraph on opensc and trousers
	PKCS #11 modules.

2011-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86.h: added license

2011-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-auth.texi, doc/cha-cert-auth.texi,
	doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/latex/gnutls.tex, doc/latex/macros.tex,
	doc/scripts/mytexi2latex, lib/includes/gnutls/gnutls.h.in: updated
	documentation. The function descriptions were converted to floats.

2011-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/intel/aes-padlock.c: disable the 64-bit
	padlock until it is tested.

2011-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86.h: corrected typo in cpuid for 386.

2011-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/mytexi2latex: fix on double arguments

2011-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/cha-cert-auth.texi, doc/cha-intro-tls.texi,
	doc/gnutls.texi, doc/latex/Makefile.am, doc/latex/gnutls.tex,
	doc/latex/macros.tex, doc/scripts/gdoc, doc/scripts/mytexi2latex,
	doc/scripts/split.pl, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs12.h,
	lib/includes/gnutls/x509.h: Modified gdoc to be able to handle
	enumerations. Only valid to latex.

2011-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth/ecdh_common.c, lib/nettle/ecc_free.c,
	lib/nettle/pk.c, lib/x509/verify-high.c, tests/x509cert-tl.c,
	tests/x509cert.c: Memory leak fixes in ECC ciphersuites and the
	trust_list.

2011-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-gcm-padlock.c,
	lib/accelerated/intel/aes-padlock.c,
	lib/accelerated/intel/aes-padlock.h: simplified ecb encryption.

2011-09-09  Simon Josefsson <simon@josefsson.org>

	* src/prime.c: Fix build warnings.

2011-09-09  Simon Josefsson <simon@josefsson.org>

	* lib/pkcs11_write.c: Fix possible infloop and build warning about
	uninitialied variable.

2011-09-09  Simon Josefsson <simon@josefsson.org>

	* lib/accelerated/intel/aes-gcm-padlock.c,
	lib/accelerated/intel/aes-padlock.c,
	lib/accelerated/intel/aes-padlock.h, lib/gnutls_sig.c,
	lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/x509.h, lib/openpgp/gnutls_openpgp.c,
	lib/pkcs11_privkey.c: Fix build errors.

2011-09-09  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2011-09-09  Simon Josefsson <simon@josefsson.org>

	* gl/m4/getcwd.m4, gl/m4/gnulib-common.m4, gl/m4/largefile.m4,
	gl/tests/init.sh, gl/tests/lstat.c, gl/tests/open.c,
	gl/tests/stat.c, gl/tests/test-float.c, gl/unistd.in.h, maint.mk: 
	Update gnulib files.

2011-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/nettle/mac.c: converted
	quick data hashes to _gnutls_hash_fast and the hmac equivalent.

2011-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/aes-gcm-padlock.c,
	lib/accelerated/intel/{padlock.c => aes-padlock.c},
	lib/accelerated/intel/aes-padlock.h,
	lib/accelerated/intel/aes-x86.h: Added padlock support to GCM
	ciphers.

2011-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c: do not reset length

2011-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_extensions.c: Do not send an empty extension
	structure in server hello. This affects old implementations that do
	not support extensions. Reported by J. Cameijo Cerdeira.

2011-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: Corrected documentation for
	gnutls_certificate_set_x509_trust.  Reported by Stephen Lynch.

2011-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: minimized example

2011-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/asm/padlock-x86-64.s,
	lib/accelerated/intel/asm/padlock-x86.s: Added gnustack flag

2011-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-gcm-x86.c,
	lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/padlock.c,
	lib/crypto-api.c, lib/crypto-backend.h, lib/ext/session_ticket.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_constate.c, lib/includes/gnutls/crypto.h,
	lib/nettle/cipher.c, lib/x509/privkey_pkcs8.c: Added encryption flag
	to simplify and optimize key expansion.

2011-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, lib/accelerated/accelerated.c,
	lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/aes-gcm-x86.c,
	lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
	lib/accelerated/intel/asm/padlock-x86-64.s,
	lib/accelerated/intel/asm/padlock-x86.s,
	lib/accelerated/intel/padlock.c: Added support for VIA padlock based
	on Andy's code (untested).

2011-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h: 
	corrected AES-NI code.

2011-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: simplified
	gnutls_certificate_set_x509_trust_file. It uses
	gnutls_certificate_set_x509_trust_mem.

2011-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509/x509.c: Modified fix of "Allow CA
	importing of 0 certificates to succeed".
	gnutls_x509_crt_list_import() is still failing when no certificates
	are found and only gnutls_certificate_set_x509_trust_mem() returns
	zero when no certificates are found.

2011-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/privkey.c, lib/x509/x509_int.h,
	src/certtool-common.h, src/certtool.c, src/pkcs11.c, src/prime.c: 
	Added support to read elliptic curve public keys from PKCS #11
	tokens (untested).

2011-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c, src/certtool-common.c, src/certtool-common.h,
	src/certtool-gaa.c, src/certtool.c, src/certtool.gaa,
	src/p11common.c, src/p11tool-gaa.c, src/p11tool-gaa.h,
	src/p11tool.c, src/p11tool.gaa, src/p11tool.h, src/pkcs11.c: Added
	gnutls_pkcs11_privkey_generate().  p11tool can be used to generate
	keys in tokens.

2011-09-06  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/x509.c, tests/parse_ca.c: libgnutls: Allow CA
	importing of 0 certificates to succeed.  Reported by Jonathan Nieder <jrnieder@gmail.com> in
	<http://bugs.debian.org/640639>.

2011-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: updated changelog

2011-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, README-alpha: simplified README

2011-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-x86.h: documented extra alignment

2011-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: cleaned-up code

2011-09-04  Andreas Metzler <ametzler@downhill.at.eu.org>

	* configure.ac: Add p11-kit-1 to gnutls.pc Requires.private.  If building with PKCS#11 support append p11-kit-1 to gnutls.pc
	Requires.private.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: documentation updates

2011-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutlsxx.cpp: updated for lowat

2011-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi,
	doc/cha-functions.texi, doc/cha-gtls-app.texi,
	doc/cha-intro-tls.texi: documentation updates. @acronym was removed
	from the cindex.

2011-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h: set_lowat was removed as a macro.

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-programs.texi: simplified examples

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-pgp.c, tests/openpgp-certs/testcerts: 
	explicitly enable openpgp certtype in tests.

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-gtls-app.texi, doc/latex/gnutls.bib: 
	more doc on MTU.

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgpself.c: explicitly enable openpgp certtype in tests.

2011-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, lib/system_override.c: Added documentation
	on asynchronous operation.

2011-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: do not exit configure if p11-kit is not found.

2011-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_priority.c: OpenPGP certificate type priority is
	not enabled by default.

2011-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_priority.c: Added %NO_EXTENSIONS
	priority string.

2011-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/printlist.c: doc fixes

2011-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: disabled test

2011-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openssl_compat.c, libextra/openssl_compat.h: removed old
	and unused compatibility functions.

2011-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/crq.c,
	lib/x509/extensions.c, lib/x509/key_decode.c, lib/x509/output.c,
	lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509_int.h,
	libextra/gnutls_openssl.c, src/crywrap/crywrap.c: corrected sign
	type errors for integers.

2011-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Corrected error checking in
	_gnutls_send_int().

2011-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc updates

2011-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-cfg.c, src/common.h: removed unneeded header.
	Documented updates.

2011-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc.h, lib/nettle/ecc_free.c,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
	lib/nettle/ecc_mulmod.c, lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_dbl_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_verify_hash.c: Avoid assert() and do not include
	needless headers.

2011-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat: skip if datefudge is not available

2011-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86.h: Modified cpuid for 32-bit x86 to avoid a
	gcc issue (not finding a register).

2011-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/Makefile.am, src/benchmark-cipher.c,
	src/benchmark-tls.c, src/benchmark.h, src/cli-gaa.c, src/cli-gaa.h,
	src/cli.gaa: Benchmark applications were incorporated to gnutls-cli

2011-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Corrected DH-ANON ciphersuite
	names.

2011-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/gnutls-pgp.eps, doc/gnutls-x509.eps: 
	updated figures.

2011-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/x509.c: XmppAddr -> UTF8String

2011-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/gnutls_openpgp.c, lib/openpgp/privkey.c,
	lib/x509/x509.c: more updates in private key copy.

2011-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-x86.h: removed unused variable.

2011-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_privkey.c, lib/gnutls_x509.c,
	lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/privkey.c,
	lib/x509/x509.c: gnutls_certificate_set_x509_key() and
	gnutls_certificate_set_openpgp_key() operate as in gnutls 2.10.x and
	do not require to hold the structures.

2011-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-gcm-x86.c,
	lib/accelerated/intel/aes-x86.c: removed unused variables.

2011-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Allow out-of-order change_cipher_spec in
	DTLS.

2011-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/cha-intro-tls.texi, doc/examples/ex-cert-select-pkcs11.c,
	lib/gnutls_buffers.c, lib/gnutls_pubkey.c, lib/gnutls_record.c: 
	documentation changes.

2011-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-srp.c, doc/examples/ex-serv-srp.c: 
	gnutls/extra.h is not required for SRP.

2011-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex: leave an empty page

2011-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-bib.texi, doc/cha-cert-auth.texi,
	doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/latex/gnutls.bib, doc/latex/gnutls.tex: documentation updates

2011-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: unlock rnd mutex on error.

2011-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/latex/gnutls.bib: bibliography updated

2011-08-22  Andreas Metzler <ametzler@debian.org>

	* lib/libgnutls.map: Export export_gnutls_openpgp_privkey_sign_hash.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/system.c: AIX check moved to system.c.

2011-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crywrap/crywrap.c: Handle memory allocation errors.

2011-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, doc/manpages/crywrap.8: The crywrap
	manpage was removed due to license reasons.

2011-08-22  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/priorities.scm: guile: Fix `priorities' test to use
	`run-test'.  This is a followup to commit
	cd7b8102316cd4151356c4b2b7909c7435593890 ("guile: Fix tests to match
	the `exit' behavior introduced in Guile 2.0.1.").

2011-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crywrap/Makefile.am: include README to distribution.

2011-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: documentation fixes.

2011-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-internals.texi,
	doc/cha-intro-tls.texi, doc/cha-library.texi,
	doc/scripts/mytexi2latex: Use texinfo's word break.

2011-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, m4/hooks.m4: updated for release

2011-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crywrap/Makefile.am: Added missing file

2011-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/cs.po.in, po/fi.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
	po/uk.po.in: Sync with TP.

2011-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: corrected typo

2011-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: Added hack for AIX systems that may not set
	errno property on EAGAIN.

2011-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c: simplified PKCS #11 token
	example.

2011-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	lib/gnutls_record.c, lib/system_override.c: documentation updates

2011-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated ignored files.

2011-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume.c: Corrected session resumption test.

2011-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/utils.c: Avoid using vfprintf() and use a combination of
	vsnprintf and fputs instead. My gnulib has issues with them.

2011-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4: added vfprintf-posix
	(needed by tests)

2011-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: depend on p11-kit 0.4+.

2011-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/auth/cert.c, lib/auth/cert.h,
	lib/gnutls_cert.c, lib/gnutls_str_array.h, lib/gnutls_x509.c,
	lib/openpgp/gnutls_openpgp.c: Removed the limitation of one name per
	certificate.

2011-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi: rephrased text on anonymous authentication.

2011-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-programs.texi: small update in psktool

2011-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated crywrap

2011-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented changes

2011-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
	lib/openpgp/gnutls_openpgp.c: gnutls_certificate_set_x509_key_file()
	and friends support server name indication.  If multiple
	certificates are set using this function the proper one will be
	selected during a handshake, with the limitation of a single name
	per certificate.

2011-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: Documentation fixes.

2011-08-17  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, src/crywrap/crywrap.c: Fix syntax-check nits.

2011-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphers.c: Added AES-256-GCM. Reported by
	Benjamin Hof.

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/p11common.c: 
	Introduced GNUTLS_PKCS11_PIN_WRONG flag to indicate the previously
	given PIN is wrong.

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fix

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-programs.texi: some discussion on tokens.

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Corrected issue when asking multiple times for PIN.

2011-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: corrected configure test

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crywrap/crywrap.c: dhparams have now the 'r' option.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crywrap/crywrap.c: use audit_log

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crywrap/crywrap.c, src/crywrap/crywrap.h: removed unneeded
	defintions.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: unload_file was modified to accept a pointer.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/crywrap/Makefile.am, src/crywrap/crywrap.c: corrected
	child process cleanup and added option to specify diffie hellman
	parameters file.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/crywrap.8, src/crywrap/crywrap.c,
	src/crywrap/crywrap.h: Corrected crywrap's verification procedure.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: use gnutls_sec_param_to_pk_bits() for DH parameter
	generation.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, doc/manpages/Makefile.am,
	doc/manpages/crywrap.8, gl/Makefile.am, gl/alphasort.c,
	gl/argp-ba.c, gl/argp-eexst.c, gl/argp-fmtstream.c,
	gl/argp-fmtstream.h, gl/argp-fs-xinl.c, gl/argp-help.c,
	gl/argp-namefrob.h, gl/argp-parse.c, gl/argp-pin.c, gl/argp-pv.c,
	gl/argp-pvh.c, gl/argp-xinl.c, gl/argp.h, gl/basename-lgpl.c,
	gl/dirent.in.h, gl/dirname-lgpl.c, gl/dirname.h, gl/dosname.h,
	gl/{tests => }/fpucw.h, gl/frexp.c, gl/frexpl.c, gl/fseeko.c,
	gl/fseterr.c, gl/fseterr.h, gl/getopt.c, gl/getopt.in.h,
	gl/getopt1.c, gl/getopt_int.h, gl/getsubopt.c, gl/isnan.c,
	gl/isnand-nolibm.h, gl/isnand.c, gl/isnanf-nolibm.h, gl/isnanf.c,
	gl/isnanl-nolibm.h, gl/isnanl.c, gl/m4/alphasort.m4, gl/m4/argp.m4,
	gl/m4/dirent_h.m4, gl/m4/dirname.m4, gl/m4/double-slash-root.m4,
	gl/m4/dup2.m4, gl/m4/eealloc.m4, gl/m4/environ.m4,
	gl/m4/exponentd.m4, gl/m4/exponentf.m4, gl/m4/exponentl.m4,
	gl/m4/frexp.m4, gl/m4/frexpl.m4, gl/m4/getcwd.m4, gl/m4/getopt.m4,
	gl/m4/getsubopt.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/isnand.m4, gl/m4/isnanf.m4, gl/m4/isnanl.m4, gl/m4/ldexpl.m4,
	gl/m4/lstat.m4, gl/m4/malloca.m4, gl/m4/math_h.m4,
	gl/m4/mempcpy.m4, gl/m4/mode_t.m4, gl/m4/nocrash.m4, gl/m4/open.m4,
	gl/m4/printf-frexp.m4, gl/m4/printf-frexpl.m4, gl/m4/putenv.m4,
	gl/m4/rawmemchr.m4, gl/m4/scandir.m4, gl/m4/setenv.m4,
	gl/m4/signbit.m4, gl/m4/sleep.m4, gl/m4/stat.m4,
	gl/m4/strchrnul.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
	gl/m4/symlink.m4, gl/m4/sysexits.m4, gl/m4/vfprintf-posix.m4,
	gl/m4/vprintf-posix.m4, gl/math.in.h, gl/mempcpy.c,
	gl/printf-frexp.c, gl/printf-frexp.h, gl/printf-frexpl.c,
	gl/printf-frexpl.h, gl/rawmemchr.c, gl/rawmemchr.valgrind,
	gl/scandir.c, gl/signbitd.c, gl/signbitf.c, gl/signbitl.c,
	gl/sleep.c, gl/strchrnul.c, gl/strchrnul.valgrind, gl/stripslash.c,
	gl/strndup.c, gl/strnlen.c, gl/sysexits.in.h, gl/tests/Makefile.am,
	gl/tests/dummy.c, gl/tests/dup2.c, gl/tests/getcwd-lgpl.c,
	gl/tests/ignore-value.h, gl/tests/lstat.c, gl/tests/malloca.c,
	gl/tests/malloca.h, gl/tests/malloca.valgrind,
	gl/tests/minus-zero.h, gl/tests/nan.h, gl/tests/open.c,
	gl/tests/putenv.c, gl/tests/same-inode.h, gl/tests/setenv.c,
	gl/tests/stat.c, gl/tests/symlink.c, gl/tests/test-argp-2.sh,
	gl/tests/test-argp.c, gl/tests/test-dirent.c, gl/tests/test-dup2.c,
	gl/tests/test-environ.c, gl/tests/test-fprintf-posix.h,
	gl/tests/test-frexp.c, gl/tests/test-frexpl.c,
	gl/tests/test-fseeko3.c, gl/tests/test-fseeko3.sh,
	gl/tests/test-fseterr.c, gl/tests/test-getcwd-lgpl.c,
	gl/tests/test-getopt.c, gl/tests/test-getopt.h,
	gl/tests/test-getopt_long.h, gl/tests/test-ignore-value.c,
	gl/tests/test-isnand-nolibm.c, gl/tests/test-isnand.h,
	gl/tests/test-isnanf-nolibm.c, gl/tests/test-isnanf.h,
	gl/tests/test-isnanl-nolibm.c, gl/tests/test-isnanl.h,
	gl/tests/test-lstat.c, gl/tests/test-lstat.h,
	gl/tests/test-malloc-gnu.c, gl/tests/test-malloca.c,
	gl/tests/test-math.c, gl/tests/test-open.c, gl/tests/test-open.h,
	gl/tests/test-printf-frexp.c, gl/tests/test-printf-frexpl.c,
	gl/tests/test-printf-posix.h, gl/tests/test-printf-posix.output,
	gl/tests/test-rawmemchr.c, gl/tests/test-setenv.c,
	gl/tests/test-signbit.c, gl/tests/test-sleep.c,
	gl/tests/test-stat.c, gl/tests/test-stat.h,
	gl/tests/test-strchrnul.c, gl/tests/test-strnlen.c,
	gl/tests/test-symlink.c, gl/tests/test-symlink.h,
	gl/tests/test-sysexits.c, gl/tests/test-unsetenv.c,
	gl/tests/test-vfprintf-posix.c, gl/tests/test-vfprintf-posix.sh,
	gl/tests/test-vprintf-posix.c, gl/tests/test-vprintf-posix.sh,
	gl/tests/unsetenv.c, gl/vfprintf.c, gl/vprintf.c, m4/hooks.m4,
	src/Makefile.am, src/crywrap/Makefile.am, src/crywrap/README,
	src/crywrap/crywrap.c, src/crywrap/crywrap.h, src/crywrap/primes.h: 
	Added crywrap to the distributed programs.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/.gitignore: files to ignore

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: doc updates

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi,
	doc/cha-ciphersuites.texi, doc/cha-errors.texi,
	doc/cha-functions.texi, doc/cha-gtls-app.texi,
	doc/cha-internals.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, doc/cha-support.texi: do not use capitals in
	index names.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/latex/.gitignore: more files to ignore.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkcs11.c: If a module is dlopened twice, then
	deinitialize the second load.

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, lib/gnutls_buffers.c, lib/gnutls_record.c: 
	documentation updates

2011-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: memory handling section is no longer
	applicable

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Added discussion on DTLS functionality

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-programs.texi, doc/cha-support.texi, doc/cha-tls-app.texi: 
	corrected typos

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: updated openssl text

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: correct typos

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/gnutls-cli.1: do not escape \#

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-intro-tls.texi: more updates

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-preface.texi, doc/latex/gnutls.bib: 
	Added reference to anderson's book

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-cert-auth.texi, doc/cha-internals.texi,
	doc/gnutls-certificate-user-use-case.eps,
	doc/gnutls-extensions.eps, doc/gnutls.texi,
	doc/scripts/mytexi2latex, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.c: 
	Internals section updated.

2011-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/examples/ex-crq.c,
	lib/gnutls_pubkey.c, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/x509.h, lib/pkcs11.c, lib/pkcs11_write.c,
	lib/x509/crq.c: Documentation updates. gnutls_x509_crq_sign2() and
	gnutls_x509_crl_sign2() were removed from the deprecate list to ease
	generation of crl and crq structures.

2011-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/alert-printlist.c, doc/cha-intro-tls.texi,
	doc/cha-library.texi, doc/cha-programs.texi, doc/errcodes.c,
	doc/printlist.c: updates

2011-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.tex: changed paper size.

2011-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: doc update

2011-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/alert-printlist.c, doc/errcodes.c, doc/printlist.c: reduced
	space taken by descriptions.

2011-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: more updates.

2011-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented fixes

2011-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h: 
	Force alignment for AES-NI to the runtime rather than on the
	structures.  Corrects issue on some systems (reported by Andreas
	Radke).

2011-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, lib/system_override.c: Added session
	initialization discussion

2011-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: more updates

2011-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-gtls-app.texi, lib/gnutls_psk.c,
	lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c: updated
	documentation

2011-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: document flags

2011-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: corrected typo

2011-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/README: removed reference to pakchois

2011-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Prevent from loading twice the same module.

2011-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
	lib/accelerated/intel/asm/appro-aes-x86-64.s,
	lib/accelerated/intel/asm/appro-aes-x86.s: Added note.GNU-stack to
	prevent marking the library as using an executable stack. Reported
	by Andreas Metzler.

2011-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version

2011-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/asm/appro-aes-x86-64.s,
	lib/accelerated/intel/asm/appro-aes-x86.s: Included appro's updates
	to AES-NI.

2011-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: better placement of ifdefs.

2011-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-gtls-app.texi, doc/cha-internals.texi,
	doc/{gnutls-extensions_st.eps => gnutls-extensions.eps},
	doc/{gnutls-mod_auth_st.eps => gnutls-modauth.eps},
	doc/latex/Makefile.am, doc/latex/gnutls.tex,
	doc/scripts/mytexi2latex: Added discussion of the provided
	cryptographic functions. Internals is now included in the latex
	document (needs rewrite though)

2011-08-03  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/accelerated/Makefile.am,
	lib/accelerated/accelerated.c, lib/accelerated/cryptodev.c,
	lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/aes-gcm-x86.c,
	lib/accelerated/intel/aes-x86.c, lib/algorithms.h,
	lib/algorithms/Makefile.am, lib/algorithms/cert_types.c,
	lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/publickey.c,
	lib/algorithms/secparams.c, lib/algorithms/sign.c,
	lib/auth/Makefile.am, lib/auth/anon.c, lib/auth/anon.h,
	lib/auth/anon_ecdh.c, lib/auth/cert.c, lib/auth/cert.h,
	lib/auth/dh_common.c, lib/auth/dh_common.h, lib/auth/dhe.c,
	lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
	lib/auth/psk.c, lib/auth/psk.h, lib/auth/psk_passwd.c,
	lib/auth/psk_passwd.h, lib/auth/rsa.c, lib/auth/rsa_export.c,
	lib/auth/srp.c, lib/auth/srp.h, lib/auth/srp_passwd.c,
	lib/auth/srp_passwd.h, lib/auth/srp_rsa.c, lib/auth/srp_sb64.c,
	lib/crypto-api.c, lib/crypto-backend.c, lib/crypto-backend.h,
	lib/crypto.h, lib/debug.c, lib/debug.h, lib/ext/Makefile.am,
	lib/ext/cert_type.c, lib/ext/cert_type.h, lib/ext/ecc.c,
	lib/ext/ecc.h, lib/ext/max_record.c, lib/ext/max_record.h,
	lib/ext/safe_renegotiation.c, lib/ext/safe_renegotiation.h,
	lib/ext/server_name.c, lib/ext/server_name.h,
	lib/ext/session_ticket.c, lib/ext/session_ticket.h,
	lib/ext/signature.c, lib/ext/signature.h, lib/ext/srp.c,
	lib/ext/srp.h, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
	lib/gcrypt/init.c, lib/gcrypt/mac.c, lib/gcrypt/mpi.c,
	lib/gcrypt/pk.c, lib/gcrypt/rnd.c, lib/gnutls_alert.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
	lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
	lib/gnutls_ecc.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mbuffers.c,
	lib/gnutls_mbuffers.h, lib/gnutls_mem.c, lib/gnutls_mem.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_num.c,
	lib/gnutls_num.h, lib/gnutls_pcert.c, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_privkey.c,
	lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
	lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
	lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/hash.c, lib/includes/Makefile.am,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/libgnutlsxx.map, lib/locks.c,
	lib/nettle/Makefile.am, lib/nettle/cipher.c, lib/nettle/ecc_free.c,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
	lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
	lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_dbl_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/init.c,
	lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
	lib/nettle/rnd.c, lib/opencdk/Makefile.am, lib/opencdk/armor.c,
	lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
	lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
	lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/stream.h, lib/opencdk/types.h,
	lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
	lib/openpgp/compat.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
	lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
	lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c, lib/random.c, lib/random.h, lib/system.c,
	lib/system_override.c, lib/x509/Makefile.am, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
	lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c,
	lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
	lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_int.h, lib/x509/x509_write.c, lib/x509_b64.c,
	lib/x509_b64.h: Clarify license and copyright.

2011-08-03  Simon Josefsson <simon@josefsson.org>

	* README: Clarify licensing.

2011-08-03  Simon Josefsson <simon@josefsson.org>

	* lib/AUTHORS, lib/ChangeLog, lib/NEWS, lib/autogen.sh,
	lib/build-aux/arg-nonnull.h, lib/build-aux/c++defs.h,
	lib/build-aux/config.rpath, lib/build-aux/warn-on-use.h,
	libextra/AUTHORS, libextra/COPYING, libextra/ChangeLog,
	libextra/NEWS, libextra/README, libextra/build-aux/config.rpath: 
	Remove unused files.

2011-08-03  Simon Josefsson <simon@josefsson.org>

	* libextra/includes/gnutls/extra.h: Finish removal of inner
	application extension support.

2011-08-03  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/dtls.h: More
	GTK-DOC fixes.

2011-08-03  Simon Josefsson <simon@josefsson.org>

	* .x-sc_GPL_version, .x-sc_avoid_if_before_free,
	.x-sc_bindtextdomain, .x-sc_cast_of_alloca_return_value,
	.x-sc_cast_of_argument_to_free, .x-sc_file_system,
	.x-sc_m4_quote_check, .x-sc_makefile_check, .x-sc_program_name,
	.x-sc_prohibit_HAVE_MBRTOWC, .x-sc_prohibit_S_IS_definition,
	.x-sc_prohibit_empty_lines_at_EOF,
	.x-sc_prohibit_strings_without_use, .x-sc_space_tab, .x-sc_the_the,
	.x-sc_two_space_separator_in_usage, .x-sc_useless_cpp_parens,
	GNUmakefile, THANKS, build-aux/config.rpath,
	build-aux/snippet/_Noreturn.h, build-aux/{ =>
	snippet}/arg-nonnull.h, build-aux/{ => snippet}/c++defs.h,
	build-aux/{ => snippet}/warn-on-use.h,
	build-aux/useless-if-before-free, build-aux/vc-list-files, cfg.mk,
	configure.ac, doc/Makefile.am, gl/Makefile.am, gl/alignof.h,
	gl/alloca.c, gl/errno.in.h, gl/error.c, gl/float.c, gl/float.in.h,
	gl/fseek.c, gl/fseeko.c, gl/ftell.c, gl/intprops.h,
	gl/m4/alloca.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
	gl/m4/extensions.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
	gl/m4/fseek.m4, gl/m4/fseeko.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
	gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/getpagesize.m4,
	gl/m4/getpass.m4, gl/m4/gettime.m4, gl/m4/gettimeofday.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/hmac-md5.m4, gl/m4/include_next.m4,
	gl/m4/largefile.m4, gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/md5.m4,
	gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/memxor.m4,
	gl/m4/mmap-anon.m4, gl/m4/po.m4, gl/m4/printf.m4,
	gl/m4/read-file.m4, gl/m4/realloc.m4, gl/m4/snprintf.m4,
	gl/m4/strcase.m4, gl/m4/strdup.m4, gl/m4/strerror.m4,
	gl/m4/string_h.m4, gl/m4/strings_h.m4, gl/m4/strverscmp.m4,
	gl/m4/time_r.m4, gl/m4/vsnprintf.m4, gl/m4/warn-on-use.m4,
	gl/m4/warnings.m4, gl/netdb.in.h, gl/netinet_in.in.h,
	gl/stdarg.in.h, gl/stddef.in.h, gl/stdint.in.h, gl/stdio.in.h,
	gl/stdlib.in.h, gl/strerror-override.c, gl/strerror-override.h,
	gl/strerror.c, gl/string.in.h, gl/strings.in.h, gl/sys_socket.in.h,
	gl/sys_stat.in.h, gl/sys_time.in.h, gl/sys_uio.in.h,
	gl/tests/Makefile.am, gl/tests/fcntl.in.h, gl/tests/fpucw.h,
	gl/tests/init.sh, gl/tests/macros.h, gl/tests/test-float.c,
	gl/tests/test-fseek.c, gl/tests/test-fseek.sh,
	gl/tests/test-fseek2.sh, gl/tests/test-ftell.c,
	gl/tests/test-ftell.sh, gl/tests/test-ftell2.sh,
	gl/tests/test-ftell3.c, gl/tests/test-intprops.c,
	gl/tests/test-snprintf.c, gl/tests/test-strerror.c,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-vsnprintf.c, gl/time.in.h, gl/timespec.h,
	gl/unistd.in.h, gl/verify.h, gl/wchar.in.h, lib/Makefile.am,
	lib/hash.c, lib/pkcs11_privkey.c, maint.mk, src/benchmark-cipher.c,
	src/certtool.c, src/cli.c, src/serv.c, tests/Makefile.am,
	tests/scripts/common.sh: Update gnulib files.  Fix syntax-check
	usage.

2011-08-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, README: Add NEWS entries.  Use copyright ranges (now
	permitted).

2011-08-03  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/cs.po.in, po/fi.po.in, po/nl.po.in, po/pl.po.in,
	po/sv.po.in, po/uk.po.in: Sync with TP.

2011-08-02  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, doc/reference/Makefile.am,
	doc/reference/gnutls-docs.sgml, lib/algorithms/secparams.c,
	lib/crypto-api.c, lib/gnutls_cert.c, lib/gnutls_db.c,
	lib/gnutls_global.c, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/pkcs11.h, lib/locks.c, lib/openpgp/privkey.c,
	lib/pkcs11.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
	lib/random.c, lib/system_override.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/privkey.c, lib/x509/x509.c: More GTK-DOC
	improvements.

2011-08-02  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Simplify GTK-DOC makefile
	IGNORE_HFILES.

2011-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: updated

2011-08-02  Simon Josefsson <simon@josefsson.org>

	* lib/algorithms/sign.c, lib/gnutls_dtls.c, lib/gnutls_pubkey.c,
	lib/gnutls_record.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs11.h, lib/nettle/ecc_free.c,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
	lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
	lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_dbl_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_verify_hash.c, lib/pkcs11.c: Fix GTK-DOC manual.

2011-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: detect premature termination of connection

2011-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: the
	deprecated_config_file from 2.12.x was incorporated.

2011-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: documentation update

2011-08-02  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, doc/reference/gnutls-docs.sgml,
	lib/algorithms/ecc.c, lib/crypto-api.c, lib/gnutls_alert.c,
	lib/gnutls_cert.c, lib/gnutls_dtls.c, lib/gnutls_global.c,
	lib/gnutls_pcert.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
	lib/gnutls_state.c, lib/system_override.c, lib/x509/crl.c,
	lib/x509/privkey.c, lib/x509/verify-high.c, lib/x509/x509.c: Add
	GTK-DOC Since: tags for 3.0.0 additions.

2011-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: added asserts.

2011-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, README-alpha: Refer to nettle alone and p11-kit.

2011-08-01  Stef Walter <stefw@collabora.co.uk>

	* lib/pkcs11.c: Don't try to do PKCS#11 login if session is already
	logged in.   * It is possible for new PKCS#11 sessions to be logged in if    another logged in session already exists.   * In these cases, don't log in, but detect the condition and    return success.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-08-01  Stef Walter <stefw@collabora.co.uk>

	* lib/pkcs11_privkey.c: When finding private keys fail, return error
	code.   * Previously this would result in an endless loop.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-08-01  Stef Walter <stefw@collabora.co.uk>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Mark the config
	argument of gnutls_pkcs11_init() as unused  * Since its no longer used.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_str.h, lib/gnutls_x509.c,
	lib/includes/gnutls/x509.h, lib/x509/x509.c, tests/x509cert.c: Added
	GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for
	gnutls_x509_crt_list_import.  It checks whether the list to be
	imported is properly sorted.

2011-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_errors.c, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in: Added
	GNUTLS_E_CERTIFICATE_LIST_UNSORTED.  If a certificate list is loaded
	then verify that it is sorted with order to starts with the subject
	and finished with the trusted root. That way we make sure we don't
	send data that violate the TLS protocol.

2011-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/latex/macros.tex: documentation
	updates.

2011-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: updated changelog

2011-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.0.0

2011-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: updated version

2011-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool.gaa: Corrected typo.

2011-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented updates.

2011-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: Added Petr.

2011-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pcert.c, lib/gnutls_privkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
	gnutls_pcert_list_import_x509_raw() and few doc fixes.

2011-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.pc.in: corrected for libnettle.

2011-06-24  Andreas Metzler <ametzler@downhill.at.eu.org>

	* configure.ac: fix zlib handling in gnutls.pc Only add zlib to gnutls.pc's Requies.private if zlib ships a
	pkg-config file. Ancient (<< 1.2.3.1) versions don't. Otherwise add
	-lz to Libs.private.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-srp.c, doc/examples/ex-serv-srp.c: 
	gnutls_global_init_extra() is not needed for SRP.

2011-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented changes.

2011-07-25  Sjoerd Simons <sjoerd.simons@collabora.co.uk>

	* lib/gnutls_buffers.c: writev_emu: stop on the first incomplete
	write Just like standard writev, we should only move on to the next block
	if all the previous ones have been successfully written out.
	Otherwise there is a potential for data loss and/or confusing push
	functions.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/fdl.tex: increased size of fdl.

2011-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Added debug message to indicate usage of
	compatibility mode for /etc/gnutls/pkcs11.conf

2011-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: removed pgp key from authors file.

2011-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: updated changelog.

2011-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, doc/announce.txt, m4/hooks.m4: released 2.99.4

2011-06-29  Petr Písař <petr.pisar@atlas.cz>

	* lib/gnutls_privkey.c: Honor uninitialized private key in
	destructor Fixes bug #107730.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Corrected initialization of key when generating
	request. Reported by Petr Pisar.

2011-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated.

2011-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_rsa_export.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: The crippled status
	of an gnutls_x509_privkey_t was removed.

2011-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-pkcs11-list.c: Example compilation fix.

2011-07-07  Stef Walter <stefw@collabora.co.uk>

	* configure.ac, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11:
	Use p11_kit_pin_xxx() functionality when 'pinfile' is in uris.   * This allows other apps to register a handler for a specific
	   pinfile and then that application will be able to provide the PIN
	   for those URIs.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Added compatibility mode with
	/etc/gnutls/pkcs11.conf

2011-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-tls-app.texi: Updates in upward negotiation section.

2011-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/gnutls.bib: Corrected bibliography

2011-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/cha-intro-tls.texi, doc/cha-library.texi,
	doc/cha-programs.texi, doc/cha-tls-app.texi: corrected section
	names.

2011-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi, doc/cha-support.texi, lib/gnutls_errors.c,
	lib/gnutls_srp.c: Updated information on required libraries.

2011-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/cha-intro-tls.texi, doc/cha-library.texi, doc/cha-preface.texi: 
	Corrected typos.

2011-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/.gitignore, doc/Makefile.am, doc/alert-printlist.c,
	doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/cha-intro-tls.texi, doc/cha-library.texi, doc/gnutls.texi,
	doc/latex/Makefile.am, doc/latex/gnutls.tex, doc/latex/macros.tex,
	doc/scripts/gdoc, doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
	doc/scripts/split.pl, lib/gnutls_x509.c: updated function listing.

2011-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added gnutls_alert_get_strname().

2011-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/cert_types.c, lib/algorithms/ciphers.c,
	lib/algorithms/ecc.c, lib/algorithms/kx.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/publickey.c,
	lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/cert.c,
	lib/auth/psk.c, lib/auth/rsa_export.c, lib/crypto-api.c,
	lib/crypto-backend.c, lib/ext/max_record.c,
	lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
	lib/ext/session_ticket.c, lib/gcrypt/mpi.c, lib/gnutls_alert.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_dtls.c,
	lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_handshake.c,
	lib/gnutls_mpi.c, lib/gnutls_pcert.c, lib/gnutls_priority.c,
	lib/gnutls_privkey.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
	lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_state.c,
	lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
	lib/minitasn1/decoding.c, lib/minitasn1/errors.c,
	lib/nettle/ecc_verify_hash.c, lib/opencdk/kbnode.c,
	lib/opencdk/sig-check.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
	lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/pkcs11.c,
	lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c,
	lib/random.c, lib/x509/common.c, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/output.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
	lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_write.c: documentation fixes

2011-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/COPYING, lib/accelerated/accelerated.c,
	lib/accelerated/cryptodev.c, lib/auth/anon.c, lib/auth/anon_ecdh.c,
	lib/auth/cert.c, lib/auth/dh_common.c, lib/auth/dhe.c,
	lib/auth/dhe_psk.c, lib/auth/ecdh_common.c, lib/auth/psk.c,
	lib/auth/psk_passwd.c, lib/auth/rsa.c, lib/auth/rsa_export.c,
	lib/auth/srp.c, lib/auth/srp_passwd.c, lib/auth/srp_rsa.c,
	lib/auth/srp_sb64.c, lib/crypto-api.c, lib/crypto-backend.c,
	lib/debug.c, lib/ext/cert_type.c, lib/ext/ecc.c,
	lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
	lib/ext/server_name.c, lib/ext/session_ticket.c,
	lib/ext/signature.c, lib/ext/srp.c, lib/gnutls_alert.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
	lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
	lib/gnutls_db.c, lib/gnutls_dh.c, lib/gnutls_dh_primes.c,
	lib/gnutls_dtls.c, lib/gnutls_ecc.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_helper.c,
	lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mem.c,
	lib/gnutls_mpi.c, lib/gnutls_num.c, lib/gnutls_pcert.c,
	lib/gnutls_pk.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
	lib/gnutls_psk.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
	lib/gnutls_rsa_export.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
	lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_supplemental.c,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
	lib/hash.c, lib/locks.c, lib/nettle/cipher.c,
	lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
	lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
	lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_dbl_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_verify_hash.c, lib/nettle/egd.c, lib/nettle/init.c,
	lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
	lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
	lib/opencdk/main.c, lib/opencdk/misc.c, lib/opencdk/new-packet.c,
	lib/opencdk/pubkey.c, lib/opencdk/read-packet.c,
	lib/opencdk/seskey.c, lib/opencdk/sig-check.c,
	lib/opencdk/stream.c, lib/opencdk/write-packet.c,
	lib/openpgp/compat.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
	lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
	lib/pkcs11.c, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c, lib/random.c, lib/system.c,
	lib/system_override.c, lib/x509/common.c, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
	lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_write.c, lib/x509_b64.c: Upgraded to
	LGPLv3.

2011-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/cover.tex.in: updated cover.

2011-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/fdl.tex: improvements on fdl.

2011-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: Added LRN.

2011-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/cha-intro-tls.texi, doc/cha-library.texi,
	doc/cha-programs.texi, doc/scripts/mytexi2latex: documentation
	updates.

2011-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_srp.c, lib/gnutls_srp.h: gnutls_srp_verifier()
	returns data allocated with gnutls_malloc() for consistency.

2011-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: reduced error message.

2011-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: simplified text.

2011-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/fdl.tex, doc/latex/gnutls.tex: FDL is now included using
	a tiny font.

2011-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-intro-tls.texi,
	doc/examples/ex-client1.c, doc/scripts/mytexi2latex: Tables were
	also made floating

2011-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-internals.texi,
	doc/cha-intro-tls.texi, doc/cha-library.texi,
	doc/scripts/mytexi2latex: figures were made floating.

2011-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/latex/cover.tex.in, doc/scripts/mytexi2latex: Added
	high-quality pdf images.

2011-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/latex/.gitignore: more files to ignore

2011-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/Makefile.am, doc/cha-auth.texi,
	doc/cha-bib.texi, doc/cha-cert-auth.texi,
	doc/cha-ciphersuites.texi, doc/cha-errors.texi,
	doc/cha-functions.texi, doc/cha-gtls-app.texi,
	doc/cha-internals.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
	doc/cha-support.texi, doc/cha-tls-app.texi, doc/errcodes.c,
	doc/examples/ex-client1.c, doc/examples/ex-pkcs11-list.c,
	doc/examples/ex-serv-anon.c, doc/gnutls.texi,
	doc/latex/Makefile.am, doc/latex/cover.tex.in, doc/latex/fdl.tex,
	doc/latex/gnutls.bib, doc/latex/gnutls.tex, doc/latex/macros.tex,
	doc/printlist.c, doc/scripts/mytexi2latex, doc/scripts/sort1.pl,
	doc/signatures.texi: updated documentation to allow latex output.

2011-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c, lib/x509/crq.c, lib/x509/x509.c,
	lib/x509/x509_write.c: corrected typos

2011-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/examples/Makefile.am,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-udp.c,
	doc/examples/ex-crq.c, doc/examples/ex-pkcs11-list.c,
	doc/examples/ex-session-info.c, doc/examples/ex-verify.c: indented
	code.  Corrected PKCS #11 example.

2011-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: added missing file.

2011-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, NEWS, lib/includes/gnutls/gnutls.h.in, m4/hooks.m4: 
	bumped version.

2011-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_errors.c, lib/includes/gnutls/pkcs11.h,
	lib/pkcs11.c, lib/pkcs11_write.c, src/p11tool-gaa.c,
	src/p11tool-gaa.h, src/p11tool.c, src/p11tool.gaa, src/p11tool.h,
	src/pkcs11.c: Added new PKCS #11 flags to force an object being
	private or not.  Those are GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and
	GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE.  p11tool supports now the
	--no-private and --private options.

2011-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11common.c: Limit the number of attempts with the same PIN,
	to avoid attempting again and again with a wrong PIN.

2011-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: When writing an object with CKA_TRUSTED set
	CKA_PRIVATE explicitly to FALSE, to allow the SO to write it.
	Reported by Rickard Bellgrim.

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: updated

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: removed unneeded test.

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Enforce the GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO even if
	GNUTLS_PKCS11_OBJ_FLAG_LOGIN is specified.

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/p11common.c, src/pkcs11.c: Use common code
	for PKCS #11 callbacks across clients.  Require SO login to write a
	trusted object.

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c, lib/ext/safe_renegotiation.h: bit
	fields changed to unsigned.

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/x509/privkey.c: Moved null check before
	initialization.

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/keydb.c: removed unreachable code warning

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/hash.c, lib/opencdk/main.h, lib/opencdk/stream.c,
	lib/opencdk/write-packet.c: eliminated wipemem().

2011-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c: corrected uninitialized variable warning.

2011-06-16  Rickard Bellgrim <rickard@opendnssec.org>

	* lib/pkcs11_write.c: The CKA_SUBJECT must be specified for a
	certificate.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, src/pkcs11.c: When
	setting the TRUSTED flag login as security officer.

2011-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: write label in PKCS #11 privkey.

2011-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c: define ck_bool_t to be compatible with PKCS #11
	bool type.

2011-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: ignore more warnings.

2011-06-09  Stef Walter <stefw@collabora.co.uk>

	* lib/Makefile.am, lib/pkcs11_int.h, lib/pkcs11_spec.h: Use pkcs11.h
	specification file from p11-kit.   * Remove one included briefly in gnutls.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-09  Stef Walter <stefw@collabora.co.uk>

	* lib/pkcs11.c, src/cli.c, src/p11common.c, src/pkcs11.c,
	tests/suite/mini-eagain2.c: Fix up compiler warnings.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_spec.h: Added missing file

2011-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: document new config file format and path.

2011-06-07  Stef Walter <stefw@collabora.co.uk>

	* configure.ac, doc/examples/Makefile.am, lib/Makefile.am,
	lib/auth/cert.c, lib/gnutls_global.c, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/pakchois/README,
	lib/pakchois/dlopen.c, lib/pakchois/dlopen.h,
	lib/pakchois/errors.c, lib/pakchois/pakchois.c,
	lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c, src/Makefile.am, src/certtool-common.c,
	src/certtool.c, src/cli.c, src/p11tool.c, src/serv.c: The attached
	patch ports gnutls to p11-kit.  p11-kit is added as a dependency.
	p11-kit itself has no dependencies outside of basic libc stuff. The
	source code for p11-kit is available both in git and tarball form.
	[3] If the gnutls dependency on p11-kit is disabled (via a configure
	option) then the PKCS#11 support is disabled. This is useful in bare
	bones embedded systems or places where very minimal dependencies are
	limited.

2011-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: updated

2011-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_privkey.c: Return error code when an
	object is not found.  Only request for token insertion if the
	expected data is not found.  Based on patch by Stef Walter.

2011-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Depend on automake 1.11.

2011-06-06  Stef Walter <stefw@collabora.co.uk>

	* tests/suite/Makefile.am: tests: Build eagain-cli with correct
	libraries  * Add -ldl -lpthread to linker flags Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-05-30  Stef Walter <stefw@collabora.co.uk>

	* src/cli.c: gnutls-cli: Fix uninitialized variable when PKCS#11
	uris in use.   * When PKCS#11 URIs are in use previously tried to free
	   uninitialized memory. Initialize to zero.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-05-30  Stef Walter <stefw@collabora.co.uk>

	* lib/pkcs11.c: pkcs11: Accept CKR_USER_ALREADY_LOGGED_IN as
	successful result for PAP Login  * When doing CKF_PROTECTED_AUTHENTICATION_PATH login, accept    CKR_USER_ALREADY_LOGGED_IN as a successful result.   * Another code path, or another consumer of the same PKCS#11 module    may have already logged in.   * This is what the non PAP code path already does.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-06  Stef Walter <stefw@collabora.co.uk>

	* lib/auth/srp.c, lib/auth/srp_rsa.c, lib/ext/session_ticket.c,
	lib/gnutls_compress.c, lib/hash.c, lib/nettle/ecc_mulmod.c,
	lib/x509/common.c: Remove unused variables  * GCC 4.6.0 prints a warning, and build failes with -Wunused Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: use gnutls_assert_val() in EGD errors.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa, tests/openpgp-certs/testcerts,
	tests/scripts/common.sh, tests/suite/testcompat-main,
	tests/suite/testsrn: Corrected fail() shell function. Reported by
	Andreas Metzler.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa: Corrected typo. Reported by Andreas Metzler.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am: regenerated makefile.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: documentation fix.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/aes-x86.c,
	lib/accelerated/intel/asm/appro-aes-gcm-x86.s: pclmul is not used on
	intel 32-bit systems.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-x86.c, lib/gnutls_global.h,
	lib/gnutls_priority.c: When AES and GCM acceleration is available
	increase the priority of AES-GCM ciphersuites in performance and
	normal cases.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gcrypt/cipher.c, lib/gcrypt/pk.c: prevent compilation of
	gcrypt support since it is incomplete.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/algorithms/ciphers.c,
	lib/algorithms/ciphersuites.c, lib/gcrypt/cipher.c,
	lib/nettle/cipher.c, m4/hooks.m4: do not use NETTLE_LIBS to include
	hogweed and gmp.  removed ENABLE_CAMELLIA and NETTLE_GCM.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: improved benchmark.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-cert-auth.texi, doc/cha-internals.texi,
	doc/cha-intro-tls.texi, doc/cha-library.texi,
	doc/cha-programs.texi, doc/examples/ex-session-info.c,
	doc/gnutls-certificate-user-use-case.pdf,
	doc/gnutls-client-server-use-case.pdf,
	doc/gnutls-extensions_st.pdf, doc/gnutls-handshake-sequence.pdf,
	doc/gnutls-handshake-state.pdf, doc/gnutls-internals.pdf,
	doc/gnutls-layers.pdf, doc/gnutls-logo.pdf,
	doc/gnutls-mod_auth_st.pdf, doc/gnutls-objects.pdf,
	doc/gnutls-pgp.pdf, doc/gnutls-x509.pdf, doc/gnutls.texi: Updated
	documentation.  Removed all .pdf files. They were not needed.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/gnutls_handshake.c: Avoid memory allocations when requesting the
	supported ciphersuites.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-x86.c: more verbose if the PCLMUL
	instruction is detected.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cipher-test.c: Added debugging ability to cipher-test.

2011-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: more cleanup.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: Added new TODO items.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: removed completed items from todo list

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: reinstated MAC-ALL semantics.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session_pack.c: store the ECC curve in the session
	resumption parameters.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-cert-auth.texi, doc/examples/ex-verify.c,
	lib/gnutls_cert.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/verify-high.c, tests/Makefile.am, tests/x509cert-tl.c: 
	Added gnutls_x509_trust_list_add_named_crt() and
	gnutls_x509_trust_list_verify_named_crt() that allow having a list
	of certificates in the trusted list that will be associated with a
	name (e.g. server name) and will not be used as CAs.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-intro-tls.texi,
	lib/accelerated/intel/aes-gcm-x86.c,
	lib/accelerated/intel/aes-x86.c, lib/algorithms/ciphersuites.c,
	lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/cipher.c: Added SuiteB ciphersuites. Added SUITEB128 and
	SUITEB192 priority strings.  SECURE256 was renamed to SECURE192
	(because TLS ciphersuite's security level was not enough to justify
	256-bits).

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: 
	gnutls_ecc_curve_get() was added.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: The PRF is now read from the ciphersuite
	table.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: Print information on elliptic curve sessions.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
	lib/gnutls_sig.h, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: Split
	pubkey_verify_sig() to pubkey_verify_hashed_data() and
	pubkey_verify_data().  Added gnutls_pubkey_verify_data2() to allow
	verification of a signature when the signature algorithm cannot be
	determined by the signature and the public key only.

2011-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.h, lib/gnutls_sig.c: Allow all SHA algorithms
	for DSA signatures.

2011-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: fixes for
	http://tools.ietf.org/html/draft-mavrogiannopoulos-tls-dss-00

2011-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_handshake.c: 
	simplified _gnutls_selected_cert_supported_kx().

2011-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/nettle/pk.c, lib/x509/verify.c: 
	Truncation of ECDSA and DSA signatures moved to
	_wrap_nettle_pk_sign() and _wrap_nettle_pk_verify().

2011-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/algorithms/sign.c, lib/ext/signature.c, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_sig.c, lib/nettle/pk.c: Simplified the handling of
	handshake messages to be hashed.  Instead of doing a hash during the
	handshake process we now keep the data until handshake is over and
	hash them on demand. This uses more memory but eliminates issues
	with TLS 1.2 and makes the handling simpler.

2011-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c, lib/gnutls_pubkey.c, lib/nettle/pk.c,
	lib/x509/common.h, lib/x509/verify.c: Hash algorithms used for DSA
	and ECDSA correspond to draft-mavrogiannopoulos-tls-dss-00.txt.

2011-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ecc.c: updated

2011-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi, doc/gnutls.texi: Added refint macro to
	refer to internal -non exported- functions. Used it to reference to
	the gnutls_*_register() functions.

2011-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/auth/psk_passwd.c, lib/auth/rsa.c,
	lib/auth/rsa_export.c, lib/auth/srp_passwd.c, lib/crypto-api.c,
	lib/{crypto.c => crypto-backend.c}, lib/crypto-backend.h,
	lib/ext/session_ticket.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.h, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_pk.c, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/misc.c,
	lib/pkcs11_secret.c, lib/random.h, lib/x509/pkcs12.c,
	lib/x509/privkey_pkcs8.c, libextra/gnutls_openssl.c, src/psk.c,
	src/srptool.c, tests/Makefile.am, tests/crypto_rng.c,
	tests/rng-fork.c: gnutls/crypto.h no longer includes functions to
	register ciphers.  Thus the following functions -    gnutls_crypto_bigint_register -    gnutls_crypto_cipher_register -    gnutls_crypto_digest_register -    gnutls_crypto_mac_register -    gnutls_crypto_pk_register -    gnutls_crypto_rnd_register -    gnutls_crypto_single_cipher_register -    gnutls_crypto_single_digest_register -    gnutls_crypto_single_mac_register are only available internally
	via crypto-backend.h.

2011-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath: updated

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
	lib/accelerated/intel/asm/appro-aes-gcm-x86.s,
	lib/accelerated/intel/asm/appro-aes-x86-64.s,
	lib/accelerated/intel/asm/appro-aes-x86.s: typos and date fix in
	license.

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: Added benchmark on GCM ciphersuites and
	arcfour for comparison.

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: corrected typo.

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-gcm-x86.c,
	lib/accelerated/intel/aes-x86.c: indented code

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: properly initialize benchmarks.

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version.

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-gcm-x86.c: Corrections in encryption and
	decryption of incomplete blocks.

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-gcm-x86.c, lib/gnutls_int.h,
	lib/gnutls_state.c: Use nettle's memxor or gnulib's if it doesn't
	exist.

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/aes-gcm-x86.c,
	lib/accelerated/intel/aes-x86.c, lib/accelerated/intel/aes-x86.h,
	lib/accelerated/intel/asm/appro-aes-gcm-x86-64.s,
	lib/accelerated/intel/asm/appro-aes-gcm-x86.s, lib/gnutls_num.c,
	lib/gnutls_num.h, tests/cipher-test.c: Added AES-GCM optimizations
	using the PCLMULQDQ instruction. Uses Andy Polyakov's assembly code.

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: documented usage of gnutls_cipher_add_auth().

2011-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: updates.

2011-05-31  Roman Bogorodskiy <bogorodskiy@gmail.com>

	* lib/Makefile.am: Prevent including installed gnutls' headers.

2011-05-31  Roman Bogorodskiy <bogorodskiy@gmail.com>

	* src/udp-serv.c: Add missing <netinet/in.h> to get sockaddr_in.

2011-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Compatibility text updated.

2011-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/asm/appro-aes-x86-64.s,
	lib/accelerated/intel/asm/appro-aes-x86.s: Added new AES code by
	Andy.

2011-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/x509/ca-key.pem: Added missing file.

2011-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am, lib/nettle/ecc_free.c,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_map.c,
	lib/nettle/ecc_mulmod.c, lib/nettle/ecc_points.c,
	lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c: Added FSF
	copyright to public domain files.

2011-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/accelerated/x86.h: Use cpuid.h if it exists, to
	use the x86 CPUID instruction.

2011-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: Added Dash.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_handshake.c: simplified
	_gnutls_supported_compression_methods().

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_session_pack.c, lib/gnutls_v2_compat.c: Correctly set
	compression method when resuming sessions.  Reported by Dash Shendy.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c: digest_length() uses int as input.

2011-05-28  Stef Walter <stefw@collabora.co.uk>

	* lib/nettle/cipher.c: Fix warnings with GCC 4.5.2

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/Makefile.am, doc/credentials/x509/Makefile.am: 
	Corrected EXTRA_DIST

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: updated keys.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h: Take into account each and every advertized
	public key algorithm when selecting a certificate. Previously we
	were assuming only RSA or DSA, or ANY.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/gnutls-http-serv, src/serv-gaa.c, src/serv-gaa.h,
	src/serv.c, src/serv.gaa: Added feature to specify ecc private keys
	and certificates.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/gnutls_handshake.c, lib/gnutls_state.c: 
	Corrected ECC ciphersuite detection.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/x509-ca-key.pem, doc/credentials/x509-ca.pem,
	doc/credentials/x509-client-key.pem,
	doc/credentials/x509-client.pem, doc/credentials/x509-other-ca.pem,
	doc/credentials/x509-proxy-key.pem, doc/credentials/x509-proxy.pem,
	doc/credentials/x509-server-dsa.pem,
	doc/credentials/x509-server-key-dsa.pem,
	doc/credentials/x509-server-key.pem,
	doc/credentials/x509-server.pem, doc/credentials/x509-trust.pem,
	doc/credentials/x509/ca.pem, doc/credentials/x509/cert-dsa.pem,
	doc/credentials/x509/cert-ecc.pem,
	doc/credentials/x509/cert-rsa.pem, doc/credentials/x509/cert.pem,
	doc/credentials/x509/clicert-dsa.pem,
	doc/credentials/x509/clicert.pem, doc/credentials/x509/key-dsa.pem,
	doc/credentials/x509/key-ecc.pem, doc/credentials/x509/key-rsa.pem,
	doc/credentials/x509/key.pem, lib/nettle/pk.c, lib/x509/verify.c: 
	Laxed verification checks for DSA to allow SHA256 in place of
	SHA224.  Added new certificate sets in doc/credentials/x509/.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: ECDHE and ECDSA were added to deafult
	priorities.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/rsa.c, lib/x509/key_encode.c, lib/x509/privkey_pkcs8.c: 
	gnutls_secure_malloc() is no longer used.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dhe_psk.c, lib/auth/psk.c: deinitialize PSK key memory.

2011-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/psk.c: explicitly request for client key in server side.

2011-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
	lib/auth/anon.c, lib/auth/anon_ecdh.c, lib/auth/dh_common.c,
	lib/auth/dh_common.h, lib/auth/dhe.c, lib/auth/dhe_psk.c,
	lib/auth/ecdh_common.c, lib/auth/ecdh_common.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in: Added ECDHE-PSK ciphersuites for
	TLS (RFC 5489).

2011-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls-guile.texi: Corrections.

2011-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/.gitignore: ignore tex files.

2011-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-copying.texi: Do not list all licenses in the manual of
	gnutls. Just the license of the manual is enough.

2011-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-ciphersuites.texi,
	doc/cha-functions.texi, doc/cha-preface.texi, doc/{guile.texi =>
	gnutls-guile.texi}, guile/src/core.c: guile bindings added as a
	separate document.

2011-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: reorganization. Removed guile bindings.

2011-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/gnutls.texi: reorganization and added section on parameter
	generation.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth/Makefile.am, lib/ext/Makefile.am,
	lib/nettle/Makefile.am: Added new headers.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: document elliptic curves addition.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: libgcrypt support was removed.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: listed newly added functions.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am, lib/nettle/ecc.h,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_shared_secret.c,
	lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_verify_hash.c,
	lib/nettle/mp_unsigned_bin.c: Use nettle's functions for integer
	import/export.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/publickey.c, lib/gnutls_sig.c: more updates for
	ECDSA ciphersuites.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ecc.c: reduced debugging.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/gnutls_sig.c: Changes to allow ECDH-DSA
	with client mode certificates.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/certs/ca-cert-ecc.pem, tests/certs/ca-ecc.pem,
	tests/certs/cert-ecc.pem, tests/certs/ecc.pem,
	tests/suite/testcompat-main: Added server and client mode tests for
	ECDH-ECDSA.

2011-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c, lib/gnutls_db.c, lib/gnutls_dtls.c,
	lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_session_pack.c, lib/gnutls_v2_compat.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/nettle/rnd.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
	lib/opencdk/read-packet.c, lib/opencdk/sig-check.c,
	lib/openpgp/gnutls_openpgp.c, lib/system.c, lib/system.h,
	lib/x509/common.c, lib/x509/verify.c, tests/chainverify.c: Added
	gnutls_global_set_time_function() to allow overriding the default
	system time() function.

2011-05-25  Giuseppe Scrivano <gscrivano@gnu.org>

	* doc/cha-programs.texi: Fix example in the documentation.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-programs.texi: updated documentation on PSK.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc_projective_add_point.c: If Q=-P return the point at
	infinity.

2011-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: Added elliptic curves chain certificate.

2011-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: do not try to write to a socket when no
	data.

2011-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgpself.c: increased log level

2011-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.h, lib/gnutls_handshake.c: 
	_gnutls_handshake_hash_buffer_clear was replaced by
	_gnutls_buffer_clear();

2011-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Only warn on invalid security level hashes.

2011-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: SHA256 is the default hash algorithm in certtool.

2011-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
	lib/gnutls_sig.c, lib/x509/verify.c: Several updates to allow
	generation and signing of an ECC certificate.

2011-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/certtool.1: updated certtool info.

2011-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: corrected bug in ciphersuite name
	searching.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi: Discussed the newly added ciphersuites.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: Added algorithms/ to function index.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: Added ECC ciphersuites from
	rfc5289.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Print the private key after generation. Print ECC
	keys.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ecc.c, lib/gnutls_ecc.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/privkey.c: Added
	gnutls_x509_privkey_import_ecc_raw() and
	gnutls_x509_privkey_export_ecc_raw().

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: Decode PEM ECC private keys.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ecc.c, lib/x509/key_encode.c,
	lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa: updates to allow the generation of
	an ECC private key.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: do not crash on null message.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c, lib/algorithms/kx.c,
	lib/auth/cert.c, lib/auth/dhe.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/ecc_sign_hash.c,
	lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/rnd.h,
	lib/x509/common.h, lib/x509/verify.c: Added support for verifying
	server certificates with ECDSA.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/ecc.c: Only reply with ECC Packet format extension if we
	have negotiated ECC.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem, tests/pkcs12_s2k_pem.c: leak fix
	and updates for new formats.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: Added ECDHE-RSA tests.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c, lib/gnutls_pubkey.c: always put
	leading zero to output keys

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: print the bits together with the security
	level.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: leaks fixes.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: corrected file descriptor leak.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_extra.c: gnutls_algorithms.h -> algorithms.h

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/key_decode.c, lib/x509/key_encode.c: corrected ECC public
	key encoding/decoding.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.c, src/certtool.c: Corrected bug in public key
	import.  print information on ECC public keys.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/crypto.h, lib/nettle/pk.c,
	lib/x509/key_encode.c, lib/x509/x509_int.h: No need to keep Z in
	parameters since the pubkey can always be converted to an affine
	point.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map,
	lib/x509/common.c, lib/x509/key_decode.c, lib/x509/mpi.c,
	lib/x509/output.c: print information on ECC certificates.

2011-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/algorithms.h, lib/algorithms/ecc.c,
	lib/auth/anon.h, lib/auth/ecdh_common.c, lib/auth/ecdh_common.h,
	lib/auth/rsa.c, lib/auth/rsa_export.c, lib/ext/ecc.c,
	lib/gnutls.asn, lib/gnutls_asn1_tab.c, lib/gnutls_ecc.c,
	lib/gnutls_ecc.h, lib/gnutls_errors.c, lib/gnutls_int.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_state.c, lib/gnutls_state.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/nettle/ecc_test.c, lib/nettle/pk.c,
	lib/openpgp/openpgp_int.h, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c, lib/x509/Makefile.am, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crq.c, lib/x509/key_decode.c,
	lib/x509/key_encode.c, lib/x509/mpi.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_int.h, lib/x509/x509_write.c: gnutls_pk_params_st is
	used internally to transfer public key parameters. This replaces the
	raw bigint_t arrays.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
	lib/algorithms/ecc.c, lib/auth/ecdh_common.c, lib/ext/ecc.c,
	lib/ext/ecc.h: Curve TLS ID is being stored in algorithms/ecc.c.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am, lib/{gnutls_algorithms.h =>
	algorithms.h}, lib/algorithms/Makefile.am,
	lib/algorithms/cert_types.c, lib/algorithms/ciphers.c,
	lib/algorithms/ciphersuites.c, lib/algorithms/ecc.c,
	lib/algorithms/kx.c, lib/algorithms/mac.c,
	lib/algorithms/protocols.c, lib/algorithms/publickey.c,
	lib/algorithms/secparams.c, lib/algorithms/sign.c, lib/auth/cert.c,
	lib/auth/dh_common.c, lib/auth/dhe.c, lib/auth/ecdh_common.c,
	lib/auth/rsa.c, lib/auth/rsa_export.c, lib/ext/session_ticket.c,
	lib/ext/signature.c, lib/ext/srp.c, lib/gnutls_algorithms.c,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_compress.c,
	lib/gnutls_constate.c, lib/gnutls_ecc.c, lib/gnutls_handshake.c,
	lib/gnutls_kx.c, lib/gnutls_priority.c, lib/gnutls_record.c,
	lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
	lib/gnutls_x509.c, lib/nettle/ecc_test.c, lib/nettle/mpi.c,
	lib/opencdk/read-packet.c, lib/x509/common.h,
	lib/x509/privkey_pkcs8.c: gnutls_algorithms.c was split into
	manageable files in algorithms/.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: use the _gnutls_session_is_ecc() to check
	for ECDH.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c, lib/x509/x509.c: 
	Added OIDs and definitions for ECDSA signature algorithm.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: Print purpose of testing.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-tls.c: compare ECDH and DH on the same security
	level.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_priority.c: Added ability to
	specify curves as priority strings.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc.h: removed ecc_is_valid_idx() prototype

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/ecc.h, lib/nettle/ecc_make_key.c,
	lib/nettle/ecc_map.c, lib/nettle/ecc_mulmod.c,
	lib/nettle/ecc_points.c, lib/nettle/ecc_projective_add_point.c,
	lib/nettle/ecc_projective_dbl_point.c,
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_test.c,
	lib/nettle/ecc_verify_hash.c, lib/nettle/pk.c: Dropped ltc_ from
	function and type names.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509cert.c: corrected memory leak.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: use new nettle's name for gcm_aes_auth().

2011-05-21  Simon Josefsson <simon@josefsson.org>

	* gl/hmac-md5.c, gl/m4/valgrind-tests.m4, gl/memxor.c, gl/memxor.h,
	gl/override/lib/hmac-md5.c.diff, gl/override/lib/memxor.c.diff,
	gl/override/lib/memxor.h.diff,
	gl/override/m4/valgrind-tests.m4.diff: Override gnulib code with fix
	for memxor and valgrind.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/anon_ecdh.c, lib/auth/dh_common.c, lib/auth/dhe.c,
	lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
	lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/includes/gnutls/gnutls.h.in: Added support
	for ECDHE-RSA ciphersuites.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/eagain-common.h: inlined function to avoid gcc warnings

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/Makefile.am, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
	lib/nettle/ecc_make_key.c, lib/nettle/{ltc_ecc_map.c => ecc_map.c},
	lib/nettle/{ltc_ecc_mulmod.c => ecc_mulmod.c},
	lib/nettle/{ltc_ecc_points.c => ecc_points.c},
	lib/nettle/{ltc_ecc_projective_add_point.c =>
	ecc_projective_add_point.c},
	lib/nettle/{ltc_ecc_projective_dbl_point.c =>
	ecc_projective_dbl_point.c},
	lib/nettle/ecc_projective_dbl_point_3.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c: Added previous
	code that was fixed for y^2 = x^3 - 3x + b, because all secg curves
	have a fixed to -3.  Simplified file naming scheme.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_int.h: Added SECP224R1.

2011-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/benchmark-cipher.c, src/benchmark-tls.c,
	src/benchmark.c, src/benchmark.h: updates to benchmarks.

2011-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/nettle/ecc_test.c: Added curve SECP512R1.

2011-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-cipher.c, src/benchmark-common.c, src/benchmark.c: 
	benchmark ECDH and DH.

2011-05-20  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath, gl/Makefile.am, gl/alignof.h,
	gl/glthread/lock.c, gl/glthread/lock.h, gl/glthread/threadlib.c,
	gl/hmac-md5.c, gl/intprops.h, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/strerror.m4, gl/m4/strerror_r.m4,
	gl/m4/thread.m4, gl/m4/valgrind-tests.m4, gl/m4/yield.m4,
	gl/memxor.c, gl/memxor.h, gl/stdint.in.h, gl/strerror-impl.h,
	gl/strerror.c, gl/strerror_r.c, gl/tests/Makefile.am,
	gl/tests/dummy.c, gl/tests/glthread/thread.c,
	gl/tests/glthread/thread.h, gl/tests/glthread/yield.h,
	gl/tests/test-intprops.c, gl/tests/test-lock.c,
	gl/tests/test-strerror.c, gl/tests/test-strerror_r.c: Update gnulib
	files.

2011-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdh_common.c, lib/gnutls_handshake.c, src/common.c: 
	client side ECC fixes.

2011-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: corrected debugging.

2011-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/ecdh_common.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_global.c,
	lib/includes/gnutls/crypto.h, lib/nettle/ecc.h,
	lib/nettle/ecc_free.c, lib/nettle/ecc_make_key.c,
	lib/nettle/ecc_shared_secret.c, lib/nettle/ecc_sign_hash.c,
	lib/nettle/ecc_test.c, lib/nettle/ecc_verify_hash.c,
	lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
	lib/nettle/ltc_ecc_points.c,
	lib/nettle/ltc_ecc_projective_add_point.c,
	lib/nettle/ltc_ecc_projective_dbl_point.c, lib/nettle/pk.c,
	lib/x509/x509_int.h: Account 'A' in calculations for point doubling.

2011-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/alignof.h, gl/close-hook.h, gl/error.c,
	gl/error.h, gl/{close-hook.c => fd-hook.c}, gl/fd-hook.h,
	gl/glthread/lock.c, gl/glthread/lock.h, gl/glthread/threadlib.c,
	gl/intprops.h, gl/m4/error.m4, gl/m4/fcntl_h.m4, gl/m4/fseeko.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inttypes.m4,
	gl/m4/manywarnings.m4, gl/m4/memchr.m4, gl/m4/netdb_h.m4,
	gl/m4/stdint.m4, gl/m4/stdio_h.m4, gl/m4/strerror.m4,
	gl/m4/strerror_r.m4, gl/m4/string_h.m4, gl/m4/sys_uio_h.m4,
	gl/m4/thread.m4, gl/m4/unistd_h.m4, gl/m4/warnings.m4,
	gl/m4/wchar_h.m4, gl/m4/yield.m4, gl/malloc.c, gl/netdb.in.h,
	gl/realloc.c, gl/sockets.c, gl/stdint.in.h, gl/stdio.in.h,
	gl/stdlib.in.h, gl/strerror-impl.h, gl/strerror.c, gl/strerror_r.c,
	gl/string.in.h, gl/sys_socket.in.h, gl/sys_uio.in.h,
	gl/tests/Makefile.am, gl/tests/dummy.c, gl/tests/fcntl.in.h,
	gl/tests/glthread/thread.c, gl/tests/glthread/thread.h,
	gl/tests/glthread/yield.h, gl/tests/intprops.h,
	gl/tests/inttypes.in.h, gl/tests/test-fcntl-h.c,
	gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
	gl/tests/test-lock.c, gl/tests/test-strerror.c,
	gl/tests/test-strerror_r.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_uio.c, gl/unistd.in.h, gl/verify.h, gl/wchar.in.h: 
	Added new gnulib and error.h.

2011-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: removed debugging.

2011-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: added error.h

2011-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth/Makefile.am, lib/auth/anon.h,
	lib/auth/anon_ecdh.c, lib/auth/ecdh_common.c,
	lib/auth/ecdh_common.h, lib/ext/Makefile.am, lib/ext/ecc.c,
	lib/ext/ecc.h, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_dh.c, lib/gnutls_ecc.c, lib/gnutls_ecc.h,
	lib/gnutls_errors.c, lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_int.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_priority.c, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/nettle/Makefile.am, lib/nettle/ecc.h, lib/nettle/ecc_free.c,
	lib/nettle/ecc_make_key.c, lib/nettle/ecc_shared_secret.c,
	lib/nettle/ecc_sign_hash.c, lib/nettle/ecc_test.c,
	lib/nettle/ecc_verify_hash.c, lib/nettle/gnettle.h,
	lib/nettle/ltc_ecc_map.c, lib/nettle/ltc_ecc_mulmod.c,
	lib/nettle/ltc_ecc_points.c,
	lib/nettle/ltc_ecc_projective_add_point.c,
	lib/nettle/ltc_ecc_projective_dbl_point.c,
	lib/nettle/mp_unsigned_bin.c, lib/nettle/mpi.c, lib/nettle/multi.c,
	lib/nettle/pk.c, lib/nettle/rnd.c, lib/nettle/rnd.h,
	lib/x509/x509_int.h: Initial ecc support. Adds support for anonymous
	ECDH ciphersuites.

2011-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-common.c, src/benchmark.h: more win32 fixes.

2011-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark-common.c: corrections in win32 version.

2011-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c, lib/gnutls_extensions.c: Some debugging moved
	to a higher level.

2011-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/benchmark-common.c, src/benchmark-tls.c,
	src/benchmark.c, src/benchmark.h, tests/eagain-common.h: Added
	benchmark utility that tests the encryption time in TLS packets.

2011-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11common.c: corrected message reporting.

2011-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11common.c: Corrected PIN caching.

2011-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: assign value

2011-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mpi.c: reduce the repetitions for rabin-miller to a
	sensible value.

2011-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: discuss missing algorithms.

2011-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2011-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c, lib/gnutls_str.h, lib/pkcs11.c: Correctly import
	and export pkcs11-urls with ID field set.

2011-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/egd.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
	lib/opencdk/read-packet.c, lib/pkcs11.c, lib/x509/common.c,
	lib/x509_b64.c, lib/x509_b64.h: eliminated last instances of
	strcpy() and strcat() to keep pendantics happy.

2011-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: update on compatibility issues text.

2011-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: doc update in gnutls_pkcs11_init()

2011-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-preface.texi: removed references that produced nothing in
	pdf.

2011-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Added missing nodes.

2011-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Added discussion on compatibility issues.

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openssl.c: undef X509_NAME before including
	openssl.h.

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/accelerated/intel/aes-x86.c,
	lib/auth/rsa.c, lib/auth/rsa_export.c, lib/auth/srp.c,
	lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_handshake.c, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c,
	src/serv.c: Added gnutls_global_set_audit_log_function() that allows
	associating TLS session with several important issues.

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/crq.c: updates

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/crq.c, lib/x509/x509_write.c, tests/crq_key_id.c: Added
	gnutls_x509_crq_verify().

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/certtool.1, src/Makefile.am, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c, src/common.c,
	src/p11common.c, src/p11common.h, src/pkcs11.c: certtool can now
	load private keys and public keys from PKCS #11 tokens (via URLs).

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_import_url() will
	correctly set algorithm of private key.

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/certtool.c, src/p11tool.c: No libgnutls-extra
	is required for certtool or p11tool.

2011-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/rng-fork.c: Do not use /tmp for temporary file. Just use the
	local (test) directory.

2011-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/hostname-check.c: Added a check to verify that we don't try
	forever trying to verify too many wildcards.

2011-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS, lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/pgp.c,
	lib/x509/rfc2818_hostname.c: _gnutls_hostname_compare() was
	incredibly slow when over ten wildcards were present. Set a limit on
	6 wildcards to avoid any denial of service attack. Reported by Kalle
	Olavi Niemitalo.

2011-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c, lib/opencdk/misc.c: Use c_toupper to avoid
	converting characters non in the english ASCII set. Reported by
	Kalle Olavi Niemitalo.

2011-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: use > 0 instead of == 1.

2011-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, NEWS, lib/gnutls_cert.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/verify-high.c, tests/Makefile.am,
	tests/x509cert.c: Added gnutls_certificate_get_issuer() to allow
	getting the issuer a certificate from the certificate credentials
	structure.

2011-04-30  Andreas Metzler <ametzler@downhill.at.eu.org>

	* doc/manpages/p11tool.1: escape dashes in manpage Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, gl/m4/.gitignore, gl/m4/byteswap.m4,
	gl/m4/codeset.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
	gl/m4/func.m4, gl/m4/gettext.m4, gl/m4/glibc2.m4, gl/m4/glibc21.m4,
	gl/m4/hmac-md5.m4, gl/m4/iconv.m4, gl/m4/intdiv0.m4, gl/m4/intl.m4,
	gl/m4/intldir.m4, gl/m4/intlmacosx.m4, gl/m4/intmax.m4,
	gl/m4/inttypes-pri.m4, gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
	gl/m4/ld-version-script.m4, gl/m4/lock.m4, gl/m4/md5.m4,
	gl/m4/memmem.m4, gl/m4/memxor.m4, gl/m4/nls.m4, gl/m4/po.m4,
	gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/strcase.m4,
	gl/m4/strdup.m4, gl/m4/strings_h.m4, gl/m4/strverscmp.m4,
	gl/m4/threadlib.m4, gl/m4/time_r.m4, gl/m4/uintmax_t.m4,
	gl/m4/valgrind-tests.m4, gl/m4/vasprintf.m4, gl/m4/visibility.m4,
	gl/m4/vsnprintf.m4, gl/tests/.gitignore, gl/tests/intprops.h,
	gl/tests/test-byteswap.c, gl/tests/test-func.c,
	gl/tests/test-hmac-md5.c, gl/tests/test-md5.c,
	gl/tests/test-strings.c, gl/tests/test-strverscmp.c,
	gl/tests/test-u64.c, gl/tests/test-vasprintf.c,
	gl/tests/test-vsnprintf.c: Added missing m4 gl files.

2011-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented previous updates.

2011-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: Check for openssl 1.0.x to test DTLS.

2011-04-28  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/Makefile.am, guile/modules/gnutls/build/tests.scm,
	guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
	guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
	guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
	guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
	guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm: guile:
	Fix tests to match the `exit' behavior introduced in Guile 2.0.1.  This fix makes tests behave correctly wrt. to the Guile bug fix at

	<http://git.sv.gnu.org/cgit/guile.git/commit/?id=e309f3bf9ee910c4772353ca3ff95f6f4ef466b5>.

2011-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.pc.in: removed pakchois dependency

2011-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: updated for release

2011-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509dn.c: added missing header.

2011-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/Makefile.am: pass tag=CC to libtool. It
	seems automake cannot really work with assembler sources.

2011-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pcert.c, lib/openpgp/gnutls_openpgp.c: documentation
	fixes.

2011-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: start counting from 2009 for ChangeLog.

2011-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/hostname-check.c: Removed incorrect test on IPAddresses (was
	relying on IPaddresses encoded as text)

2011-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname() will
	never compare against IPaddress.  (previous comparison was flawed)

2011-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select.c, lib/auth/cert.c, lib/auth/cert.h,
	lib/gnutls_cert.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/certtool.c,
	src/cli.c, tests/x509dn.c: Added
	gnutls_certificate_set_retrieve_function2() to replace
	gnutls_certificate_set_retrieve_function(). The new one is a
	efficient for busy servers because it eliminates the need for the
	server to encode the certificate to DER format.

2011-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_errors.c,
	lib/includes/gnutls/gnutls.h.in: Added GNUTLS_E_USER_ERROR

2011-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c, lib/ext/signature.c, lib/ext/signature.h,
	lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map: Eliminated the need for sign_algo in
	gnutls_pcert_st. This means that we don't follow RFC5246 by letter,
	but there wasn't any other implementation using the sign_algorithm
	part of the certificate selection, and this helps reduce complexity.

2011-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cfg/Makefile.am, src/cfg/README: Added readme for libcfg.

2011-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: No need to check for -maes and -mpclmul with the
	current AES-NI code.

2011-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated

2011-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/abstract_int.h, lib/auth/cert.c,
	lib/auth/cert.h, lib/auth/dhe.c, lib/auth/rsa.c,
	lib/auth/rsa_export.c, lib/auth/srp_rsa.c, lib/ext/signature.c,
	lib/ext/signature.h, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_mpi.c, lib/gnutls_pcert.c, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/includes/gnutls/abstract.h,
	lib/opencdk/pubkey.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
	lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
	lib/pkcs11_int.h, lib/x509/common.h, lib/x509/pkcs12_encr.c,
	lib/x509/sign.c, lib/x509/verify-high.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h: Combined external abstract API
	with internal usage of gnutls_cert.  This results to a
	gnutls_pcert_st struct exported in abstract.h.  This change will allow a certificate retrieval callback that does
	not require gnutls to decode or encode the provided certificate.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_priority.c: Restored HMAC-MD5 for compatibility.
	Although considered weak, several sites require it for connection.
	It is enabled for "NORMAL" and "PERFORMANCE" priority strings.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-x86.c: Try to detect AES-NI on Intel and
	AMD machines only.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/README, lib/accelerated/intel/aes-x86.c,
	lib/accelerated/intel/asm/appro-aes-x86-64.s,
	lib/accelerated/intel/asm/appro-aes-x86.s,
	lib/accelerated/intel/asm/x64_iaesx64.s,
	lib/accelerated/intel/asm/x86_iaesx86.s,
	lib/accelerated/intel/iaes_asm_interface.h,
	lib/accelerated/intel/iaesni.h, lib/accelerated/intel/license.txt: 
	Added Andy Polyakov's version of AES-NI optimizations.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: more files to ignore

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: COMP-ZLIB -> COMP-DEFLATE

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, m4/hooks.m4: Link with pthreads.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: read API from new directories as well.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/Makefile.am: corrected filename

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.c: removed conditional compilation

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/session_ticket.h: removed conditional compilation.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/cryptodev.c: use correct header.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/README: documented directories.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/accelerated/Makefile.am, lib/{ =>
	accelerated}/cryptodev.c, lib/{gnutls_cryptodev.h =>
	accelerated/cryptodev.h}, lib/gnutls_global.c: Moved cryptodev to
	accelerated/

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_handshake.c: Session tickets
	are included unconditionally.

2011-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am, lib/auth/Makefile.am,
	lib/{auth_anon.c => auth/anon.c}, lib/{auth_anon.h => auth/anon.h},
	lib/{auth_cert.c => auth/cert.c}, lib/{auth_cert.h => auth/cert.h},
	lib/{auth_dh_common.c => auth/dh_common.c}, lib/{auth_dh_common.h
	=> auth/dh_common.h}, lib/{auth_dhe.c => auth/dhe.c},
	lib/{auth_dhe_psk.c => auth/dhe_psk.c}, lib/{auth_psk.c =>
	auth/psk.c}, lib/{auth_psk.h => auth/psk.h}, lib/{auth_psk_passwd.c
	=> auth/psk_passwd.c}, lib/{auth_psk_passwd.h =>
	auth/psk_passwd.h}, lib/{auth_rsa.c => auth/rsa.c},
	lib/{auth_rsa_export.c => auth/rsa_export.c}, lib/{auth_srp.c =>
	auth/srp.c}, lib/{auth_srp.h => auth/srp.h}, lib/{auth_srp_passwd.c
	=> auth/srp_passwd.c}, lib/{auth_srp_passwd.h =>
	auth/srp_passwd.h}, lib/{auth_srp_rsa.c => auth/srp_rsa.c},
	lib/{auth_srp_sb64.c => auth/srp_sb64.c}, lib/ext/Makefile.am,
	lib/{ext_cert_type.c => ext/cert_type.c}, lib/{ext_cert_type.h =>
	ext/cert_type.h}, lib/{ext_max_record.c => ext/max_record.c},
	lib/{ext_max_record.h => ext/max_record.h},
	lib/{ext_safe_renegotiation.c => ext/safe_renegotiation.c},
	lib/{ext_safe_renegotiation.h => ext/safe_renegotiation.h},
	lib/{ext_server_name.c => ext/server_name.c},
	lib/{ext_server_name.h => ext/server_name.h},
	lib/{ext_session_ticket.c => ext/session_ticket.c},
	lib/{ext_session_ticket.h => ext/session_ticket.h},
	lib/{ext_signature.c => ext/signature.c}, lib/{ext_signature.h =>
	ext/signature.h}, lib/{ext_srp.c => ext/srp.c}, lib/{ext_srp.h =>
	ext/srp.h}, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_cert.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c,
	lib/gnutls_psk.c, lib/gnutls_record.c, lib/gnutls_session_pack.c,
	lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.h,
	m4/hooks.m4: The auth_ and ext_ files were moved to respective
	directories.

2011-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Reorganized sections in documentation.

2011-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cxx.cpp: removed unneeded comment.

2011-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: Added missing
	headers.

2011-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/{x509paths => suite}/chain,
	tests/suite/{testbig => testcompat}, tests/suite/{testbig-main =>
	testcompat-main}, tests/suite/x509paths/.gitignore, tests/{ =>
	suite}/x509paths/README: x509paths tests moved to suite/.

2011-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/certs/cert-rsa-2432.pem, tests/certs/rsa-2432.pem,
	tests/scripts/common.sh, tests/suite/Makefile.am,
	tests/suite/testbig, tests/suite/testbig-main: Added
	interoperability tests with openssl.

2011-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: Corrected SSLv2 header parsing.

2011-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/x509-server-dsa.pem,
	doc/credentials/x509-server-key-dsa.pem: corrected illegal DSA key.

2011-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/testsrn: Enabled the extra
	safe renegotiation tests.

2011-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: removed opaque PRF from m4.

2011-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: removed text about select().

2011-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am: check for libdl that pakchois
	needs.

2011-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/pakchois/README: Added readme about pakchois
	and removed checks for pakchois in Makefile.am.

2011-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: Reorganization in configure file.
	Pakchois is not longer checked for being present. The included
	version is always used.

2011-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/.gitignore, gl/asprintf.c, gl/byteswap.in.h, gl/hmac-md5.c,
	gl/hmac.h, gl/md5.c, gl/md5.h, gl/memmem.c, gl/memxor.c,
	gl/memxor.h, gl/str-two-way.h, gl/strcasecmp.c, gl/strdup.c,
	gl/strings.in.h, gl/strncasecmp.c, gl/strverscmp.c, gl/time_r.c,
	gl/u64.h, gl/unistd.h, gl/vasprintf.c, gl/vsnprintf.c,
	gl/warn-on-use.h, gl/wchar.h: Added missing gnulib files

2011-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: Added missing const.

2011-04-12  Ludovic Courtès <ludo@gnu.org>

	* NEWS, src/certtool-common.c, src/certtool.c, src/p11tool.c,
	tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: 
	Don't include <gcrypt.h> when it's not needed.

2011-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: fixed and updates in documentation

2011-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls-crypto-layers.eps: Updated crypto layers documentation.

2011-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/aes-x86.c,
	lib/accelerated/intel/asm/x64_do_rdtsc.s,
	lib/accelerated/intel/asm/x86_do_rdtsc.s, tests/cipher-test.c: 
	Updates in the AES-NI accelerator.

2011-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c, lib/includes/gnutls/crypto.h, lib/libgnutls.map: 
	Added gnutls_cipher_set_iv().

2011-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/cipher-test.c: Added test vectors for
	AES,SHAxxx and MD5.

2011-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/intel/aes-x86.c, lib/crypto.c,
	lib/includes/gnutls/crypto.h: Increased priority of CPU assisted
	ciphers.

2011-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: Do not rely on lowat being set.

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/Makefile.am, lib/accelerated/intel/Makefile.am,
	lib/accelerated/intel/README: Added README explaining the usage of
	Intel AES library.

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: Corrected parsing error in TLS, when many
	handshake messages were packed in a single record message.

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, lib/accelerated/Makefile.am,
	lib/accelerated/accelerated.c, lib/accelerated/aes-x86.c,
	lib/accelerated/intel/Makefile.am, lib/accelerated/intel/aes-x86.c,
	lib/accelerated/{ => intel}/aes-x86.h,
	lib/accelerated/intel/asm/x64_do_rdtsc.s,
	lib/accelerated/intel/asm/x64_iaesx64.s,
	lib/accelerated/intel/asm/x86_do_rdtsc.s,
	lib/accelerated/intel/asm/x86_iaesx86.s,
	lib/accelerated/intel/iaes_asm_interface.h,
	lib/accelerated/intel/iaesni.h, lib/accelerated/intel/license.txt,
	m4/gcc.m4: fixes in acceleration detection.  Added Intel's library
	code for AES-NI acceleration.

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/modules/gnutls/build/enums.scm, lib/libgnutls.map,
	libextra/Makefile.am: Purged all references of LZO.

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: removed duplicate test

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cxx.cpp, gl/time.in.h: No need to under restrict
	for C++. Only use config.h.

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/gnutls.h.in, lib/system_override.c: 
	gnutls_transport_set_global_errno() is no more.

2011-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/eagain-common.h, tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
	tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c: 
	Combined the safe renegotiation tests with the again-common lib.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, doc/cha-intro-tls.texi, doc/cha-preface.texi,
	doc/cha-programs.texi, lib/gnutls_compress.c, lib/gnutls_errors.c,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, libextra/gnutls_extra.c, m4/hooks.m4: Support for
	liblzo was dropped.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac: bumped version

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, gl/time.h, gl/time.in.h: updated time.h.in

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_dtls.c, lib/gnutls_mem.c,
	lib/gnutls_psk.c, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in, lib/pkcs11.c,
	lib/pkcs11_privkey.c, lib/x509/verify-high.c, lib/x509/verify.c: 
	Corrected documentation of several API functions.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/cha-library.texi: documentation
	updates.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc, doc/scripts/sort2.pl: remove perl warnings from
	scripts.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/Makefile.am, lib/accelerated/Makefile.am,
	lib/accelerated/accelerated.c, lib/accelerated/accelerated.h,
	lib/accelerated/aes-x86.c, lib/accelerated/aes-x86.h,
	lib/accelerated/x86.h, lib/gnutls_global.c, m4/gcc.m4: Added support
	for x86 intel AES instruction acceleration if detected.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/time.h, gl/unistd.h, gl/warn-on-use.h, gl/wchar.h: Added gl/
	files.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: corrected po directory and build-aux paths.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am: include gnulib files.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated TODO

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-certs/testselfsigs: Use --infile in certtool to
	avoid issues with streams in windows.  Patch by LRN.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: Changes armor.c to be able to handle both LF
	and CRLF inputs (output is still either LF-only or CRLF-only
	depending on the platform). Patch by LRN.  Optimizations in the usage of strlen().

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/psk.c, src/serv.c, src/srptool.c, src/tests.c: 
	Define variables within the intended scope (not windows). Based on
	patch by LRN.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c, src/common.c, src/pkcs11.c: 
	Use getpass.h (from gnulib). Patch by LRN.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pakchois/dlopen.c: Return correct value for dlclose() in
	windows. Patch by LRN.

2011-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-auth.c: Disable openpgp-auth run in windows due to
	lack of socketpair(). Patch by LRN.

2011-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: gl before lib or libextra

2011-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: generated

2011-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2011-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
	doc/examples/Makefile.am, doc/examples/ex-client-udp.c,
	doc/examples/udp.c, lib/gnutls_state.c: Added documentation for
	Datagram TLS.

2011-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: updated

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: disable test in windows.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-x509-rehandshake.c, tests/openpgp-auth.c,
	tests/openpgp-auth2.c: corrected leaks in tests.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_pk.c: corrected memory leak on RSA
	signatures.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: more leaks fixed in common.c

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: Corrected leaks in gnutls_pubkey_t
	deinitialization.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: fix in trusted_list certificate
	deinitialization.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: correction in deinitialization of privkey.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-x509-rehandshake.c, tests/mini-x509.c: combined more
	tests with eagain-common.h.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dh_common.c, lib/gnutls_privkey.c, lib/gnutls_x509.c,
	lib/nettle/pk.c, lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
	lib/pkcs11.c, lib/x509/verify-high.c, tests/mini-x509.c: Corrected
	memory leaks.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/arg-nonnull.h, build-aux/c++defs.h,
	build-aux/config.rpath, build-aux/warn-on-use.h, cfg.mk,
	gl/Makefile.am, gl/m4/.gitignore, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4: added valgrind from gnulib.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa, tests/openpgp-certs/testcerts: Do not run the
	test scripts in win32 environment.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* cfg.mk: use the system wide gnulib-tool.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/ecore/src/lib/ecore_exe.c: include priority headers
	unconditionally.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/suite/Makefile.am,
	tests/suite/Makefile.in: Better way of not including the tests/suite
	directory. Based on discussion with LRN and Vincent Torri.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, Makefile.am, cfg.mk, configure.ac,
	doc/examples/Makefile.am, doc/gendocs_template, gl/.gitignore,
	gl/Makefile.am, gl/accept.c, gl/alignof.h, gl/alloca.c,
	gl/alloca.in.h, gl/arpa_inet.in.h, gl/asnprintf.c, gl/bind.c,
	gl/c-ctype.c, gl/c-ctype.h, gl/close-hook.c, gl/close-hook.h,
	gl/close.c, gl/connect.c, gl/errno.in.h, gl/error.c, gl/error.h,
	gl/fclose.c, gl/float+.h, gl/float.in.h, gl/fseeko.c, gl/ftello.c,
	gl/gai_strerror.c, gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c,
	gl/getpass.c, gl/getpass.h, gl/gettext.h, gl/gettime.c,
	gl/gettimeofday.c, gl/inet_ntop.c, gl/inet_pton.c, gl/intprops.h,
	gl/listen.c, gl/lseek.c, gl/m4/.gitignore, gl/m4/00gnulib.m4,
	gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/asm-underscore.m4,
	gl/m4/autobuild.m4, gl/m4/clock_time.m4, gl/m4/close.m4,
	gl/m4/errno_h.m4, gl/m4/error.m4, gl/m4/extensions.m4,
	gl/m4/fclose.m4, gl/m4/float_h.m4, gl/m4/fseeko.m4,
	gl/m4/ftello.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/getpagesize.m4, gl/m4/getpass.m4,
	gl/m4/gettime.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
	gl/m4/hostent.m4, gl/m4/include_next.m4, gl/m4/inet_ntop.m4,
	gl/m4/inet_pton.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
	gl/m4/ioctl.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/longlong.m4, gl/m4/lseek.m4,
	gl/m4/malloc.m4, gl/m4/manywarnings.m4, gl/m4/memchr.m4,
	gl/m4/minmax.m4, gl/m4/mmap-anon.m4, gl/m4/multiarch.m4,
	gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4, gl/m4/perror.m4,
	gl/m4/printf.m4, gl/m4/read-file.m4, gl/m4/readline.m4,
	gl/m4/realloc.m4, gl/m4/select.m4, gl/m4/servent.m4,
	gl/m4/size_max.m4, gl/m4/snprintf.m4, gl/m4/socketlib.m4,
	gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
	gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/strerror.m4, gl/m4/string_h.m4,
	gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
	gl/m4/timespec.m4, gl/m4/ungetc.m4, gl/m4/unistd_h.m4,
	gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4, gl/m4/version-etc.m4,
	gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
	gl/memchr.c, gl/minmax.h, gl/netdb.in.h, gl/netinet_in.in.h,
	gl/perror.c, gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
	gl/printf-parse.h, gl/progname.c, gl/progname.h, gl/read-file.c,
	gl/read-file.h, gl/readline.c, gl/readline.h, gl/realloc.c,
	gl/recv.c, gl/select.c, gl/send.c, gl/setsockopt.c, gl/shutdown.c,
	gl/size_max.h, gl/snprintf.c, gl/socket.c, gl/sockets.c,
	gl/sockets.h, gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h,
	gl/stdint.in.h, gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h,
	gl/stdlib.in.h, gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
	gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/tests/.gitignore, gl/tests/Makefile.am, gl/tests/binary-io.h,
	gl/tests/dummy.c, gl/tests/fcntl.in.h, gl/tests/getpagesize.c,
	gl/tests/init.sh, gl/tests/ioctl.c, gl/tests/macros.h,
	gl/tests/signature.h, gl/tests/sys_ioctl.in.h,
	gl/tests/test-alignof.c, gl/tests/test-alloca-opt.c,
	gl/tests/test-arpa_inet.c, gl/tests/test-binary-io.c,
	gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
	lib/gl/tests/test-stdio.c => gl/tests/test-fcntl-h.c,
	gl/tests/test-fseeko.c, gl/tests/test-ftello.c,
	gl/tests/test-ftello3.c, gl/tests/test-getaddrinfo.c,
	gl/tests/test-getdelim.c, gl/tests/test-getline.c,
	gl/tests/test-gettimeofday.c, gl/tests/test-inet_ntop.c,
	gl/tests/test-inet_pton.c, gl/tests/test-lseek.c,
	gl/tests/test-lseek.sh, gl/tests/test-memchr.c,
	gl/tests/test-netdb.c, gl/tests/test-netinet_in.c,
	gl/tests/test-perror.c, gl/tests/test-perror.sh,
	gl/tests/test-read-file.c, gl/tests/test-select-fd.c,
	gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
	gl/tests/test-select-stdin.c, gl/tests/test-select.c,
	gl/tests/test-snprintf.c, gl/tests/test-sockets.c,
	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
	gl/tests/test-stdint.c, gl/tests/test-stdio.c,
	gl/tests/test-stdlib.c, gl/tests/test-strerror.c,
	gl/tests/test-string.c, gl/tests/test-sys_ioctl.c,
	gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
	gl/tests/test-sys_wait.h, gl/tests/test-time.c,
	gl/tests/test-unistd.c, gl/tests/test-update-copyright.sh,
	gl/tests/test-vasnprintf.c, gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
	gl/tests/test-wchar.c, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
	gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/vasnprintf.c,
	gl/vasnprintf.h, gl/verify.h, gl/version-etc-fsf.c,
	gl/version-etc.c, gl/version-etc.h, gl/w32sock.h, gl/wchar.in.h,
	gl/xsize.h, guile/src/Makefile.am, lib/Makefile.am,
	lib/configure.ac, lib/gcrypt/Makefile.am, lib/gl/Makefile.am,
	lib/gl/alignof.h, lib/gl/alloca.in.h, lib/gl/asnprintf.c,
	lib/gl/asprintf.c, lib/gl/byteswap.in.h, lib/gl/c-ctype.c,
	lib/gl/c-ctype.h, lib/gl/close-hook.c, lib/gl/close-hook.h,
	lib/gl/errno.in.h, lib/gl/float+.h, lib/gl/float.in.h,
	lib/gl/fseeko.c, lib/gl/ftello.c, lib/gl/gettext.h, lib/gl/lseek.c,
	lib/gl/m4/00gnulib.m4, lib/gl/m4/alloca.m4,
	lib/gl/m4/asm-underscore.m4, lib/gl/m4/byteswap.m4,
	lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
	lib/gl/m4/extensions.m4, lib/gl/m4/fcntl-o.m4,
	lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4, lib/gl/m4/ftello.m4,
	lib/gl/m4/func.m4, lib/gl/m4/getpagesize.m4, lib/gl/m4/gettext.m4,
	lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
	lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-common.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/gnulib-tool.m4,
	lib/gl/m4/iconv.m4, lib/gl/m4/include_next.m4,
	lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4, lib/gl/m4/intldir.m4,
	lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
	lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
	lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
	lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
	lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
	lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
	lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
	lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
	lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
	lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
	lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
	lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
	lib/gl/m4/socketlib.m4, lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4,
	lib/gl/m4/sockpfaf.m4, lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4,
	lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4,
	lib/gl/m4/stdlib_h.m4, lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
	lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
	lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
	lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
	lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
	lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
	lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
	lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar_h.m4,
	lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4, lib/gl/m4/xsize.m4,
	lib/gl/malloc.c, lib/gl/memchr.c, lib/gl/memchr.valgrind,
	lib/gl/memmem.c, lib/gl/minmax.h, lib/gl/netdb.in.h,
	lib/gl/override/lib/gc-libgcrypt.c.diff,
	lib/gl/override/lib/gettext.h.diff, lib/gl/printf-args.c,
	lib/gl/printf-args.h, lib/gl/printf-parse.c, lib/gl/printf-parse.h,
	lib/gl/read-file.c, lib/gl/read-file.h, lib/gl/realloc.c,
	lib/gl/size_max.h, lib/gl/snprintf.c, lib/gl/sockets.c,
	lib/gl/sockets.h, lib/gl/stdbool.in.h, lib/gl/stddef.in.h,
	lib/gl/stdint.in.h, lib/gl/stdio-impl.h, lib/gl/stdio-write.c,
	lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
	lib/gl/strcasecmp.c, lib/gl/string.in.h, lib/gl/strings.in.h,
	lib/gl/strncasecmp.c, lib/gl/strverscmp.c, lib/gl/sys_socket.in.h,
	lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
	lib/gl/tests/binary-io.h, lib/gl/tests/dummy.c,
	lib/gl/tests/getpagesize.c, lib/gl/tests/init.sh,
	lib/gl/tests/intprops.h, lib/gl/tests/macros.h,
	lib/gl/tests/signature.h, lib/gl/tests/test-alloca-opt.c,
	lib/gl/tests/test-binary-io.c, lib/gl/tests/test-binary-io.sh,
	lib/gl/tests/test-byteswap.c, lib/gl/tests/test-c-ctype.c,
	lib/gl/tests/test-errno.c, lib/gl/tests/test-fseeko.c,
	lib/gl/tests/test-fseeko.sh, lib/gl/tests/test-fseeko2.sh,
	lib/gl/tests/test-ftello.c, lib/gl/tests/test-ftello.sh,
	lib/gl/tests/test-ftello2.sh, lib/gl/tests/test-ftello3.c,
	lib/gl/tests/test-func.c, lib/gl/tests/test-memchr.c,
	lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
	lib/gl/tests/test-snprintf.c, lib/gl/tests/test-sockets.c,
	lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
	lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdlib.c,
	lib/gl/tests/test-string.c, lib/gl/tests/test-strings.c,
	lib/gl/tests/test-strverscmp.c, lib/gl/tests/test-sys_socket.c,
	lib/gl/tests/test-sys_stat.c, lib/gl/tests/test-sys_wait.h,
	lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
	lib/gl/tests/test-vasnprintf.c, lib/gl/tests/test-vasprintf.c,
	lib/gl/tests/test-verify.c, lib/gl/tests/test-verify.sh,
	lib/gl/tests/test-vsnprintf.c, lib/gl/tests/test-wchar.c,
	lib/gl/tests/zerosize-ptr.h, lib/gl/time.in.h, lib/gl/time_r.c,
	lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/vasnprintf.h,
	lib/gl/vasprintf.c, lib/gl/verify.h, lib/gl/vsnprintf.c,
	lib/gl/w32sock.h, lib/gl/wchar.in.h, lib/gl/xsize.h,
	lib/gnutls_int.h, lib/minitasn1/Makefile.am,
	lib/nettle/Makefile.am, lib/opencdk/Makefile.am,
	lib/openpgp/Makefile.am, lib/po/POTFILES.in, lib/x509/Makefile.am,
	libextra/Makefile.am, libextra/configure.ac,
	libextra/gl/Makefile.am, libextra/gl/gnulib.mk,
	libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
	libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
	libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
	libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
	libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
	libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
	libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
	libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
	libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
	libextra/gl/override/lib/md5.c.diff, libextra/m4/hooks.m4, {lib/m4
	=> m4}/hooks.m4, {lib/po => po}/LINGUAS, {lib/po => po}/Makevars,
	po/POTFILES.in, {lib/po => po}/cs.po.in, {lib/po => po}/de.po.in,
	{lib/po => po}/fr.po.in, {lib/po => po}/it.po.in, {lib/po =>
	po}/ms.po.in, {lib/po => po}/nl.po.in, {lib/po => po}/pl.po.in,
	{lib/po => po}/sv.po.in, {lib/po => po}/vi.po.in, {lib/po =>
	po}/zh_CN.po.in, src/Makefile.am, tests/suite/Makefile.in: Use a
	single configure.ac. This speed ups compilation and reduces
	duplication of code (multiple gl/ libraries etc.).  This saves about
	2mb in distributed size (compressed).

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: Avoid using readline.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: initialized ret in _gnutls_writev_emu().

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h: doc fix

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: removed unneeded variable.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: Corrected check for an unknown sign algorithm.
	Patch by LRN.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/output.c: Do not use %e in strftime. Use %d instead
	which is identically available in windows as well.  Based on patch
	by LRN.

2011-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c, tests/certuniqueid.c: Fixed mismatch in size_t
	size. Patch by LRN.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c, lib/system_override.c: Correctly set errno in win32
	using gnutls_transport_set_global_errno(). Based on patch by LRN.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/eagain-common.h, tests/mini-eagain-dtls.c,
	tests/mini-eagain.c, tests/mini.c: Avoid using
	gnutls_transport_set_global_errno() and use
	gnutls_transport_set_errno() instead.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system_override.c: win32 fixes for set_global_errno().
	Suggested by LRN.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: Win32 changes for benchmark. Patch by LRN.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
	tests/pskself.c, tests/resume.c, tests/rng-fork.c, tests/x509dn.c,
	tests/x509self.c: win32 fixes. Patch by LRN.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: minor modification in write_emu().

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/literal.c, lib/opencdk/main.h, lib/opencdk/misc.c: 
	simplified cdk_trim_string() to make it safer to use.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c: correctly reset params.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c, lib/x509/x509.c: use correct pointer size.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: correctly compare sign algorithm_st.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/Makefile.am, lib/opencdk/context.h,
	lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
	lib/opencdk/verify.c: removed unused code

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c: null terminate the armored string

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: properly null terminate string.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/pkcs11.c: check PIN size.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/srptool.c: check salt size.

2011-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/read-packet.c: more clear bounds checking

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: initialize e and d.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: deinitialize pks variable only when needed.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/pgpverify.c: Initialize verify.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: initialize session_id_size.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/misc.c, lib/opencdk/opencdk.h: removed unneeded
	function.

2011-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pakchois/pakchois.c: correctly traverse slots

2011-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/src/core.c: avoid using a freed pointer.

2011-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Initialize tinfo using the initially available
	information.

2011-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: corrected debugging info.

2011-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/eagain-common.h, tests/mini-eagain-dtls.c,
	tests/mini-eagain.c, tests/mini.c: The mini-* programs were
	combined.

2011-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Do not cleanup bufel after it has been
	inserted into buffer.

2011-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mbuffers.c: Combined dequeue with remove_front() and
	pop_first().

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am: Compile ex-cert-select-pkcs11 as a
	separate program.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, lib/gnutls_buffers.c, lib/gnutls_dtls.c,
	lib/gnutls_int.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/system.h, tests/Makefile.am,
	tests/eagain-common.h, tests/mini-eagain-dtls.c,
	tests/mini-eagain.c, tests/utils.c: Added support for non-blocking
	DTLS.  Added mini-eagain-dtls to test its operation.  Improved
	mini-eagain.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/init.c: gcrypt.h is not really needed. Reported by
	David Reiser.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/srptool.c: corrected header inclusion.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/{crypt-gaa.c => srptool-gaa.c},
	src/{crypt-gaa.h => srptool-gaa.h}, src/{crypt.c => srptool.c},
	src/{crypt.gaa => srptool.gaa}: crypt.* renamed to srptool.*.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_srp.c: Corrected bug in gnutls_srp_verifier() that
	prevented the allocation of a verifier. Reported by Andrew Wiseman.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.c, src/crypt.gaa: 
	Added debug option to srptool.

2011-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: Documented p11-kit.

2011-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-library.texi: corrected typo

2011-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/scripts/common.sh: Added copyright.

2011-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/dsa/testdsa,
	tests/openpgp-certs/testcerts, tests/scripts/Makefile.am,
	tests/scripts/common.sh: Reorganized scripts that use test servers,
	based on patch by Cedric Arbogast.

2011-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool.gaa: Create certificate request
	with stricter permissions. Reported by Luca Capello.

2011-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-certs/Makefile.am: enabled testcerts.

2011-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-certs/testcerts: made more silent.

2011-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa, tests/openpgp-certs/testcerts: Made scripts
	bourne shell compliant and not bash.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: e-mail addresses are not directly recognizable.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/stream.c: Corrected access to freed memory location.
	Reported by Vitaly Kruglikov.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: added Mark and Vitaly to THANKS.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.c: Corrected windows system_errno() function. Reported
	and patch by Mark Brand.

2011-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h: C++ compatibility fix for compat.h.
	Suggested by Mark Brand.

2011-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/verify.c: Corrected uninitialized var deinitiation.
	Reported by Vitaly Kruglikov.

2011-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: eliminate compiler warning. Reported by Andreas
	Metzler.

2011-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/pgp.c, lib/openpgp/privkey.c: Fix size of
	gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE
	definition.  Reported by Andreas Metzler.

2011-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: included news of 2.12.0

2011-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/tests/Makefile.am: added missing files.

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
	lib/pkcs11.c, lib/x509/crl.c: documentation fixes.

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa: Added DSA tests for client certificates as
	well.

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_handshake.c,
	lib/gnutls_sig.c, lib/includes/gnutls/abstract.h, lib/x509/verify.c: 
	Simplified signature algorithm selection.

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: The processed messages go to stdout.

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: updated documentation

2011-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_int.h,
	lib/includes/gnutls/gnutls.h.in: Increased GNUTLS_MAX_ALGORITHM_NUM
	to 32. The gnutls_*_list() functions generate the list of algorithm
	on the spot and no longer require a static duplicate list of
	algorithms. This comes at a cost of not being thread safe (which is
	not significant since those functions are only used for special
	purposes).

2011-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: corrected parameter.

2011-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
	lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/x509/privkey.c: 
	Documentation fixes and cleanups.

2011-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: define variable locally

2011-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: use IP_DONTFRAG if it is defined.

2011-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
	lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_int.h, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in, lib/system.c, lib/system.h,
	src/cli.c, src/common.h, src/serv.c, src/udp-serv.c: Avoided waiting
	for peer's retransmission to ensure receipt of finished messages,
	and used a 'timer'-like to retransmit packets.

2011-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map: 
	added gnutls_dtls_get_data_mtu().

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dsa/testdsa: make gnutls-cli more quiet.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/dsa/Makefile.am,
	tests/dsa/cert.dsa.1024.pem, tests/dsa/cert.dsa.2048.pem,
	tests/dsa/cert.dsa.3072.pem, tests/dsa/dsa.1024.pem,
	tests/dsa/dsa.2048.pem, tests/dsa/dsa.3072.pem, tests/dsa/testdsa,
	tests/suite/Makefile.in: Added test to verify connections with DSA
	keys of various sizes.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: warn on generation of DSA keys of over 1024 bits.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_sig.c,
	lib/includes/gnutls/gnutls.h.in: Return a special error code if DSA
	keys with over 1024 are being used with TLS 1.x, x<2.

2011-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: truncate hash size when asking to sign or verify
	DSA with a longer hash.

2011-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/system.c: Check for rejected connections
	in system_recv_timeout().

2011-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system_override.c: quickly discuss callback format.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: When sending multiple cookies due to
	verification errors do not increase the handshake sequence number
	only the record sequence.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: updated Jonathan

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-auth.c: Added check for RSA ciphersuite in openpgp
	keys.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/privkey.c: read correct algorithm when decrypting data
	and use correct number of private parameters.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_extra.c: added missing ret.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: Set type when sending empty openpgp key.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c, tests/Makefile.am, tests/rng-fork.c: Corrected
	nettle's RNG behavior on fork and added a test case.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/tests/openpgp-auth.scm: enabled RSA and removed debugging.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/openpgp/gnutls_openpgp.c,
	tests/openpgp-auth.c, tests/openpgp-auth2.c: gnutls_pubkey_t and
	gnutls_privkey_t can import either an openpgp subkey or a master
	key.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* guile/tests/openpgp-auth.scm, guile/tests/openpgp-elg-pub.asc,
	guile/tests/openpgp-elg-sec.asc, guile/tests/openpgp-keys.scm,
	guile/tests/openpgp-pub.asc, guile/tests/openpgp-sec.asc: split the
	pgp keys to elgamal and dsa.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/openpgp/pgp.c, lib/openpgp/privkey.c: introduced
	GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: On unknown public key algorithms return
	Unknown name.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: Read the public key algorithm from the
	selected subkey and not the master key when importing to a
	gnutls_privkey.

2011-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/gnutls_openpgp.c, tests/openpgpself.c: Documentation
	fixed. Added fresh keys to test.

2011-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgpself.c: Test openpgp authentication with DSA-2048 bit
	keys as well.

2011-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/pgp.c: gnutls_openpgp_crt_get_auth_subkey() will no
	longer return an unsupported subkey.

2011-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: Corrected verification of DSA-2048 keys.
	Reported by teddy@fukt.bsnet.se.

2011-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Added
	gnutls_transport_set_vec_push_function().

2011-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/includes/gnutls/dtls.h, lib/libgnutls.map,
	src/udp-serv.c: updated cookie negotiation to use only a prestate
	structure and avoids setting data to cookie.

2011-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Use DTLS 1.0 instead of SSL 3.0 headers on
	client hello in DTLS.

2011-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_errors.c,
	lib/includes/gnutls/dtls.h, lib/libgnutls.map, src/udp-serv.c: Added
	photuris-like resource protection on the server. Added
	gnutls_dtls_cookie_send(), gnutls_dtls_cookie_verify() and
	gnutls_dtls_cookie_set() to avoid initializing a session before
	cookie is verified.

2011-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c, lib/ext_session_ticket.c,
	lib/includes/gnutls/gnutls.h.in: added gnutls_key_generate() to API.

2011-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_session_ticket.c: Avoid the usage of structures where the
	attribute packed is assumed.

2011-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c: renamed gnutls_handshake_buffer_* functions
	to gnutls_handshake_hash_buffer_* to separate from new API functions
	and corrected its usage.

2011-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Added DSA-SHA256, DSA-SHA224 and
	RSA-SHA224 to the supported signature algorithms list. Suggested by
	teddy@fukt.bsnet.se

2011-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c, lib/gnutls_constate.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_v2_compat.c: 
	session->internals.compression_method was removed. It was no longer
	required since the new compression algorithm was stored to next
	epoch as well.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
	lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_state.h: 
	_gnutls_is_dtls() is no more. IS_DTLS() is being used instead.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_session_ticket.c: do not print debugging output on
	non-fatal errors.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_session_ticket.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_constate.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_record.c: 
	Properly reset the SSL 3.0 MAC algorithm.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_errors.h,
	lib/gnutls_handshake.c, lib/x509/verify-high.c: cleanups. Introduced
	gnutls_assert_val_fatal() that only prints debugging messages on
	non-fatal errors.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c: Added string for GNUTLS_A_SSL3_NO_CERTIFICATE.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: 
	gnutls_version_has_variable_padding is not really needed. A check
	for SSL3.0 is more clear.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_constate.c,
	lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_v2_compat.c: 
	Corrected SSL2 client hello handling.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: do not set default record version (i.e. SSL
	3.0) during a re-handshake.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: default behavior is to send SSL3.0 client
	hellos.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: 
	corrected ssl3 record version sending in client hello.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-intro-tls.texi, lib/gnutls_buffers.c,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
	lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: gnutls_transport_set_lowat() is no more.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c: some cleanups

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c: 
	gnutls_x509_trust_list_verify_crt shortens the provided certificate
	list based on the existing trusted CAs.

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutlsxx.cpp,
	lib/includes/gnutls/compat.h, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
	lib/libgnutls.map, libextra/includes/gnutls/openssl.h, src/cli.c,
	src/serv.c: gnutls_init_dtls() was made redundant. The same for
	gnutls_end_connection_t which was replaced by a flags integer..

2011-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_psk.c, lib/auth_psk.h, lib/ext_session_ticket.c,
	lib/ext_srp.c, lib/gnutls_sig.c, lib/gnutls_x509.c,
	lib/pkcs11_int.h, lib/system.c, lib/system.h, lib/x509/mpi.c,
	lib/x509/verify.c, src/certtool-common.h, src/certtool.c,
	src/common.c, src/pkcs11.c, src/udp-serv.c: Corrected types.

2011-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
	src/udp-serv.c, src/udp-serv.h: Added --mtu option.

2011-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: properly re-generate headers of fragmented
	packets.

2011-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: increased initial retransmission time to 1
	sec.

2011-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: In DTLS do not hash messages that
	shouldn't be hashed (i.e. hello verify request).

2011-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: Corrected size check in block encrypted
	records.

2011-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_handshake.c: Corrected behavior
	in normal TLS handshake.

2011-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/Makefile.am: link libgnutls-extra against libgcrypt if
	required. Based on patch by Andreas Metzler
	<ametzler@downhill.at.eu.org>

2011-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/m4/hooks.m4, libextra/Makefile.am: increased the so
	version of libgnutls-openssl.

2011-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_session_ticket.c, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cipher.c, lib/gnutls_dtls.c,
	lib/gnutls_errors.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h, lib/gnutls_record.c,
	lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_v2_compat.c,
	lib/includes/gnutls/gnutls.h.in: Added intermediate handshake layer
	that will order handshake packets and drop duplicates.

2011-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: handle non fatal errors when receiving record
	headers.

2011-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: memcpy -> memmove.

2011-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_int.h: removed GMAX

2011-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Allow providing no password for PKCS #12 structure
	generation. Reported by Daniel Kahn Gillmor.

2011-03-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: consistently print all interactive questions
	to stderr. Reported by Daniel Kahn Gillmor.

2011-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
	lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
	lib/gnutls_record.c, lib/gnutls_state.c: combined all the record
	buffers in one.

2011-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
	lib/gnutls_int.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
	lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c: 
	internal buffering for record and handshake data changed from
	gnutls_buffers to gnutls_mbuffers.

2011-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls_buffers.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in: Removed last pieces of inner
	application.

2011-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: some cleanups

2011-03-01  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm,
	guile/tests/x509-auth.scm: guile: Change tests to use priority
	strings.

2011-03-01  Ludovic Courtès <ludo@gnu.org>

	* src/Makefile.am: Add `udp-serv.h' to the distribution.

2011-02-28  Andreas Metzler <ametzler@downhill.at.eu.org>

	* lib/libgnutls.map: fix duplicate symbols in version script These three symbols are listed both in the GNUTLS_2_8 and the
	GNUTLS_2_10 section. binutils uses the first occurence, drop the
	second one.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: updates on -ALL priorities.

2011-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_signature.c: Restrict the signature algorithms we
	advertize to SHA1 and SHA256.

2011-02-28  Ludovic Courtès <ludo@gnu.org>

	* lib/includes/Makefile.am: Add `gnutls/dtls.h' to the distribution.

2011-02-27  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/system/documentation/c-snarf.scm: guile: Fix
	docstring extraction with CPP 4.5+.

2011-02-27  Ludovic Courtès <ludo@gnu.org>

	* doc/Makefile.am: Pass the right CPPFLAGS when building Guile doc.

2011-02-27  Ludovic Courtès <ludo@gnu.org>

	* doc/cha-intro-tls.texi, guile/src/core.c: Add nodes for the
	subsections of "The TLS Handshake Protocol".

2011-02-27  Ludovic Courtès <ludo@gnu.org>

	* lib/Makefile.am: Add `lib/gnutls_dtls.h' to the distribution.

2011-02-27  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/priorities.scm, guile/src/core.c,
	guile/src/errors.c, guile/src/errors.h, guile/tests/Makefile.am,
	guile/tests/priorities.scm: guile: Wrap
	`gnutls_priority_set_direct'; deprecate the old method.

2011-02-27  Ludovic Courtès <ludo@gnu.org>

	* doc/scripts/gdoc, doc/scripts/sort2.pl: Avoid hard-coded
	/usr/bin/perl (trick taken from Gnulib.)

2011-02-27  Ludovic Courtès <ludo@gnu.org>

	* libextra/gnutls_extra.c: Fix LZO-enabled builds.

2011-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: Detect fork() in the random number generator and
	reseed.

2011-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_state.c: use timeouts closer to DTLS
	RFC.

2011-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/system_override.c: Renamed
	gnutls_transport_set_push_function2() to
	gnutls_transport_set_vec_push_function().

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am, lib/includes/gnutls/compat.h,
	lib/libgnutls.map, lib/x509/crq.c: Remove
	gnutls_x509_crq_get_preferred_hash_algorithm.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Remove dropped functions.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl_write.c: Add deprecated docstring.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Fix deprecated docstring.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/x509/privkey.c: Fix docstring.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pubkey.c: Fix docstring of new function.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c: Fix docstring for deprecated functions.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_sig.c: Make it build.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/privkey.c: Fix docstring of deprecated function.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pubkey.c: Fix docstrinf of new function.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Fix typo.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Improve text.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl.c: Doc fix of new function.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c, lib/gnutls_privkey.c, lib/x509/privkey.c: Fix
	docstring of deprecated functions.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/crq.c,
	lib/x509/sign.c, tests/x509sign-verify.c: Rename
	gnutls_privkey_sign_data2 to gnutls_privkey_sign_data and
	gnutls_privkey_sign_hash2 to gnutls_privkey_sign_hash.  These were added during the 2.11 cycle where we don't promise ABI
	compatibility.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls-crypto-layers.eps: Add doc/gnutls-crypto-layers.eps.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Dist gnutls-crypto-layers.*.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Add abstract_int.h.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Ignore more.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Link with -lnettle too.

2011-02-20  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/cha-programs.texi, lib/gnutls_privkey.c,
	lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
	lib/openpgp/pgp.c: Fix syntax-check warnings.

2011-02-22  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls/build/enums.scm: guile: Remove
	GNUTLS_A_INNER_APPLICATION_FAILURE and
	GNUTLS_A_INNER_APPLICATION_VERIFICATION.

2011-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session_pack.c: store entities as numbers to avoid
	issues in big-little endian machines.

2011-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: documented the DTLS sequence particularities.

2011-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_handshake.c,
	lib/gnutls_record.c, lib/gnutls_record.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/udp-serv.c: 
	Added gnutls_record_recv_seq() that can return the sequence number
	of the record packet, in addition to data.

2011-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: reorganized and simplified gnutls_recv_int().
	It will discard invalid DTLS packets.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.h, lib/gnutls_record.c: Discard messages that
	contain a different epoch than the current one.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: renamed internal function to reflect
	functionality.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c: 
	Implemented a sliding window-like thing to discard replayed packets.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: gnutls-cli shouldn't print errors on EAGAIN and
	INTERRUPTED.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_num.c: corrected uint48pp.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c, lib/gnutls_mbuffers.c, lib/gnutls_state.c: 
	Epoch garbage collector is being run when handshake is being cleaned
	up.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.c,
	lib/gnutls_state.c: skip replays in handshake packets.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Forbid SSL v.2 client hello in DTLS.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_int.h: removed unneeded
	variables.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_constate.h, lib/gnutls_dtls.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_mbuffers.c: 
	Cleanups in combination of DTLS and TLS buffers.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/auth_srp.c, lib/gnutls_algorithms.c, lib/gnutls_dh_primes.c,
	lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_sig.c,
	lib/opencdk/main.h, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c, lib/x509/common.c, lib/x509/dn.c,
	lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c,
	lib/x509/verify.c, lib/x509/x509_write.c, lib/x509_b64.c: 
	gnutls_x509_log replaced with gnutls_audit_log.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_dtls.c,
	lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_state.h: Return a
	more precise mtu unit to applications.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/udp-serv.c: restart handshake on signals.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_constate.h, lib/gnutls_dtls.c: 
	reference counting in epochs is being done using functions.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_compress.c, lib/gnutls_dtls.c,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
	lib/includes/gnutls/dtls.h, lib/libgnutls.map: Added
	gnutls_dtls_g/set_mtu() to allow setting and getting the DTLS mtu
	from application.

2011-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
	lib/gnutls_int.h, lib/gnutls_state.c: Combined DTLS buffers and
	normal TLS buffers.

2011-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/ext_session_ticket.c, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c,
	lib/system.h, lib/system_override.c, src/Makefile.am,
	src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
	src/udp-serv.c, src/udp-serv.h: Changes to allow DTLS server side to
	operate. Added a simple UDP server on gnutls-serv.  Server other
	cleanups.

2011-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c, lib/gnutls_errors.c, lib/gnutls_int.h,
	lib/gnutls_state.c, lib/includes/gnutls/dtls.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: Allow
	setting the DTLS timeouts explicitly.

2011-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated.

2011-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/debug.c, lib/gnutls_algorithms.c,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_dtls.c, lib/gnutls_dtls.h,
	lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_mbuffers.h, lib/gnutls_num.c, lib/gnutls_num.h,
	lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/system.c, lib/system.h,
	src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Several
	updates for DTLS (client side only) to work.

2011-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/main.h: Increased level of opencdk debug messages.

2011-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: DSA keys in TLS 1.x, x<2 and SSL 3.0 use SHA-1
	as hash. That is we reverted to previous gnutls behavior. That
	violates DSS but all implementations handle it like that.

2011-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_dtls.c,
	lib/gnutls_dtls.h, lib/gnutls_handshake.c, lib/gnutls_int.h: use
	similar API when caching messages in DTLS or TLS.

2011-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: corrected is_version_supported().

2011-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c: 
	Simplified _gnutls_recv_handshake().

2011-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_dtls.c, lib/gnutls_handshake.c: ciphersuites have a bit
	that indicates whether they are usable with DTLS or not.

2011-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe.c, lib/gnutls_algorithms.c, lib/gnutls_cipher.c: fix
	for dtls.

2010-10-02  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_num.c,
	lib/gnutls_num.h: dtls: Add uint48 handling functions.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-10-02  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_record.c: dtls: Bring epoch choice on receive closer to
	the first usage.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-24  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Add DTLS
	support to command-line client.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-17  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_constate.c: dtls: Write epoch to sequence number.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c: dtls: Send consistent a client_random.  This is necessary when challenged by HelloVerifiyRequest as we MUST
	send the same client parameters.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-05  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h: dtls: Limit the number
	of HelloVerifyRequest round trips.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-05  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_dtls.c, lib/gnutls_handshake.c: dtls: TEMP: Sprinkle
	transmits.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-05  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h: dtls: Do
	HANDSHAKE_HELLO_VERIFY_REQUEST processing.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-05  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c: dtls: Add
	_gnutls_recv_hello_verify_request.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-05  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_record.c: Decrypt using the proper sequence number.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-05  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher.h: dtls: Use proper record
	sequence for DTLS decrypt.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: corrected extdatalen

2010-09-05  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: dtls: Read whole datagrams.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-03  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c: dtls: Queue outgoing handshake messages in
	the retransmission layer.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-03  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_dtls.c, lib/gnutls_dtls.h: Add outgoing flight buffer
	handling code.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-03  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_errors.h: Define _gnutls_dtls_log for DTLS.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-03  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_int.h, lib/gnutls_state.c: Add structures for the
	buffered outgoing flight.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-03  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_int.h, lib/gnutls_state.c: Add state for handshake mtu.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-03  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c: dtls: Fixup outgoing ClientHello hashing.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-03  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h: Add proper handshake
	outgoing sequence number.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-03  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/Makefile.am, lib/gnutls_dtls.c, lib/gnutls_dtls.h: Add
	gnutls_dtls.{c,h}.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-02  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c: dtls: Remove unsuitable ciphers.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-07-28  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/debug.c, lib/gnutls_handshake.c,
	lib/includes/gnutls/gnutls.h.in: dtls: Add hanshake fragment headers
	when sending handshake.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-07-28  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_cipher.c, lib/gnutls_int.h, lib/gnutls_record.c: dtls:
	Add epoch and sequence number to DTLS packets.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-07-28  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_record.c: Use increment functions for sequence number.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-07-27  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_int.h, lib/gnutls_num.c, lib/gnutls_num.h,
	lib/gnutls_record.c: dtls: Add types and operations required for the
	DTLS epoch and sequence.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-07-29  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_algorithms.c, lib/gnutls_priority.c: Make version
	lookup transport dependent.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-08-03  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_state.h: dtls: Add _gnutls_is_dtls to check if a
	session uses DTLS.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-07-25  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_int.h, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Add
	gnutls_init_dtls function.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-07-25  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_int.h: Add DTLS state.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2009-07-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in: Add
	DTLS1.0 protocol entry.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-17  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/ext_session_ticket.c, lib/gnutls_handshake.c,
	lib/gnutls_kx.c, lib/gnutls_mbuffers.h: Allocate session buffers of
	size, depending on type of session.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-25  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_constate.c: Harmonize "d" argument between constate.c
	and compress.c.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-24  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* src/cli-gaa.c, src/cli.gaa: Fix typo.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-21  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_num.h: Parenthesize UINT64DATA again.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2011-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: reorganization of ciphersuite discussion.

2011-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Allow using the minus "-" in the -ALL
	priority strings.

2011-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Added fixme note on TLS 1.2 PRF per
	ciphersuite.

2011-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: The safe renegotiation ciphersuite is not
	required to be registered.

2011-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe_psk.c: Corrected bug in DHE-PSK in freeing
	username/key.

2011-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Added ciphersuites (from RFC5487):
	TLS_PSK_WITH_AES_128_GCM_SHA256 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
	TLS_PSK_WITH_AES_128_CBC_SHA256 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
	TLS_PSK_WITH_NULL_SHA256 TLS_DHE_PSK_WITH_NULL_SHA256

2011-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_extensions.c, lib/gnutls_sig.c: Corrected
	signature generation and verification in the Certificate Verify
	message when in TLS 1.2. Reported by Todd A. Ouska.

2011-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: removed duplicate assignments.

2011-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: upgraded to nettle's new GCM API.

2011-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: increased the C++ library current version.

2011-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutlsxx.cpp: The C++ interface returns exception on
	every error and not only on fatal ones. This allows easier handling
	of errors.

2011-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h: removed the old
	set_priority functions.

2011-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: removed more deprecated stuff.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openssl.c, libextra/includes/gnutls/openssl.h: 
	updated openssl layer to new priority functions (untested).

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: removed unused variable.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_sig.c: Allow DSA2 even in protocols before TLS
	1.2.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: set the psk callback only if username/key were not
	supplied at command line.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_pk.c,
	lib/gnutls_sig.c: In TLS 1.2 under DSS use the hash algorithm
	required by DSS.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/openpgp-auth.c, tests/openpgp-auth2.c: 
	Added new test openpgp-auth2.c that tests openpgp under TLS1.2 and
	DSS as well.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/anonself.c, tests/dhepskself.c, tests/mini-eagain.c,
	tests/mini.c, tests/openpgp-auth.c, tests/pskself.c, tests/resume.c: 
	Modernized the test applications that now use the
	gnutls_priority_set_direct().

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: 
	deprecated gnutls_*_set_priority().

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/ext_cert_type.c, lib/ext_max_record.c,
	lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
	lib/ext_session_ticket.c, lib/ext_signature.c, lib/ext_srp.c,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_pk.c,
	lib/gnutls_sig.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/pk.c: The extensions
	code is now using the gnutls_buffer_st.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/x509/x509_int.h: Added sha224 to the
	list of MACs.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: The PSK and SRP key exchange algorithms are
	not included in the preset priority strings.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe_psk.c,
	lib/auth_psk.c, lib/auth_psk.h: Callback function is being called in
	both PSK-DHE and PSK.  Using the callback function will not
	overwrite the credentials, which were wrongly being overwritten
	using the retrieved username/key.  The credentials structure is now
	accessed for reading only, as it should have been.

2011-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: bumped version.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-programs.texi: Added documentation on p11tool.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi, doc/cha-library.texi,
	doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
	lib/gnutls_priority.c, src/common.c: Moved documentation of priority
	strings to manual and removed information from manpages and function
	pages that now reference the manual section.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_cert.c, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_rsa.c, lib/gnutls_auth.h, lib/gnutls_kx.c,
	lib/gnutls_str.c, lib/gnutls_str.h: Simplified code in
	authentication methods by using gnutls_buffer_st instead of
	malloc/realloc.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in: Combined
	same functions.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/ext_signature.c,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Several updates in
	signature algorithms parsing and sending to avoid sending invalid
	signature algorithms.

2011-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Removed unused debugging code.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: Removed unneeded initialization.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-auth.texi, doc/cha-programs.texi, lib/Makefile.am,
	lib/gnutls_psk_netconf.c, lib/includes/gnutls/compat.h: Removed
	gnutls_psk_netconf_derive_key.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cert.c, lib/includes/gnutls/compat.h: Removed
	gnutls_certificate_verify_peers.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_state.c, lib/includes/gnutls/compat.h: Removed
	gnutls_session_set_finished_function().

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/includes/gnutls/gnutls.h.in: Removed
	remaining TLS/IA stuff.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.gaa, src/serv-gaa.c,
	src/serv-gaa.h, src/serv.gaa: Removed more leftovers from opaque PRF
	output.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Corrected return message from
	check_recv_type().

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mac.c: Removed upper limit on MAC algorithm key.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: improved premature_termination error message

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/reference/Makefile.am, lib/libgnutls.map: Removed leftovers
	from OPRFI extension.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_errors.c, lib/gnutls_record.c,
	lib/includes/gnutls/gnutls.h.in: gnutls_recv() returns
	GNUTLS_E_PREMATURE_TERMINATION on EOF.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/common.c, src/common.h, src/serv-gaa.c, src/serv-gaa.h,
	src/serv.c, src/serv.gaa: Removed deprecated option such as
	--protocols, ciphers etc.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: not untested.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: Set correct iv in GCM.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_int.h: Cleanups and moved
	definitions to gnutls_int.h. AEAD modes now use the record packet
	counter as nonce.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: Reset GCM mode when setting IV.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Added more GCM ciphersuites (DHE-* and
	anonymous).

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: updated priorities. Removed ARCFOUR from
	the secure ciphersuites and moved GCM to bottom of the ciphers in
	performance.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/crypto-api.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
	lib/libgnutls.map, src/benchmark.c: Added gnutls_cipher_add_auth()
	gnutls_cipher_tag() to export the GCM interface. Updated the
	benchmark.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: removed
	gnutls_certificate_get_openpgp_keyring().

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c: minor optimizations.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: inlined several small
	functions.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_sig.c: 
	Better error checking on SSL3.

2011-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: calculation for c_length occurs in a single
	place.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: unstable -> untested.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mac.c: Increase the maximum HMAC key to account for
	anonymous ciphersuites.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c: check the error of hash set_key.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_kx.c: do not use strlen for fixed string.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated NEWS on GCM mode.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: Use nettle's new API for GCM.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: removed old comment

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/cha-functions.texi,
	doc/cha-gtls-app.texi, doc/examples/Makefile.am,
	doc/examples/ex-client-tlsia.c, lib/gnutls_kx.c,
	libextra/Makefile.am, libextra/ext_inner_application.c,
	libextra/ext_inner_application.h, libextra/gnutls_extra.c,
	libextra/gnutls_ia.c, libextra/libgnutls-extra.map,
	tests/Makefile.am, tests/tlsia.c: Removed inner application
	extension.

2011-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: 
	gnutls_certificate_verify_peers is deprecated.

2011-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gcrypt/mac.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_constate.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c: Added
	support for GCM ciphersuites (not tested with other implementation).

2011-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: Added missing definitions (GNUTLS_MASTER_SIZE
	etc).

2011-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_state.c, lib/includes/gnutls/compat.h: Removed:
	gnutls_session_get_server_random, gnutls_session_get_client_random,
	gnutls_session_get_master_secret

2011-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/build-aux/config.rpath, tests/suite/Makefile.in: updated.

2011-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls.pc.in, lib/m4/hooks.m4: Add the nettle
	libs into gnutls.pc.

2011-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cert.c, lib/gnutls_extensions.c,
	lib/includes/gnutls/compat.h, lib/m4/hooks.m4: Removed functions:
	gnutls_ext_register, gnutls_certificate_get_x509_crls,
	gnutls_certificate_get_x509_cas and bumped library version number.

2011-02-05  Andreas Metzler <ametzler@downhill.at.eu.org>

	* lib/configure.ac, lib/gnutls.pc.in, lib/m4/hooks.m4: [PATCH 1/4]
	adapt pkg-config file for switch from AM_PATH_LIBGCRYPT to
	AC_LIB_HAVE_LINKFLAGS [PATCH 2/4] pkg-config: Move libtasn1 from
	Libs.private to Requires.private since libtasn1 provides a .pc file.
	[PATCH 3/4] pkg-config: drop @LIBGNUTLS_LIBS@ from Libs.private.
	This library only contains gnutls itself nowadays, which is in Libs
	already.  [PATCH 4/4] pkg-config: If gnutls is built with zlib
	support list zlib in Requires.private.

2011-02-04  Simon Josefsson <simon@josefsson.org>

	* doc/cha-ciphersuites.texi, doc/signatures.texi: Fix MD2
	documentation.  Suggested by "brian m. carlson" <sandals@crustytoothpaste.net> in
	debian bug #464625.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE: updated coding style.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented gnutls_session_get_* deprecated functions.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509paths/README: updated README on certificate
	verifications that fail.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-common.h, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added new
	functionality to certtool, and can verify certificates against a
	list of CAs using the --verify option.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c, tests/chainverify.c: Time checks were moved to
	_gnutls_verify_certificate2().  This allows for straightforward
	chain verification, and thus better printing of the chain output,
	although some checks might be performed in duplicate. As a
	side-effect better errors are returned (or precisely more
	combinations of verification errors), thus chainverify test was
	affected.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify-high.c: Set memory to zero on allocation.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: fix in contents.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/examples.h: prototype fix.

2011-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-verify.c, lib/gnutls_cert.c,
	lib/includes/gnutls/x509.h, lib/x509/verify-high.c, src/certtool.c: 
	gnutls_x509_trust_list_init() has an extra argument that allows
	fine-tuning of the used memory.

2011-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi: Updated references of rfc5081 to rfc6091.

2011-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/examples/ex-verify.c: Documented the new verification functions.

2011-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, tests/sha2/sha2: Modified output to not confuse
	earlier scripts.

2011-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: Better output when removing certificates from
	list.

2011-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs1-padding/pkcs1-pad: Modified to work on new certtool -e
	output.

2011-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-verify.c, lib/auth_cert.h,
	lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/crl.c, lib/x509/x509.c, src/certtool.c,
	tests/certificate_set_x509_crl.c: The internal subsystem uses the
	new certificate verification functions.  This has the side effect of
	deprecating gnutls_certificate_get_x509_crls() and
	gnutls_certificate_get_x509_cas() that can no longer operation since
	they relied on internal structures.

2011-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, doc/examples/ex-verify.c,
	lib/Makefile.am, lib/hash.c, lib/hash.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/Makefile.am, lib/x509/crl.c, lib/x509/verify-high.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
	src/certtool.c: Added a new API to verify certificates. It is more
	efficient and can be used to get details about the verification
	procedure.

2011-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509paths/chain: better output in chain output.

2011-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/x509/crl.c,
	lib/x509/verify.c, lib/x509/x509.c: exported
	gnutls_x509_crl_get_raw_issuer_dn()

2011-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: corrected typos

2011-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pakchois/pakchois.c: CKR_CRYPTOKI_ALREADY_INITIALIZED is not
	treated as an error, and Finalize is not called in that case.

2011-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
	lib/openpgp/privkey.c: Reverted removal of
	gnutls_openpgp_privkey_sign_hash() to retain compatibility with
	2.10.x. That function is now deprecated instead.

2011-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: Added checks before importing keys and
	updated documentation.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.in: updated Makefile.in

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-crq.c, lib/configure.ac,
	lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, src/certtool.c, tests/crq_key_id.c: 
	fixes in internal build with the new deprecated functions. We allow
	them to be used since they are inter-dependent.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_int.h: replaced old gnutls_pk_algorithm.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h: depends on gnutls/x509.h to compile.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
	lib/x509/crl_write.c: deprecated gnutls_x509_crl_sign(),
	gnutls_x509_crl_sign2() and
	gnutls_x509_crq_get_preferred_hash_algorithm().

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
	lib/x509/crq.c: Deprecated gnutls_x509_crq_sign2() and
	gnutls_x509_crq_sign() in favor for gnutls_x509_crq_privkey_sign().

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/libgnutls.map: minor fixes.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/privkey.c, lib/x509/x509.c,
	src/certtool.c, tests/cve-2009-1415.c, tests/x509sign-verify.c: 
	gnutls_x509_crt_verify_hash: DEPRECATED gnutls_x509_crt_verify_data:
	DEPRECATED gnutls_x509_crt_get_verify_algorithm: DEPRECATED
	gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED Removed the
	new gnutls_x509_privkey_sign_data2() and
	gnutls_x509_privkey_sign_hash2().  That functionality will be only in the abstract.h pubkey and privkey
	structures, to avoid duplication for every certificate type.

2011-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: Simplified macro to snprintf() in order to prevent
	issues caused when snprintf() is a macro itself. Reported and
	initial patch by Camillo Lugaresi.

2011-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.in: Revert "Remove, it is generated." This reverts commit de3a601e502b24f047412a161085f7fbd898b3f3 because
	this file is not automatically generated (not included in top
	Makefile.am).

2011-01-02  Simon Josefsson <simon@josefsson.org>

	* lib/m4/hooks.m4: Specify minimum libgcrypt version.

2010-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: Added discussion on crypto backend for
	crypto libraries and /dev/crypto.

2010-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
	lib/x509/crq.c, lib/x509/privkey.c, lib/x509/sign.c: Renamed
	gnutls_privkey_sign_data() to  gnutls_privkey_sign_data2() to match
	the similar function gnutls_x509_privkey_sign_data2().
	gnutls_x509_privkey_sign_data() was deprecated.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: Extra sanity check.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_passwd.c: Use snprintf() to print an integer.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/output.c: Use snprintf() to print IPs. There was a check
	just before that, but be safe, just in case.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi: Use SRP for password authentication.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, lib/gnutls_cert.c, lib/gnutls_extensions.c,
	lib/gnutls_psk_netconf.c, lib/gnutls_state.c,
	lib/includes/gnutls/compat.h, lib/x509/privkey.c: Do not include
	deprecated functions to library documentation.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
	lib/x509/privkey.c: gnutls_x509_privkey_verify_data() was
	deprecated.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: Documented key usage of pubkey.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: Set public key bits on all import functions.
	Issue reported by Murray Kucheawy.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c: 
	gnutls_pkcs11_privkey_sign_data(),
	gnutls_pkcs11_privkey_sign_hash2() and
	gnutls_pkcs11_privkey_decrypt_data() were removed. The abstract.h
	functions should be used instead.

2010-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_privkey.c, lib/includes/gnutls/openpgp.h,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c: Removed the newly added functions:
	gnutls_openpgp_privkey_sign_hash2(),
	gnutls_openpgp_privkey_sign_data2(),
	gnutls_openpgp_crt_verify_hash() That way the operations in
	abstract.h should be used to get the same functionality, and API
	will be kept simple and easier to maintain. The corresponding
	gnutls_x509_* are kept for backwards compatibility.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: Do not be strict on RSA hash algorithm selection
	for signatures.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.h, lib/gnutls_sig.c, lib/gnutls_x509.c: Removed
	unneeded definitions, and more careful deinitializations in
	parse_der_cert_mem().

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: updated certificates to account
	for extra null byte added in negative numbers.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cve-2009-1415.c: Account for GNUTLS_E_PK_SIG_VERIFY_FAILED.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: Corrected bug in gnutls_privkey_sign_data().

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: some fixes in pk_prepare_hash().

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_pubkey.c, lib/openpgp/pgp.c, lib/x509/privkey.c,
	lib/x509/verify.c, lib/x509/x509.c, tests/x509sign-verify.c: The
	verification functions now return a GNUTLS_E_PK_SIG_VERIFY_FAILED on
	signature verification error.

2010-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-gaa.c, src/p11tool.gaa: The default input format for
	p11tool is PEM.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: importing a pubkey from raw params will set
	the bits field correctly.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Documented the addtion of gnutls_pubkey_import_privkey() and
	gnutls_pubkey_verify_data()

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map, lib/x509/verify.c, tests/x509sign-verify.c: Added
	gnutls_pubkey_verify_data and test vectors.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/errcodes.c, doc/examples/ex-alert.c,
	doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
	doc/examples/ex-client2.c, doc/examples/ex-crq.c,
	doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
	doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
	doc/examples/examples.h, doc/examples/tcp.c, doc/printlist.c,
	guile/src/core.c, guile/src/extra.c, guile/src/utils.h,
	lib/abstract_int.h, lib/auth_anon.c, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
	lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c,
	lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
	lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
	lib/cryptodev.c, lib/debug.c, lib/ext_cert_type.c,
	lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
	lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
	lib/ext_session_ticket.c, lib/ext_signature.c, lib/ext_signature.h,
	lib/ext_srp.c, lib/gcrypt/cipher.c, lib/gcrypt/init.c,
	lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
	lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_global.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_kx.h, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
	lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_psk.c,
	lib/gnutls_psk_netconf.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_rsa_export.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
	lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
	lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/pkcs12.h,
	lib/includes/gnutls/x509.h, lib/locks.c, lib/nettle/cipher.c,
	lib/nettle/egd.c, lib/nettle/mpi.c, lib/nettle/pk.c,
	lib/nettle/rnd.c, lib/opencdk/armor.c, lib/opencdk/context.h,
	lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/keydb.h,
	lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/main.h,
	lib/opencdk/misc.c, lib/opencdk/new-packet.c,
	lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/stream.h, lib/opencdk/verify.c,
	lib/opencdk/write-packet.c, lib/openpgp/compat.c,
	lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c, lib/pakchois/pakchois.c,
	lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_secret.c,
	lib/pkcs11_write.c, lib/random.c, lib/system.c, lib/system.h,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/pbkdf2-sha1.c, lib/x509/pbkdf2-sha1.h, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
	lib/x509_b64.c, lib/x509_b64.h, libextra/ext_inner_application.c,
	libextra/ext_inner_application.h, libextra/gnutls_extra.c,
	libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
	libextra/includes/gnutls/extra.h,
	libextra/includes/gnutls/openssl.h, libextra/openssl_compat.c,
	libextra/openssl_compat.h, maint.mk, src/benchmark.c,
	src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-common.c,
	src/certtool-common.h, src/certtool.c, src/cli.c, src/common.c,
	src/common.h, src/crypt.c, src/p11tool.c, src/p11tool.h,
	src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
	src/tests.h, src/tls_test.c, tests/anonself.c,
	tests/certificate_set_x509_crl.c, tests/chainverify.c,
	tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
	tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/gc.c,
	tests/mini-eagain.c, tests/mini-x509-rehandshake.c,
	tests/mini-x509.c, tests/mini.c, tests/mpi.c,
	tests/nul-in-x509-names.c, tests/openpgp-auth.c,
	tests/openpgp-keyring.c, tests/openpgp_test.c, tests/openpgpself.c,
	tests/openssl.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
	tests/resume.c, tests/safe-renegotiation/srn0.c,
	tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
	tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
	tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
	tests/simple.c, tests/tlsia.c, tests/utils.c, tests/utils.h,
	tests/x509_altname.c, tests/x509_test.c, tests/x509dn.c,
	tests/x509self.c, tests/x509sign-verify.c: Indented code. Use same
	indentation but with -nut to avoid usage of tabs. In several editors
	tabs can be configured not to be 8 spaces and this produces
	artifacts with the current indentation that is a mixture of tabs and
	spaces.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: _gnutls_privkey_get_public_mpis() handles
	openpgp keys.

2010-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/libgnutls.map: Added
	gnutls_pubkey_import_privkey(), that will copy the public key from a
	gnutls_privkey_t structure.

2010-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/libgnutls.map: Do not export the non-existant symbols
	gnutls_pkcs11_privkey_sign_hash and gnutls_privkey_sign_hash.

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented new functions

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Added new functions.

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map: Added new functions.

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h: 
	de-deprecated gnutls_x509_crt_verify_hash()

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
	lib/openpgp/pgp.c, tests/x509sign-verify.c: Added
	gnutls_openpgp_crt_verify_hash().

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: added
	gnutls_privkey_sign_hash2()

2010-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c: 
	Simplified preparation of signing code.

2010-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_sig.c,
	lib/gnutls_sig.h, lib/openpgp/gnutls_openpgp.h,
	lib/openpgp/privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/x509/Makefile.am, lib/x509/privkey.c, lib/x509/sign.c,
	lib/x509/sign.h: deprecated x509/sign.h and moved functionality of
	it in gnutls_sig.h.

2010-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/sign.c: pk_hash_data() will fail unless DSA or RSA are
	specified.

2010-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: better comments

2010-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/gnutls_openpgp.c, lib/openpgp/privkey.c: 
	reorganization of the privkey_ functions().

2010-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/openpgp/gnutls_openpgp.c, lib/x509/privkey.c: Introduced
	gnutls_*_privkey_sign_hash2() that is a high level function to
	produce signatures.

2010-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
	lib/x509/sign.c, lib/x509/sign.h: Separated the sign_data functions
	to a hashing phase, a preparing phase, and the actual signing.

2010-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented deprecated functions.

2010-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs11.h: All the sign hash functions were
	deprecated.

2010-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h: 
	gnutls_x509_privkey_sign_hash() is dangerous and was deprecated.
	Added some text explaining why some functions were deprecated.

2010-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented previous update.

2010-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c, lib/x509/x509.c: export_raw() functions now
	add leading zero in mpis.

2010-12-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-12-07  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/crypto.h: C++ fixes, tiny patch from "Brendan
	Doherty" <brendand@gentrack.com>.

2010-12-07  Simon Josefsson <simon@josefsson.org>

	* gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/memchr.m4,
	gl/m4/printf.m4, gl/m4/stdint.m4, lib/gl/m4/fcntl-o.m4,
	lib/gl/m4/iconv.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/memchr.m4,
	lib/gl/m4/memmem.m4, lib/gl/m4/printf.m4, lib/gl/m4/stdint.m4: 
	Update gnulib files.

2010-12-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2010-12-07  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2010-12-07  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Don't fail on 'make distcheck'.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.11.6.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_str.c: Indent.

2010-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented SSL 3.0 record version change.

2010-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: 
	SSL3_RECORD_VERSION priority option is now the default. That is in
	order to not confuse non TLS 1.2 compliant implementations that
	don't like a TLS 1.2 record.

2010-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: simplified escape and unescape.

2010-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: Added Michael.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, lib/gnutls_priority.c, lib/gnutls_state.c,
	lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/pkcs11.h, lib/nettle/rnd.c, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_secret.c, lib/pkcs11_write.c,
	lib/x509/verify.c, src/certtool-common.c, src/certtool-common.h,
	src/certtool.c, src/cli.c, src/common.c, src/p11tool.c,
	src/p11tool.h, src/pkcs11.c, src/serv.c, tests/chainverify.c,
	tests/openpgp-auth.c: Indent code.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* maint.mk: Update gnulib files.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* gl/override/top/maint.mk.diff: Remove.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Update.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c, lib/pkcs11_secret.c, src/p11tool.c,
	src/p11tool.gaa: Fix syntax-check nits.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* .x-sc_bindtextdomain: Ignore more.

2010-12-06  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, build-aux/gendocs.sh, build-aux/pmccabe.css,
	build-aux/pmccabe2html, gl/Makefile.am, gl/arpa_inet.in.h,
	gl/float+.h, gl/gettext.h, gl/inet_ntop.c, gl/intprops.h,
	gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/mmap-anon.m4, gl/m4/printf.m4,
	gl/m4/readline.m4, gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4,
	gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4,
	gl/m4/vasnprintf.m4, gl/m4/wchar_h.m4, gl/printf-parse.c,
	gl/printf-parse.h, gl/stdint.in.h, gl/stdio.in.h, gl/stdlib.in.h,
	gl/string.in.h, gl/sys_select.in.h, gl/sys_socket.in.h,
	gl/tests/Makefile.am, gl/tests/init.sh,
	gl/tests/test-select-stdin.c, gl/tests/test-select.c,
	gl/tests/test-update-copyright.sh, gl/time.in.h, gl/unistd.in.h,
	gl/vasnprintf.c, gl/{tests => }/verify.h, gl/wchar.in.h,
	lib/gl/Makefile.am, lib/gl/float+.h, lib/gl/gettext.h,
	lib/gl/m4/alloca.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
	lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
	lib/gl/m4/iconv.m4, lib/gl/m4/memmem.m4, lib/gl/m4/mmap-anon.m4,
	lib/gl/m4/printf.m4, lib/gl/m4/string_h.m4,
	lib/gl/m4/sys_socket_h.m4, lib/gl/m4/unistd_h.m4,
	lib/gl/m4/vasnprintf.m4, lib/gl/m4/wchar_h.m4,
	lib/gl/printf-parse.c, lib/gl/printf-parse.h, lib/gl/stdint.in.h,
	lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/string.in.h,
	lib/gl/sys_socket.in.h, lib/gl/tests/Makefile.am,
	lib/gl/tests/init.sh, lib/gl/tests/intprops.h, lib/gl/time.in.h,
	lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/{tests =>
	}/verify.h, lib/gl/wchar.in.h, libextra/gl/m4/gnulib-common.m4,
	maint.mk: Update gnulib files.

2010-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am: Temporarily remove gendh test. It takes
	extremely long time under valgrind.

2010-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_sig.c, lib/x509/common.c, lib/x509/common.h,
	lib/x509/mpi.c, lib/x509/sign.c, lib/x509/verify.c: Use ASN1_NULL
	when writing parameters for RSA signatures. This makes us comply
	with RFC3279. Reported by Michael Rommel.

2010-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/serv.c: Corrected buffer overflow in gnutls-serv by
	Tomas Mraz.  The gnutls-serv uses fixed allocated buffer for the response which
	can be pretty long if a client certificate is presented to it and
	the http header is large. This causes buffer overflow and heap
	corruption which then leads to random segfaults or aborts.  It was reported originally here:
	https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch changes sprintf calls in peer_print_info() to
	snprintf so the buffer is never overflowed.

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: increased revision

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: Added p11tool.h

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 2.11.5

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: escaped chars.

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: Updated extension writing code. Still not
	clear enough.

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: PKCS #11 fixes

2010-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c: Corrected pkcs11 example
	URLs

2010-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs11.c: Prefix mechanism number with 0x.

2010-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pakchois/pakchois11.h, src/pkcs11.c: Added camellia and
	SHA224.

2010-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/configure.ac, lib/nettle/rnd.c: Use rusage if
	present.  Moved check to correct config and included resource.h
	header.

2010-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: More details on the text

2010-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Corrected copyright statement

2010-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: Corrected copyright header. Added Niels.

2010-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cert.c, lib/includes/gnutls/x509.h,
	lib/x509/verify.c, src/certtool.c, src/cli.c, tests/chainverify.c: 
	Reverted default behavior for verification and introduced
	GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT.  Thus by default V1
	trusted CAs are allowed, unless the new flag is specified.

2010-11-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2010-11-25  Simon Josefsson <simon@josefsson.org>

	* tests/suite/Makefile.in: Remove, it is generated.

2010-11-25  Simon Josefsson <simon@josefsson.org>

	* README: No space at eol.

2010-11-25  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/Makefile.am: Fix syntax-check warning.

2010-11-25  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Ignore tests/suite for syntax-checks, not our code.

2010-11-25  Simon Josefsson <simon@josefsson.org>

	* README: Recommend git format-patch rather than git diff.

2010-11-24  Jeffrey Walton <noloader@gmail.com>

	* README: Attached is a proposed modification to the README file,
	including recent comments by Simon.

2010-11-23  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am: Fix dependencies, fixes parallel builds.  Tiny patch from Graham Gower <graham.gower@gmail.com>.

2010-11-19  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Remove file.

2010-11-19  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2010-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/suite/Makefile.in: Create Makefile in
	tests/suite/

2010-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/psk-gaa.c, src/psk-gaa.h, src/psk.c, src/psk.gaa,
	tests/Makefile.am, tests/netconf-psk.c: Deprecate the netconf
	password and use a key only.

2010-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/gnutls-http-serv: correctly set psk params.

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: added info

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c: Correctly write DSA public key in ASN.1
	(add leading zero). Reported by Jeffrey Walton.

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/mpi.c: cleanups

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/gnutls.h.in: Deprecated the key derivation
	method from netconf. The published RFC does not include this method
	and it is not known whether it has been used at all in practice. No
	need to support it.

2010-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_priority.c: Added SIGN-ALL, CTYPE-ALL, COMP-ALL,
	and VERS-TLS-ALL priority strings.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: Removed redundant error check. Reported by
	Nicolas Kaiser.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.c,
	src/p11tool.gaa, src/p11tool.h, src/pkcs11.c: Added
	--list-mechanisms option to p11tool. Lists all mechanisms supported
	by a token.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, doc/manpages/p11tool.1: Added manpage
	for p11tool.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/certtool.1, doc/manpages/gnutls-cli.1,
	doc/manpages/gnutls-serv.1, doc/manpages/srptool.1: Corrected my
	name.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-gaa.c, src/p11tool.gaa: In p11tool --url was renamed
	to --export.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa,
	src/pkcs11.c: Corrected bug in secret key copy. Rationalized the
	--help of p11tool.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_secret.c: * Corrected flag conversion to internal representation.  * When generating secret keys include a generic key type and a
	random ID.

2010-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa: Added
	option --no-detailed-url to p11tool. More detailed url is the
	default now.

2010-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
	lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_secret.c, lib/pkcs11_write.c, src/pkcs11.c: Added
	gnutls_pkcs11_token_set_pin() and gnutls_pkcs11_token_init() to
	enable manipulating tokens purely from PKCS #11.

2010-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.gaa: Removed README.gaa.

2010-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, src/Makefile.am, src/certtool-common.c,
	src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa, src/p11tool-gaa.c,
	src/p11tool-gaa.h, src/p11tool.c, src/p11tool.gaa, src/p11tool.h,
	src/pkcs11.c: Introduced p11tool to separate PKCS #11 functionality
	from certtool.

2010-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/finished.c: Removed check on deprecated
	feature (finished).

2010-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: 
	Deprecated old functions.

2010-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: use @code for SAFE_RENEGOTIATION string.

2010-06-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Doc fix.

2010-10-16  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Add.

2010-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/safe-renegotiation/Makefile.am,
	tests/suite/Makefile.am, tests/suite/README, tests/suite/eagain,
	tests/suite/ecore/eina_config.h,
	tests/suite/ecore/src/include/Eina.h,
	tests/suite/ecore/src/include/eina_accessor.h,
	tests/suite/ecore/src/include/eina_array.h,
	tests/suite/ecore/src/include/eina_benchmark.h,
	tests/suite/ecore/src/include/eina_binshare.h,
	tests/suite/ecore/src/include/eina_config.h,
	tests/suite/ecore/src/include/eina_convert.h,
	tests/suite/ecore/src/include/eina_counter.h,
	tests/suite/ecore/src/include/eina_cpu.h,
	tests/suite/ecore/src/include/eina_error.h,
	tests/suite/ecore/src/include/eina_file.h,
	tests/suite/ecore/src/include/eina_fp.h,
	tests/suite/ecore/src/include/eina_hamster.h,
	tests/suite/ecore/src/include/eina_hash.h,
	tests/suite/ecore/src/include/eina_inline_array.x,
	tests/suite/ecore/src/include/eina_inline_f16p16.x,
	tests/suite/ecore/src/include/eina_inline_f32p32.x,
	tests/suite/ecore/src/include/eina_inline_f8p24.x,
	tests/suite/ecore/src/include/eina_inline_fp.x,
	tests/suite/ecore/src/include/eina_inline_hash.x,
	tests/suite/ecore/src/include/eina_inline_list.x,
	tests/suite/ecore/src/include/eina_inline_log.x,
	tests/suite/ecore/src/include/eina_inline_mempool.x,
	tests/suite/ecore/src/include/eina_inline_rbtree.x,
	tests/suite/ecore/src/include/eina_inline_rectangle.x,
	tests/suite/ecore/src/include/eina_inline_str.x,
	tests/suite/ecore/src/include/eina_inline_stringshare.x,
	tests/suite/ecore/src/include/eina_inline_tiler.x,
	tests/suite/ecore/src/include/eina_inline_trash.x,
	tests/suite/ecore/src/include/eina_inline_ustringshare.x,
	tests/suite/ecore/src/include/eina_inlist.h,
	tests/suite/ecore/src/include/eina_iterator.h,
	tests/suite/ecore/src/include/eina_lalloc.h,
	tests/suite/ecore/src/include/eina_list.h,
	tests/suite/ecore/src/include/eina_log.h,
	tests/suite/ecore/src/include/eina_magic.h,
	tests/suite/ecore/src/include/eina_main.h,
	tests/suite/ecore/src/include/eina_matrixsparse.h,
	tests/suite/ecore/src/include/eina_mempool.h,
	tests/suite/ecore/src/include/eina_module.h,
	tests/suite/ecore/src/include/eina_quadtree.h,
	tests/suite/ecore/src/include/eina_rbtree.h,
	tests/suite/ecore/src/include/eina_rectangle.h,
	tests/suite/ecore/src/include/eina_safety_checks.h,
	tests/suite/ecore/src/include/eina_sched.h,
	tests/suite/ecore/src/include/eina_str.h,
	tests/suite/ecore/src/include/eina_strbuf.h,
	tests/suite/ecore/src/include/eina_stringshare.h,
	tests/suite/ecore/src/include/eina_tiler.h,
	tests/suite/ecore/src/include/eina_trash.h,
	tests/suite/ecore/src/include/eina_types.h,
	tests/suite/ecore/src/include/eina_unicode.h,
	tests/suite/ecore/src/include/eina_ustrbuf.h,
	tests/suite/ecore/src/include/eina_ustringshare.h,
	tests/suite/ecore/src/lib/Ecore.h,
	tests/suite/ecore/src/lib/Ecore_Getopt.h,
	tests/suite/ecore/src/lib/ecore.c,
	tests/suite/ecore/src/lib/ecore_anim.c,
	tests/suite/ecore/src/lib/ecore_app.c,
	tests/suite/ecore/src/lib/ecore_events.c,
	tests/suite/ecore/src/lib/ecore_exe.c,
	tests/suite/ecore/src/lib/ecore_getopt.c,
	tests/suite/ecore/src/lib/ecore_glib.c,
	tests/suite/ecore/src/lib/ecore_idle_enterer.c,
	tests/suite/ecore/src/lib/ecore_idle_exiter.c,
	tests/suite/ecore/src/lib/ecore_idler.c,
	tests/suite/ecore/src/lib/ecore_job.c,
	tests/suite/ecore/src/lib/ecore_main.c,
	tests/suite/ecore/src/lib/ecore_pipe.c,
	tests/suite/ecore/src/lib/ecore_poll.c,
	tests/suite/ecore/src/lib/ecore_private.h,
	tests/suite/ecore/src/lib/ecore_signal.c,
	tests/suite/ecore/src/lib/ecore_thread.c,
	tests/suite/ecore/src/lib/ecore_time.c,
	tests/suite/ecore/src/lib/ecore_timer.c,
	tests/suite/ecore/src/lib/eina_accessor.c,
	tests/suite/ecore/src/lib/eina_array.c,
	tests/suite/ecore/src/lib/eina_benchmark.c,
	tests/suite/ecore/src/lib/eina_binshare.c,
	tests/suite/ecore/src/lib/eina_chained_mempool.c,
	tests/suite/ecore/src/lib/eina_convert.c,
	tests/suite/ecore/src/lib/eina_counter.c,
	tests/suite/ecore/src/lib/eina_cpu.c,
	tests/suite/ecore/src/lib/eina_error.c,
	tests/suite/ecore/src/lib/eina_file.c,
	tests/suite/ecore/src/lib/eina_fp.c,
	tests/suite/ecore/src/lib/eina_hamster.c,
	tests/suite/ecore/src/lib/eina_hash.c,
	tests/suite/ecore/src/lib/eina_inlist.c,
	tests/suite/ecore/src/lib/eina_iterator.c,
	tests/suite/ecore/src/lib/eina_lalloc.c,
	tests/suite/ecore/src/lib/eina_list.c,
	tests/suite/ecore/src/lib/eina_log.c,
	tests/suite/ecore/src/lib/eina_magic.c,
	tests/suite/ecore/src/lib/eina_main.c,
	tests/suite/ecore/src/lib/eina_matrixsparse.c,
	tests/suite/ecore/src/lib/eina_mempool.c,
	tests/suite/ecore/src/lib/eina_module.c,
	tests/suite/ecore/src/lib/eina_private.h,
	tests/suite/ecore/src/lib/eina_quadtree.c,
	tests/suite/ecore/src/lib/eina_rbtree.c,
	tests/suite/ecore/src/lib/eina_rectangle.c,
	tests/suite/ecore/src/lib/eina_safety_checks.c,
	tests/suite/ecore/src/lib/eina_sched.c,
	tests/suite/ecore/src/lib/eina_share_common.c,
	tests/suite/ecore/src/lib/eina_share_common.h,
	tests/suite/ecore/src/lib/eina_str.c,
	tests/suite/ecore/src/lib/eina_strbuf.c,
	tests/suite/ecore/src/lib/eina_strbuf_common.c,
	tests/suite/ecore/src/lib/eina_strbuf_common.h,
	tests/suite/ecore/src/lib/eina_strbuf_template_c.x,
	tests/suite/ecore/src/lib/eina_stringshare.c,
	tests/suite/ecore/src/lib/eina_tiler.c,
	tests/suite/ecore/src/lib/eina_unicode.c,
	tests/suite/ecore/src/lib/eina_ustrbuf.c,
	tests/suite/ecore/src/lib/eina_ustringshare.c,
	tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
	tests/{safe-renegotiation => suite}/params.dh,
	tests/{safe-renegotiation => suite}/testsrn: Added tests/suite which
	contains tests to be executed during development time and will not
	be distributed (not included in make dist).  Added "ecore" and a new
	mini-eagain to test EAGAIN behavior.

2010-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated .gitignore.

2010-10-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/common.c: gnutls-cli: Print channel binding only in
	verbose mode.  Before it printed it after the 'Compression:' output, thus breaking
	Emacs starttls.el string searches.

2010-10-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2010-10-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2010-10-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.11.4.

2010-10-15  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Rename new symbol prefix after next stable
	branch instead of development branch.

2010-10-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-10-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/cha-bib.texi, doc/cha-gtls-app.texi: Document channel
	binding API.

2010-10-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
	src/common.c: Implement RFC 5929 tls-unique channel binding.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am, lib/gnutls_errors.c,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Add gnutls_session_channel_binding API.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/gendh.c: Add self test gendh to check DH
	generation.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* tests/openpgp-auth.c: Fix compiler warnings.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* guile/tests/Makefile.am, guile/tests/anonymous-auth.scm,
	guile/tests/dh-parameters.pem, guile/tests/openpgp-auth.scm,
	guile/tests/pkcs-import-export.scm,
	guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: 
	Don't generate DH primes in Guile self checks (for speed).

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* tests/userid/userid: Cleanup, fixing distcheck.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* tests/openpgp-auth.c: Make it work with srcdir != objdir.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Improve GTK-DOC manual.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* .x-sc_two_space_separator_in_usage, lib/cryptodev.c,
	lib/m4/hooks.m4, lib/pakchois/pakchois11.h: Fix syntax-check
	warning.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, build-aux/pmccabe2html, doc/fdl-1.3.texi,
	gl/Makefile.am, gl/arpa_inet.in.h, gl/errno.in.h, gl/float.in.h,
	gl/ftello.c, gl/getaddrinfo.c, gl/m4/errno_h.m4, gl/m4/error.m4,
	gl/m4/float_h.m4, gl/m4/ftello.m4, gl/m4/getpagesize.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
	gl/m4/include_next.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
	gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lseek.m4,
	gl/m4/malloc.m4, gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/printf.m4,
	gl/m4/realloc.m4, gl/m4/servent.m4, gl/m4/size_max.m4,
	gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
	gl/m4/sockpfaf.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdlib_h.m4,
	gl/m4/time_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/malloc.c,
	gl/netdb.in.h, gl/netinet_in.in.h, gl/read-file.c, gl/realloc.c,
	gl/select.c, gl/stdarg.in.h, gl/stddef.in.h, gl/stdint.in.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/strerror.c, gl/string.in.h,
	gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
	gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
	gl/tests/getpagesize.c, gl/tests/init.sh, gl/tests/sys_ioctl.in.h,
	gl/tests/test-binary-io.c, gl/tests/test-binary-io.sh,
	gl/tests/test-ftello.c, gl/tests/test-ftello.sh,
	gl/tests/test-ftello2.sh, gl/tests/test-ftello3.c,
	gl/tests/test-getaddrinfo.c, gl/tests/test-memchr.c,
	gl/tests/test-netdb.c, gl/tests/test-read-file.c,
	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
	gl/tests/test-stdlib.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_wait.h, gl/tests/test-update-copyright.sh,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/wchar.in.h,
	lib/build-aux/config.rpath, lib/gl/Makefile.am, lib/gl/errno.in.h,
	lib/gl/float.in.h, lib/gl/ftello.c, lib/gl/m4/codeset.m4,
	lib/gl/m4/errno_h.m4, lib/gl/m4/fcntl-o.m4, lib/gl/m4/float_h.m4,
	lib/gl/m4/ftello.m4, lib/gl/m4/getpagesize.m4,
	lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-cache.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4,
	lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
	lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
	lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
	lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
	lib/gl/m4/ld-version-script.m4, lib/gl/m4/lib-ld.m4,
	lib/gl/m4/lib-link.m4, lib/gl/m4/lock.m4, lib/gl/m4/lseek.m4,
	lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4, lib/gl/m4/memmem.m4,
	lib/gl/m4/minmax.m4, lib/gl/m4/printf-posix.m4,
	lib/gl/m4/printf.m4, lib/gl/m4/progtest.m4, lib/gl/m4/realloc.m4,
	lib/gl/m4/size_max.m4, lib/gl/m4/socketlib.m4,
	lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
	lib/gl/m4/stdbool.m4, lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4,
	lib/gl/m4/stdlib_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
	lib/gl/m4/visibility.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
	lib/gl/malloc.c, lib/gl/netdb.in.h, lib/gl/read-file.c,
	lib/gl/realloc.c, lib/gl/stddef.in.h, lib/gl/stdint.in.h,
	lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
	lib/gl/string.in.h, lib/gl/strings.in.h, lib/gl/sys_socket.in.h,
	lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
	lib/gl/tests/binary-io.h, lib/gl/tests/getpagesize.c,
	lib/gl/tests/init.sh, lib/gl/tests/test-binary-io.c,
	lib/gl/tests/test-binary-io.sh, lib/gl/tests/test-ftello.c,
	lib/gl/tests/test-ftello.sh, lib/gl/tests/test-ftello2.sh,
	lib/gl/tests/test-ftello3.c, lib/gl/tests/test-memchr.c,
	lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
	lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
	lib/gl/tests/test-stdlib.c, lib/gl/tests/test-sys_socket.c,
	lib/gl/tests/test-sys_wait.h, lib/gl/tests/test-verify.c,
	lib/gl/time.in.h, lib/gl/unistd.in.h, lib/gl/wchar.in.h,
	libextra/gl/gnulib.mk, libextra/gl/m4/gnulib-cache.m4,
	libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/ld-version-script.m4,
	libextra/gl/m4/lib-ld.m4, libextra/gl/m4/lib-link.m4, maint.mk: 
	Update gnulib files.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Don't assume chmod +x on gendocs.sh.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Use gnulib --add-import.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Sort and update.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* lib/po/nl.po.in: Sync with TP.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.11.3.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2010-10-14  Simon Josefsson <simon@josefsson.org>

	* doc/errcodes.c, doc/examples/ex-alert.c,
	doc/examples/ex-cert-select-pkcs11.c,
	doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
	doc/examples/ex-client2.c, doc/examples/ex-crq.c,
	doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
	doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
	doc/examples/examples.h, doc/examples/tcp.c, guile/src/core.c,
	guile/src/errors.c, guile/src/extra.c, guile/src/utils.c,
	guile/src/utils.h, lib/auth_cert.c, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_psk.h,
	lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
	lib/auth_srp.h, lib/crypto-api.c, lib/crypto.h, lib/cryptodev.c,
	lib/debug.c, lib/debug.h, lib/ext_cert_type.c,
	lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
	lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
	lib/ext_server_name.h, lib/ext_session_ticket.c,
	lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
	lib/ext_srp.c, lib/ext_srp.h, lib/gcrypt/init.c, lib/gcrypt/mpi.c,
	lib/gcrypt/pk.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.h, lib/gnutls_dh.h,
	lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
	lib/gnutls_mem.h, lib/gnutls_mpi.h, lib/gnutls_num.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
	lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
	lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
	lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
	lib/locks.c, lib/locks.h, lib/nettle/cipher.c, lib/nettle/egd.c,
	lib/nettle/egd.h, lib/nettle/init.c, lib/nettle/mac.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
	lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
	lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c,
	lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h,
	lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c, lib/pakchois/dlopen.c,
	lib/pakchois/dlopen.h, lib/pakchois/errors.c,
	lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
	lib/pakchois/pakchois11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/random.c,
	lib/random.h, lib/system.c, lib/system.h, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
	lib/x509/x509_write.c, lib/x509_b64.c,
	libextra/ext_inner_application.c, libextra/ext_inner_application.h,
	libextra/gnutls_extra.c, libextra/gnutls_ia.c,
	libextra/includes/gnutls/extra.h, libextra/openssl_compat.h,
	src/benchmark.c, src/certtool-cfg.h, src/certtool-common.h,
	src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
	src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
	tests/anonself.c, tests/certder.c,
	tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
	tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
	tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
	tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
	tests/finished.c, tests/gc.c, tests/hostname-check.c,
	tests/init_roundtrip.c, tests/mini-eagain.c,
	tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
	tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
	tests/nul-in-x509-names.c, tests/openpgp-auth.c,
	tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
	tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
	tests/resume.c, tests/safe-renegotiation/srn0.c,
	tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
	tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
	tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
	tests/setcredcrash.c, tests/simple.c, tests/tlsia.c, tests/utils.c,
	tests/utils.h, tests/x509_altname.c, tests/x509dn.c,
	tests/x509self.c, tests/x509sign-verify.c: Indent (using GNU indent
	2.2.11).

2010-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, lib/m4/hooks.m4: bumped version

2010-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Revert "Applied last patch of Micah Anderson on
	IKE status." This reverts commit a6b2f5ce7316b4774649ee9b421da2ee7fef461f.

2010-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/fipsmd5.c: removed unneeded code.

2010-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Applied last patch of Micah Anderson on IKE
	status.

2010-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Applied patch on IKE extension by Micah Anderson

2010-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cryptodev.c, lib/gcrypt/mac.c, lib/gnutls_hash_int.c,
	lib/includes/gnutls/crypto.h, lib/nettle/mac.c: Updated cryptodev
	code to support the linux cryptodev extensions.  Removed the clone()
	capability from HMAC. It was never used and having it prevents using
	it with hardware accelerators that might not have this capability.

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: Added Micah

2010-10-01  Simon Josefsson <simon@josefsson.org>

	* doc/cha-cert-auth.texi, doc/cha-internals.texi,
	doc/cha-library.texi, lib/ext_safe_renegotiation.c,
	lib/ext_server_name.c, lib/gcrypt/init.c, lib/gnutls_record.c,
	lib/gnutls_str.c, lib/locks.c, lib/nettle/egd.c, lib/nettle/init.c,
	lib/system.c, lib/system.h, libextra/ext_inner_application.c,
	src/certtool-common.h, src/common.c, src/pkcs11.c: Fix some
	syntax-check errors.

2010-10-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/pkcs11.h: Fix compiler warnings.

2010-10-01  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am: Mention new APIs.

2010-09-30  Simon Josefsson <simon@josefsson.org>

	* tests/openpgp-certs/testselfsigs: Avoid bashism.  Reported by m.drochner@fz-juelich.de in
	<http://savannah.gnu.org/support/?107449>.

2010-09-30  Simon Josefsson <simon@josefsson.org>

	* lib/crypto-api.c: Don't return from void functions.  Reported by Dagobert Michelsen <dam@opencsw.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>.

2010-09-30  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Remove spurious comma.

2010-09-30  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/x509.h: Remove spurious comma.

2010-09-30  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8: Make
	pkcs8-decode test work on Windows.

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_session_ticket.c: treat absence of parameters the same as
	having them disabled.

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/resume.c: Corrected behavior on failure (don't crash).

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_session_ticket.c, lib/gnutls_extensions.c: Corrected bugs
	when restoring extensions during session resumtion.

2010-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c: Use more informative logging for
	extensions.

2010-09-29  Micah Anderson <micah@riseup.net>

	* NEWS, doc/certtool.cfg, doc/cha-programs.texi,
	lib/includes/gnutls/x509.h, lib/x509/output.c, src/certtool-cfg.c,
	src/certtool-cfg.h, src/certtool.c: Add new extended key usage
	ipsecIKE According to RFC 4945 § 5.1.3.12 section title
	"ExtendedKeyUsage"[0] the following extended key usage has been
	added:  ... this document defines an ExtendedKeyUsage keyPurposeID that MAY
	   be used to limit a certificate's use:    id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 }    where id-kp is defined in RFC 3280 [5].  If a certificate is
	   intended to be used with both IKE and other applications, and one
	   of the other applications requires use of an EKU value, then such
	   certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or    anyExtendedKeyUsage [5], as well as the keyPurposeID values    associated with the other applications.  Similarly, if a CA
	   issues multiple otherwise-similar certificates for multiple
	   applications including IKE, and it is intended that the IKE
	   certificate NOT be used with another application, the IKE
	   certificate MAY contain an EKU extension listing a keyPurposeID of
	   id-kp-ipsecIKE to discourage its use with the other application.
	   Recall, however, that EKU extensions in certificates meant for use
	in IKE are NOT RECOMMENDED.     Conforming IKE implementations are not required to support EKU.
	   If a critical EKU extension appears in a certificate and EKU is
	   not supported by the implementation, then RFC 3280 requires that the    certificate be rejected.  Implementations that do support EKU
	   MUST support the following logic for certificate validation:    o  If no EKU extension, continue.     o  If EKU present AND contains either id-kp-ipsecIKE or       anyExtendedKeyUsage, continue.     o  Otherwise, reject cert.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-gaa.c, src/certtool.gaa: --pkcs11-* in certtool
	was renamed to --p11-*.

2010-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_session_ticket.c: Added some comments and removed unused
	code.

2010-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext_session_ticket.c: Corrected advertizing issue for
	session tickets.

2010-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: cleanup of TODO list. Removed very old entries, entries
	already fixed and added new ones.

2010-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: IMED_RET parameters are easier to grasp.

2010-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto.c, lib/gcrypt/cipher.c, lib/gcrypt/mac.c,
	lib/nettle/cipher.c, lib/nettle/mac.c: cipher,mac and digest
	priorities moved to crypto.c

2010-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: changed the fatality level of some errors.

2010-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: No longer use is_fatal() during handshake.
	Explicitely treat EAGAIN and INTERRUPTED as non-fatal during
	handshake. If the check_fatal flag is set then
	GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well.

2010-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: fflush stdout and stderr before the call to setbuf.
	This fixes issue in solaris where lines dissappeared from output.
	Reported and suggested fix by Knut Anders Hatlen.

2010-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented change

2010-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Corrected bug in wrap_nettle_pk_fixup that was
	importing DSA keys are RSA ones.

2010-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c, lib/openpgp/privkey.c: indented some code

2010-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: updated revision

2010-09-18  Ludovic Courtès <ludo@gnu.org>

	* .gitignore, tests/Makefile.am, tests/openpgp-auth.c: Add an
	OpenPGP authentication unit test.  * tests/Makefile.am (ctests)[ENABLE_OPENPGP]: Add `openpgp-auth'.    (TESTS_ENVIRONMENT): Add `srcdir'.  * tests/openpgp-auth.c: New file.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-16  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/ext_session_ticket.c, lib/gnutls_alert.c,
	lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_constate.c, lib/gnutls_constate.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.h,
	lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_session_pack.c, lib/gnutls_state.c, libextra/gnutls_ia.c: 
	Explicit symmetric cipher state versionning.  This introduces the concept of a "cipher epoch". The epoch number is
	the number of successful handshakes and is incremented by one each
	time. This concept is native to DTLS and this patch makes the
	symmetric cipher state explicit for TLS in preparation for DTLS.
	This concept was implicit in plain TLS and ChangeCipherSpec messages
	triggered a "pending state copy". Now, we the current epoch number
	is simply incremented to the parameters negotiated by the handshake.  The main side effects of this patch is a slightly more abstract
	internal API and, in some cases, simpler code. The session blob
	format is also changed a bit since this patch avoids storing
	information that is now redundant. If this breaks library users'
	expectations, this side effect can be negated.  The cipher_specs structure has been removed. The conn_state has
	become record_state_st. Only symmetric cipher information is
	versioned. Things such as key exchange algorithm and the master
	secret are not versioned and their handling is unchanged.  I have tested this patch as much as I could. It introduces no test
	suite regressions on my x64 Debian GNU/Linux system.  Do not hesitate to point out shortcomings or suggest changes. Since
	this is a big diff, I am expecting this to be an iterative process.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-16  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_errors.h: Add gnutls_assert_val idiom.   This warrants being made in an inline function or macro since it is  used throughout the code. This converts 4 line repetitive blocks
	 into 1 line.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, NEWS, configure.ac: updated for 2.11.1

2010-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.gaa, src/pkcs11.c: Added 3 levels of details in PKCS
	#11 URLs.  1st level: Token level. Object is unique up to token.
	2nd level: Object is unique up to token and module used to access
	it.  3rd level: Object is unique up to token and module and version
	of module used to access it.

2010-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Documented changes.

2010-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: Be liberal in the PEM decoding. That is spaces and
	tabs are being skipped.

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: Fully mbufferize _gnutls_read and
	_gnutls_read_buffered.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_mbuffers.h: mbuffers: Add _mbuffer_xfree operation.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_state.c: mbuffers: make
	_gnutls_io_read_buffered use mbuffers.  This will be needed by the DTLS code to make sure reads are stored
	in segments that correspond to datagram boundaries.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_int.h: Parenthesize size calculations.  This is standard practice and the DTLS code got bit by this.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: mbuffers: Add
	mbuffer_linearize.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_mbuffers.c: mbuffers: fix wrong size calculation.  maximum_size is the maximum size of the payload, not including
	overhead.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_mbuffers.c: mbuffers: Make _mbuffer_remove_bytes return
	a meaningful error code.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_mbuffers.c: mbuffers: Document the internal mbuffer
	API.  After a year of not hacking GnuTLS, I needed to look at the code to
	know how mbuffers work. This will make it much easier for anybody
	not familiar with this code.  Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
	Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated NEWS.

2010-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/certtool-common.h,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa, src/pkcs11.c: PKCS#11 URL support updated to
	conform to draft-pechanec-pkcs11uri-02.  Now in the URL the pkcs11
	provider library (module) can be specified thus restricting objects
	within a single provider.

2010-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_record.c: When the %COMPAT flag is specified, larger
	records that would otherwise violate the TLS spec, are accepted.

2010-08-28  Brad Hards <bradh@frogmouth.net>

	* src/certtool.c, src/pkcs11.c: Show which option is the default for
	command line tools.  We use "y/N" is most places - this just adapts two places that use
	"Y/N" to match the behavior of read_yesno().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: prevent a memory leak in the unique_id functions.

2010-08-20  Brad Hards <bradh@frogmouth.net>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/output.c,
	lib/x509/x509.c, tests/Makefile.am, tests/certuniqueid.c: As
	identified in a previous mail, I've added support for accessing /
	displaying the subjectUniqueID and issuerUniqueID fields within an
	X.509 certificate. This is provided (along with a test case) in the
	attached patch.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_int.h: By default lowat is set to zero.

2010-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Revert "When scanning for terminator character for
	PKCS #11 URLs ignore escaped \;." This reverts commit 583fad076506421c9007a3349784496e2927dcd1.

2010-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: Added Sjoerd.

2010-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/m4/hooks.m4: libnettle is the default crypto library.

2010-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: oldstate var removed.

2010-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-eagain.c: mini-eagain will fail with EAGAIN error one
	every two attempts. That is to remove probabilities.

2010-08-11  Sjoerd Simons <sjoerd.simons@collabora.co.uk>

	* lib/gnutls_int.h, lib/gnutls_record.c: Remember the amount of user
	data we're sending out Partially reverts 3ef62950845f551ebc629e50d5ddf75f71b84294.
	gnutls_record_send needs to return the amount of user-data we sent,
	so we need to keep this information somewhere to return it when we
	succeed in sending that data.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-11  Sjoerd Simons <sjoerd.simons@collabora.co.uk>

	* lib/gnutls_handshake.c: Check whether the error is fatal in more
	cases When stressing the async API of gnutls a lot of internal errors are
	hit as IMED_RET clears the handshake hash buffers as a result of
	-EAGAIN even though it would never be re-initialized at that point,
	but is still needed in later stages.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-11  Sjoerd Simons <sjoerd.simons@collabora.co.uk>

	* lib/gnutls_handshake.c, lib/gnutls_int.h: Add state for flushing
	the handshake buffer A seperate state is needed between flushing the handshake buffers
	and sending the chipher spec change otherwise it's impossible to
	determine whether _gnutls_send_change_cipher_spec is called for the
	first time or again.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-08-01  Simon Josefsson <simon@josefsson.org>

	* lib/nettle/mpi.c: Fix warning.

2010-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: Define HAVE_GCRYPT when using gcrypt. nettle is
	no longer marked as unsupported.

2010-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/manpages/Makefile.am, lib/gnutls_extensions.c,
	lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c,
	lib/nettle/pk.c, libextra/gnutls_extra.c: Added Camellia-128/256,
	SHA-224/384/512 and support for DSA2 when using nettle.

2010-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: When scanning for terminator character for PKCS #11
	URLs ignore escaped \;.

2010-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Modified the example to work in TLS 1.2.

2010-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_algorithms.c: Added RSA_NULL_SHA1 and SHA256
	ciphersuites.

2010-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_signature.c: When signature algorithms extension is not
	received allow SHA1 and SHA256.

2010-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: NULL MAC renamed to MAC-NULL

2010-07-25  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Avoid fixed size buffers (now handles the big >100
	SAN cert).

2010-07-25  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2010-07-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Re-add old NEWS entries.

2010-07-25  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.c: Doc fix.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: Do not trust fbase64_decode to return 0 on
	success.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_x509.c, lib/x509/privkey.c, src/certtool.c: 
	gnutls_x509_privkey_import() will fallback to
	gnutls_x509_privkey_import_pkcs8() without a password, if it is
	unable to decode the key.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/includes/gnutls/gnutls.h.in, lib/nettle/mpi.c, src/prime.c: 
	Added GNUTLS_PK_DH to differentiate in the generation of parameters
	with PK_DSA that requires special treatment.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Corrected wrong descriptions of security
	levels.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: use RSA-SHA1 as an indicator of RSA
	certificates.

2010-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Fix DSA key values to avoid generating
	normal and reporting them as low.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/nettle/mpi.c, lib/openpgp/privkey.c,
	lib/x509/privkey.c, src/certtool.c,
	tests/pathlen/no-ca-or-pathlen.pem: Better handling of security
	parameters to key sizes matching (via a single table). Added
	functions to return the security parameter of a private key.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Simplified documentation.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mpi.c: Follow ECRYPT II recommendations.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-bib.texi, doc/cha-intro-tls.texi,
	lib/gnutls_algorithms.c: Updated documentation and
	gnutls_pk_params_t mappings to ECRYPT II recommendations.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: HMAC-MD5 deprecated according to ECRYPT II
	yearly report (2009-2010) recommendations.

2010-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/sha2/Makefile.am: added missing file key-subca-dsa.pem

2010-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gtk-doc.make: ignore html errors otherwise make dist doesn't work.

2010-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated NEWS

2010-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa: Added option for certtool to print
	certificate public key.

2010-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Added SIG_RSA_MD5_OID as an indicator of
	RSA. Some microsoft products were using it. Reported by Mads
	Kiilerich.

2010-07-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/x509/common.h: Added RSA with SHA224.

2010-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Added blinding to RSA decryption AND signing.
	Will stay there until it is moved to nettle itself.

2010-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system.h: fixed

2010-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/nettle/Makefile.am, lib/nettle/egd.c, lib/nettle/egd.h,
	lib/nettle/rnd.c: Added support for EGD daemon in nettle's RNG. It
	is used if /dev/urandom is not present.

2010-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/system.c, lib/system.h: Corrected the
	lowat behavior. Documented that it will be deprecated in later
	versions.

2010-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: gnutls-serv: Do not print CR/LF if received, but
	instead print LF only.

2010-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_state.c,
	lib/locks.c, lib/locks.h, lib/pakchois/pakchois.c, lib/system.c,
	lib/system.h: system specific functions were moved to system.c

2010-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, lib/gnutls_alert.c, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
	lib/gnutls_mbuffers.h, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, libextra/gnutls_ia.c: Support scattered write
	using writev(). This takes advantage of the new buffering layer and
	allows queuing of packets and flushing them. This is currently used
	for handshake messages only. Performance-wise the difference of
	packing several TLS records in a single write doesn't seem to offer
	anything over ethernet (that my tests were on). Probably on links
	with higher latency there would be a benefit.

2010-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Removed old reference.

2010-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi, doc/examples/Makefile.am,
	doc/examples/ex-rfc2818.c: ex-rfc2818 is now a functional program
	demonstrating the verification procedure.

2010-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
	doc/examples/ex-serv-export.c: Example with export ciphersuites was
	removed.

2010-07-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: corrected typo

2010-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Use the same "e" for RSA as libgcrypt. It's the
	fastest choice.

2010-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: Do not crash if input is redirected from
	/dev/null.

2010-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-gaa.c, src/certtool.c, src/certtool.gaa: 
	Changed the default pkcs-cipher to AES-128. Allowed specifying the
	3des-pkcs12 cipher with the --pkcs-cipher option.

2010-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: Use double to count bytes.

2010-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: Added a windows version of the RNG.

2010-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: Corrected locking usage in nettle's random
	subsystem.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gcrypt/Makefile.am, lib/gnutls_privkey.c,
	lib/gnutls_pubkey.c, lib/nettle/Makefile.am, lib/pakchois/dlopen.h: 
	Fixed to compile under mingw32.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: only warn if dlopen or pthreads are not found.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gcrypt/init.c, lib/includes/gnutls/gnutls.h.in, lib/locks.c,
	lib/pakchois/pakchois.c: Locks were converted to be in align with
	posix locks to easier wrap around them.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/locks.c, lib/locks.h, lib/pakchois/dlopen.c,
	lib/pakchois/dlopen.h, lib/pakchois/pakchois.c: The included
	pakchois will use gnutls locks and will use a portable dlopen() to
	allow compilation in win32 (untested).

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: Read from /dev/urandom every 20 minutes.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/x509/Makefile.am: Added missing files

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
	lib/libgnutls.map: Allow encryption and decryption that are not
	in-place only.

2010-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: Print values in a human-readable format and do
	the calculations in fixed time to prevent stalling in slow systems.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: corrected library version

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c,
	lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	src/common.c, src/pkcs11.c: PIN callback supplies the token URL. The
	callback function in common.c will cache PIN if requested for second
	time.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c, src/common.c: Reverted the SAVE_PIN approach in
	PIN callback. The new approach will be to provide enough information
	for the callback to save the PIN itself.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gcrypt/init.c: removed unneeded function.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: More uses of gnutls_certificate_free_ca_names

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/locks.c: Do not allow setting NULL lock functions

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/rnd.c: corrected lock usage.

2010-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: bumped library version

2010-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/Makefile.am: Include abstract.h in releases.

2010-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c: Correctly deinitialize crypto API handles.

2010-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: commented obscure HANDSHAKE_MAC_TYPE_10 and
	HANDSHAKE_MAC_TYPE_12.

2010-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/locks.c, lib/locks.h, lib/nettle/rnd.c: simplified locking
	code. Locking functions always exist but are dummies if no locks
	have been set.

2010-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gcrypt/Makefile.am, lib/gcrypt/init.c, lib/gnutls_errors.c,
	lib/gnutls_global.c, lib/gnutls_global.h,
	lib/includes/gnutls/gnutls.h.in, lib/locks.c, lib/locks.h,
	lib/nettle/Makefile.am, lib/nettle/init.c, lib/nettle/rnd.c: 
	Initialization of crypto libraries moved outside main gnutls code.

2010-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/locks.c, lib/locks.h: Moved locking code to special file.

2010-06-29  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/pkcs11-vision.eps: Add pkcs11-vision rules.

2010-06-29  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2010-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c, src/pkcs11.c: 
	When copying a private key the sensitive flag can be set or not.
	This allows copying private keys that can be exported.

2010-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_write.c, src/certtool-common.h, src/certtool.c,
	src/pkcs11.c: Combined object flags. No implicit login any more.
	Login has to be specified with a flag on every call that could use
	it.

2010-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: Indented
	code.

2010-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_pubkey.c,
	lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c,
	src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa, src/cli.c, src/pkcs11.c: Allow
	flags when importing objects from PKCS11 URLs. The only flag
	supported now is the PKCS11_OBJ_FLAG_LOGIN, which forces login
	before accessing object on a token. The reason is that some tokens
	do not allow access of any data without login.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: Added AES-128 to block ciphers.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session_pack.c: Corrected writing and reading order of
	security parameters.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/configure.ac, libextra/configure.ac: use 2.11.0 everywhere

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/configure.ac,
	lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/nettle/rnd.c, lib/pkcs11.c: Added gnutls_global_set_mutex() to
	allow setting alternative locking procedures. By default the system
	available locking is used. In *NIX pthreads are used and in windows
	the critical section API.  As a side effect this change avoids any API dependance on libgcrypt
	even if threads are used.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: Modified the cacertrsamd5 short-cut. The test
	was checking whether verification using a trusted insecurely signed
	self signed certificate will fail against a chain that has this as
	intermediate. However this test should have succeeded since the
	insecure certificate is trusted.  This isn't the purpose of this test however. It should have checked
	whether using the same certificate as trusted and to be verified and
	the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flag should return an error.

2010-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c: Fail on error.

2010-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: When generating private key allow usage of
	--pkcs-cipher flag.

2010-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
	lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls_int.h: 
	MAX_SRP_USERNAME -> MAX_USERNAME_SIZE

2010-06-24  Simon Josefsson <simon@josefsson.org>

	* README-alpha: We also require GNU make.

2010-06-24  Simon Josefsson <simon@josefsson.org>

	* THANKS, configure.ac, lib/configure.ac, libextra/configure.ac: Use
	silent build rules.  Suggested by Vincent Torri <vincent.torri@gmail.com> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>.

2010-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: removed OPRFI extension
	functions.

2010-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: removed OPRFI from makefile.

2010-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: When verifying certificates use the same
	algorithm whether the DO_NOT_ALLOW_SAME flag is set or not. Before
	we were shortening certificate list if the flag was not set by the
	size of the first certificate found in the trusted list, and keep
	the list intact otherwise. Now we shorten the list in the latter
	case as well, except for the first certificate.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Added news entry for EV-certificates.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: Corrected some tests.
	Added test to check whether the %COMPAT option is required for this
	server.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_session_pack.c: Corrections in
	the new session packing code. Saving absolute positions in buffers
	is no longer done. Now we store only and offset to allow
	reallocating the buffer and still do the correct reference.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
	lib/ext_signature.c, lib/gnutls_handshake.c: Fixes in new extensions
	code that relate to SSL 3.0.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: version is 2.11.0

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: Some updates in the PKCS11 text.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Some updates on renegotiation text

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Removed links for discussion of the COMPAT
	topic. I don't think they should be in the documentation.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Corrected example with %COMPAT.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Added gnutls_sec_param_to_pk_bits()
	discussion.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: corrected text on AES

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Only save PIN if login was successful.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-auth.texi, lib/ext_signature.c: Applied patch by Andreas
	Metzler

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/benchmark.c: Allow setting debug level via cmd.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cryptodev.c: Explicitely terminate cryptodev sessions.

2010-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Removed the no
	longer needed "active" variable.

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented some of the changes

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Greatly simplified the
	internal hash/hmac and cipher functions.

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
	src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.gaa, src/pkcs11.c: Allow listing of private keys only.
	Certtool has now the --pkcs11-list-privkeya option.

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: Send correct token name to callback.

2010-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c: Added more gnutls errors to map closer to PKCS11
	actual errors.

2010-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c, src/common.c: 
	Added option to the PKCS11 PIN callback to save PIN if the token is
	being used with a single pkcs11_privkey structure.

2010-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: For Private key operations new sessions are
	opened when are needed. This makes the usage of the PKCS11 API
	thread safe. The only drawback is the requirement to enter PIN on
	every operation.

2010-06-15  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: gnutls-cli: Make --starttls work again.  Problem introduced in patch to use read() instead of fgets()
	committed on 2010-01-27.

2010-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, tests/sha2/key-ca-dsa.pem,
	tests/sha2/key-subca-dsa.pem, tests/sha2/sha2, tests/sha2/sha2-dsa: 
	Allow SHA224 hash in certtool. Added tests for SHA-256 and SHA-224
	for DSA.

2010-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Do not warn multiple times for the deprecation of
	--bits.

2010-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_session_ticket.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_mbuffers.c,
	lib/gnutls_mbuffers.h, lib/gnutls_record.c: Appending data in
	mbuffers is now cheaper by avoiding realloc, at the cost of
	requiring to specify a maximum mbuffer size at creation.

2010-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_safe_renegotiation.c: Removed unused functions.

2010-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_int.h: Combined the max ticket
	length with the maximum extension data length.

2010-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-gtls-app.texi, lib/auth_srp.c, lib/ext_cert_type.c,
	lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h,
	lib/ext_oprfi.c, lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
	lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
	lib/ext_server_name.h, lib/ext_session_ticket.c,
	lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
	lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_buffers.c,
	lib/gnutls_constate.c, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
	lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
	lib/x509/dn.c, libextra/ext_inner_application.c,
	libextra/ext_inner_application.h, libextra/gnutls_extra.c,
	libextra/gnutls_ia.c, src/cli.c, src/serv.c, tests/Makefile.am,
	tests/oprfi.c, tests/tlsia.c: Simplified and made more safe the
	packing of data for session storage. Extensions use the internal API
	to store/retrieve during resumption.  Removed OPRFI since it was never standardized and was never actually
	included in gnutls since it was in inactive ifdef. This was instead
	of rewriting it to use the new API.

2010-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
	lib/gnutls_supplemental.h, lib/openpgp/output.c, lib/pkcs11.c,
	lib/x509/dn.c, lib/x509/output.c: The gnutls_string code was
	simplified and integrated with the buffer to avoid having two named
	for the same thing.

2010-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pakchois/pakchois.c: Properly handle fork() case.

2010-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_extra.c: Register the md5 handler if gcrypt is in
	fips mode once gnutls_global_init_extra() is called.

2010-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: corrected tests.

2010-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pakchois/pakchois.c, lib/pakchois/pakchois.h, lib/pkcs11.c: 
	Added new calls to pakchois to open an absolute filename.

2010-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h: Removed several comments that
	pointed to Alon's implementation comments. We use inline C comments
	to generate documentation (not doxygen).

2010-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/ext_session_ticket.c,
	lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_mbuffers.c, lib/gnutls_record.c, lib/gnutls_state.c: More
	fixes for the rebase.

2010-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: Added Jonathan.

2010-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pakchois/pakchois.c: Provider unref must be done after all
	sessions have been closed.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: Several fixes for the broken rebase.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Merged with master.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_mbuffers.h,
	lib/gnutls_record.c: Some other changes to mbuffers to make gnutls
	(a bit more) agnostic on their internal structure.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: Corrected prefered hash algorithm return value
	on RSA.

2010-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: Use GCRYCTL_ENABLE_QUICK_RANDOM when using
	libgcrypt.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: Ignore more files.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/sha2/sha2-dsa: Remove the correct file

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/sha2/key-ca-dsa.pem, tests/sha2/key-dsa.pem: Added missing
	files.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
	lib/x509/crq.c, lib/x509/x509.c, src/certtool.c: The
	get_preferred_hash_algorithm() functions have now an extra argument
	to indicate whether it is mandatory to use this algorithm.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-crq.c, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/crq.c: Added
	gnutls_x509_crq_get_preferred_hash_algorithm().

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/privkey.c,
	lib/x509/verify.c, lib/x509/x509.c, src/certtool.c: Added
	gnutls_pubkey_get_preferred_hash_algorithm() and
	gnutls_x509_crt_get_preferred_hash_algorithm() to allow determining
	the hash algorithm to use during signing. This is needed in the case
	of DSA that uses specific versions of SHA depending on the size of
	the parameters.

2010-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi, lib/Makefile.am, lib/build-aux/config.rpath,
	lib/gcrypt/pk.c, lib/gnutls_privkey.c, lib/pkcs11.c,
	lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
	lib/x509/sign.h, lib/x509/verify.c, lib/x509/x509.c, src/pkcs11.c: 
	Several fixes after big rebase.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/sha2/Makefile.am, tests/sha2/sha2-dsa: Test the DSA with
	SHA256 as well.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/mpi.c: Print debugging information on error.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_sig.c,
	lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/pubkey.c,
	lib/opencdk/sig-check.c, lib/opencdk/verify.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
	lib/x509/x509_int.h: Nettle library can now parse the PGP integers.
	Except for SHA-224/384/512 nettle seems to be fully working now.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: use --sec-param to generate privkey.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgpself.c: reduced log level to a sane one

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: Corrected for new output of
	--print-certificate-info

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/sha2/sha2: Print information on failure.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.map, src/certtool.c: Print exp1 and exp2 if they are
	available.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
	tests/pkcs8-decode/pkcs8, tests/userid/userid: Only print output if
	something fails

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4, lib/pakchois/pakchois.c: Some pakchois fixes.

2010-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: Fixup to compile with nettle

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: Do not bother with MODPATH. We don't use it.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/debug.h: Added again _gnutls_dump_mpi() to assist
	in debugging.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12_encode.c: Added debugging

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: Allow DSA with other than SHA1 algorithms in
	TLS.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix_asn1_tab.c: removed more stuff.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/x509/common.c: LocalKeyId and XmppAddr were
	incorporated.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c: No need for those OIDs any
	more.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dn2.c: Corrected to support new EV_ values.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c: 
	avoid calling gcrypt directly.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
	lib/random.c, lib/random.h, src/crypt.c, src/psk.c,
	tests/mini-eagain.c: exported gnutls_rnd().

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c: The
	recognition of DN elements is now self contained. It does not need
	entries in pkix.asn.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c: Added
	support for EV certificate attributes.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4, lib/nettle/cipher.c: Fixed nettle detection and
	AES.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c: documentation updates

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-common.h, src/certtool.c, src/prime.c: Generate
	dh-params also used --sec-param.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/mpi.c: Document that the generator is the generator of
	the subgroup and not the group.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: Corrected certificate callback.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gcrypt/Makefile.am, lib/nettle/Makefile.am,
	lib/nettle/cipher.c: More AES stuff (still doesn't work).

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Correction in RSA encryption.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: Fixed issue with AES.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, lib/openpgp/output.c, lib/x509/output.c,
	lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa: Added
	gnutls_sec_param_to_pk_bits() et al. to allow select bit sizes for
	private keys using a human understandable scale.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
	lib/x509/common.h: Added support for SHA224 and SHA256 in DSA.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: Always use included pakchois.

2010-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c: make sure all lines fit in
	page.

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: make example more compact by removing
	error checking.

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-bib.texi, doc/cha-cert-auth.texi: Added bibliographic
	reference to PKCS #11.

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-cert-auth.texi: Added sketch for PKCS #11 usage.

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/x509-server-dsa.pem,
	doc/credentials/x509-server-key-dsa.pem: Added 2048 bit DSA key

2010-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/opencdk/armor.c, lib/opencdk/read-packet.c,
	lib/opencdk/stream.c, lib/opencdk/write-packet.c: Increased log
	level of several messages.

2010-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/credentials/x509/key.pem: Corrected coefficient and exp[12]
	values in key.

2010-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/pk.c: Added blinding in RSA. Correct broken private
	keys on import. Nettle uses more values than gcrypt does from RSA
	decryption and it seemed that some values in our stored private keys
	were messy (generated by very old gnutls).

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_x509.c,
	lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c: Simplified
	internal API. The only question that remains now is how to handle
	the gnutls_pkcs11_privkey_t. Currently it opens a session and
	maintains a handle to the object. This will require locks to be
	added on operations. Alternatively new sessions may be opened for
	each operation performed. This is guarranteed by PKCS #11 to be
	thread safe but will of course require to ask for the PIN again.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pakchois/pakchois.c: Removed debugging print.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
	lib/pakchois/errors.c, lib/pakchois/pakchois.c,
	lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h: Added a modified
	pakchois library (to open arbitrary pkcs11 modules).  Current gnutls
	works only with this one.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: Added missing file.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: Removed finished items.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: Noted that there things to be done.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/cha-cert-auth.texi: Added documentation on
	abstract types.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/opencdk/pubkey.c, lib/openpgp/privkey.c, lib/x509/privkey.c: 
	Common code for calculation of RSA exp1 and exp2. Also update the
	openpgp code to calculate those values.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dh_common.c, lib/gnutls_dh_primes.c, lib/x509/privkey.c: 
	More fixes.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dh_common.c, lib/gcrypt/mpi.c, lib/gnutls_mpi.c: 
	Corrected nicely hidden bug that caused accesses to uninitialized
	variables if the gcry_mpi_print() functions were pessimists and
	returned more size than actually needed for the print.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gcrypt/pk.c: Added some sanity checks.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/cha-auth.texi, doc/cha-bib.texi,
	doc/cha-cert-auth.texi, doc/cha-ciphersuites.texi,
	doc/cha-copying.texi, doc/cha-functions.texi,
	doc/cha-internals.texi, doc/cha-intro-tls.texi,
	doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
	doc/cha-tls-app.texi, doc/gnutls.texi,
	lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c: 
	Documentation updates. Separated big gnutls.texi to chapter to allow
	easier maintainance.

2010-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c,
	lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
	lib/pkcs11_write.c, lib/x509/privkey.c, lib/x509/x509_int.h,
	src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa, src/crypt-gaa.c, src/pkcs11.c: 
	Added support to copy certificates and private keys to tokens.  New
	functions: gnutls_pkcs11_copy_x509_crt()
	gnutls_pkcs11_copy_x509_privkey() gnutls_pkcs11_delete_url() Certtool was updated to allow copying certificates and private keys
	to tokens. Deleting an object has issues (segfault) but it seems to
	be related with libopensc and its pkcs11 API.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: Added gnutls_pubkey_verify_hash(),
	gnutls_pubkey_get_verify_algorithm().

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
	gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
	gnutls_pkcs11_obj_export().

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Tried to document recent changes.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_int.h,
	src/certtool-gaa.c, src/certtool.gaa, src/pkcs11.c: Added
	gnutls_pubkey_t abstract type to handle public keys. It can
	currently import/export public keys from existing certificate types
	as well as from PKCS #11 URL. This allows generating a certificate
	or certificate request from a given public key (currently one could
	only generate them from a given private key).  PKCS#11 API augmented to allow reading arbitrary objects instead of
	just certificates.  Certtool updated to list those objects.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Added gnutls_pkcs11_token_get_flags() to distinguish
	between hardware and soft tokens.

2010-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: Added support for libnettle backend. This uses
	gmp for big number operations.  It is not currently completed. It
	lacks RSA blinding as well as optimizations.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/sign.c: Corrected bug in DSA signature generation.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_int.h: Added operations to sign CRLs, certificates
	and requests with an abstract key and thus with a PKCS #11 key as
	well.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/privkey.h: privkey.h -> abstract.h

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: The gnutls-cli --x509cafile can now be a PKCS
	#11 URL. It can read gnome-keyring's certificates and use them in
	the trusted list.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: Corrections in openpgp private key usage.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509self.c: Updated self tests and examples to avoid using
	deprecated functions such as
	gnutls_certificate_server_set_retrieve_function and the sign
	callback.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/privkey.h, lib/pkcs11_int.h: Added
	documentation for most of the new functions.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Documented that it was initially based on neon
	pkcs11 and got ideas from pkcs11-helper library.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Corrections to properly handle token removal and
	insert.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/privkey.h, lib/pkcs11.c, lib/x509/sign.c: Added
	gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
	abstract private key type that can be used to sign/encrypt any
	private key of pkcs11,x509 or openpgp types. Added support for
	PKCS11 in gnutls-cli/gnutls-serv.

2010-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, src/pkcs11.c: Added several helper functions, to
	allow printing of tokens.

2010-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, src/certtool-gaa.c, src/certtool.c,
	src/certtool.gaa, src/pkcs11.c: Added ability to export certificates
	from PKCS #11 tokens.  Added ability to list trusted certificates,
	or only certificates with a corresponding private key or just all.

2010-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/configure.ac, lib/includes/gnutls/pkcs11.h,
	lib/pkcs11.c, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
	Certtool can now print lists of certificates available in system.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map, lib/x509/common.h, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h: Added
	gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm().

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, lib/gnutls_pubkey.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
	lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/x509/x509.c,
	src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
	gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
	gnutls_pkcs11_obj_export().

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: Ignore files that should be ignored.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-gaa.c, src/certtool.gaa: Tried to document
	recent changes.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_pubkey.c, lib/gnutls_x509.c,
	lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
	lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/x509/common.c, lib/x509/common.h,
	lib/x509/mpi.c, lib/x509/x509.c, lib/x509/x509_int.h,
	src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added
	gnutls_pubkey_t abstract type to handle public keys. It can
	currently import/export public keys from existing certificate types
	as well as from PKCS #11 URL. This allows generating a certificate
	or certificate request from a given public key (currently one could
	only generate them from a given private key).  PKCS#11 API augmented to allow reading arbitrary objects instead of
	just certificates.  Certtool updated to list those objects.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added
	gnutls_pkcs11_token_get_flags() to distinguish between hardware and
	soft tokens.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/libgnutlsxx.map, lib/m4/hooks.m4: Export all
	symbols from C++ library. This library doesn't contain any internal
	symbols anyway and there is no reason to mess with the C++ ABI that
	hasn't got the problems of C.

2010-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c,
	lib/Makefile.am, lib/auth_srp.c, lib/configure.ac,
	lib/gcrypt/Makefile.am, lib/{cipher-libgcrypt.c =>
	gcrypt/cipher.c}, lib/{mac-libgcrypt.c => gcrypt/mac.c},
	lib/{mpi-libgcrypt.c => gcrypt/mpi.c}, lib/{pk-libgcrypt.c =>
	gcrypt/pk.c}, lib/{rnd-libgcrypt.c => gcrypt/rnd.c},
	lib/gnutls_global.c, lib/gnutls_mpi.c, lib/gnutls_srp.c,
	lib/m4/hooks.m4, lib/nettle/Makefile.am, lib/nettle/cipher.c,
	lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
	lib/nettle/rnd.c, src/certtool.c, src/cli.c, src/serv.c,
	tests/chainverify.c: Added support for libnettle backend. This uses
	gmp for big number operations.  It is not currently completed. It
	lacks RSA blinding as well as optimizations.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/gnutls-cli.1, src/cli-gaa.c, src/cli.gaa,
	src/serv-gaa.c, src/serv.gaa: Documented that the --file options in
	gnutls-cli and gnutls-serv can accept a PKCS #11 URL.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/sign.c: Corrected bug in DSA signature generation.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
	lib/libgnutls.map, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/mpi.c, lib/x509/sign.c, lib/x509/x509_int.h,
	lib/x509/x509_write.c: Added operations to sign CRLs, certificates
	and requests with an abstract key and thus with a PKCS #11 key as
	well.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_privkey.c,
	lib/gnutls_sig.h, lib/gnutls_x509.h, lib/includes/gnutls/{privkey.h
	=> abstract.h}, lib/openpgp/gnutls_openpgp.h: privkey.h ->
	abstract.h

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/configure.ac, lib/gnutls_x509.c, src/cli.c: 
	The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read
	gnome-keyring's certificates and use them in the trusted list.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Documented that gnutls_global_init calls
	gnutls_pkcs11_init.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: Only send termination request to avoid stalling on
	servers that do not reply.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_state.h: 
	Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
	works even when resuming a session.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, doc/examples/ex-cert-select-pkcs11.c,
	doc/gnutls.texi: Added initial example.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.h, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c: 
	Corrections in openpgp private key usage.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select.c, tests/Makefile.am,
	tests/pkcs12_s2k.c, tests/x509dn.c, tests/x509signself.c: Updated
	self tests and examples to avoid using deprecated functions such as
	gnutls_certificate_server_set_retrieve_function and the sign
	callback.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h, src/tests.c: Use
	the new callback function.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
	lib/includes/gnutls/privkey.h, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/x509/privkey.c: Added
	documentation for most of the new functions.

2010-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: Documented that it was initially based on neon
	pkcs11 and got ideas from pkcs11-helper library.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/libgnutls.map, lib/pkcs11.c,
	lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/common.c: Corrections to
	properly handle token removal and insert.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in: 
	Deprecated the sign callback.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, lib/Makefile.am, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp_rsa.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_global.c, lib/gnutls_int.h,
	lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/privkey.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h,
	lib/openpgp/openpgp_int.h, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
	lib/x509/sign.h, lib/x509/x509_int.h, src/cli.c, src/common.c,
	src/common.h, src/pkcs11.c, src/serv.c: Added
	gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
	abstract private key type that can be used to sign/encrypt any
	private key of pkcs11,x509 or openpgp types. Added support for
	PKCS11 in gnutls-cli/gnutls-serv.

2010-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: ignore unrelated to gnutls files.

2010-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
	src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added several helper
	functions, to allow printing of tokens.

2010-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_str.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
	lib/pkcs11.c, src/certtool-common.h, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/pkcs11.c: 
	Added ability to export certificates from PKCS #11 tokens.  Added
	ability to list trusted certificates, or only certificates with a
	corresponding private key or just all.

2010-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_srp.c, lib/configure.ac,
	lib/gnutls.pc.in, lib/gnutls_constate.c, lib/gnutls_errors.c,
	lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_psk.c,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/Makefile.am,
	lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
	lib/openpgp/gnutls_openpgp.c, lib/pkcs11.c, lib/x509/common.c,
	lib/x509/dn.c, src/Makefile.am, src/certtool-common.h,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
	Certtool can now print lists of certificates available in system.

2010-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: Optimized the check_if_same().

2010-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/x509/common.c, lib/x509/common.h: 
	Added a forgoten by god OID for RSA. Warn using the actual OID on
	unknown public key algorithms.

2009-12-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/ext_session_ticket.c: Adapt session ticket support to mbuffer
	API.

2009-08-16  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c,
	lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Use mbuffers for
	handshake synthesis.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c: Make _gnutls_handshake_io_send_int accept a
	mbuffer_st.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: 
	Simplify handshake send buffer logic.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: Fix interrupted write braino.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_mbuffers.c: Avoid pointer warning.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
	lib/gnutls_mbuffers.h: Remove now useless
	_gnutls_mbuffer_enqueue{,copy} functions.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_mbuffers.c, lib/gnutls_record.c: Allocate data buffer
	with mbuffer_st structure as suggested by Nikos.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Prepare for mbuffer
	allocation by the caller.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: GNUify some missed GNUification.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: Harmonize read and write function names.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: Now that LEVEL and LEVEL_EQ are fixed, use
	less lines.

2009-08-15  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_errors.h: Make LEVEL and LEVEL_EQ macros safer.  Once again, I got bit by this pretty hard.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_record.c: Use a datum for ciphered data in
	_gnutls_send_int.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.h: Remove the prototype for the non-existant
	function _gnutls_io_write_buffered2.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_int.h, lib/gnutls_record.c: Cleanup of the remaining
	internals.record_send_buffer mess.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: Remove yet another !@#$% instance of
	redundant hexadecimal dumping.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c: 
	Modify slightly the contract of _gnutls_io_write_buffered as
	suggested by Nikos Mavrogiannopoulos.

2009-08-09  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
	lib/gnutls_mbuffers.h: Pass datums to mbuffers by address instead of
	by value.

2009-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_record.c: Corrected case where
	handshake data were received during a session. It now stores them
	for future use by a gnutls_handshake(). Reported by Peter
	Hendrickson <pdh@wiredyne.com>.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: Simplify _gnutls_io_write_buffered and
	_gnutls_io_write_flush with mbuffers.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_int.h, lib/gnutls_state.c: Change type of
	internals.record_send_buffer to a mbuffer.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: Extract a simple_write function from
	_gnutls_io_write_buffered.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_buffers.c: Add dump_bytes function.

2009-08-06  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
	lib/gnutls_mbuffers.h: Add gnutls_mbuffers.{c,h} with some basic
	mbuffer operations.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_algorithms.c: Do not rely on version ordering; use
	switch..case instead.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/auth_cert.c: Remove hardcoded version checks in auth_cert.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_state.c: Remove hardcoded version check in
	gnutls_state.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_cipher.c: Remove hardcoded version checks in
	gnutls_cipher.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_sig.c: Remove hardcoded version checks in gnutls_sig.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_handshake.c: Remove hardcoded version checks in
	gnutls_handshake.c.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_algorithms.c: Add version check function for selectable
	signature/hash certificate algorithms.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_algorithms.c: Add version check functions for
	non-minimal padding.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Add version
	check function for explicit IV.

2009-08-01  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/gnutls_algorithms.h: Add version check functions for
	selectable PRF and extension handling.

2010-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/announce.txt, doc/gnutls.texi, doc/manpages/gnutls-cli.1,
	doc/manpages/gnutls-serv.1, lib/ext_safe_renegotiation.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_state.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn5.c, tests/safe-renegotiation/testsrn: 
	Splitted safe renegotiation capabilities to %SAFE_RENEGOTIATION: will enable safe renegotiation. This is the
	most secure and recommended option for clients. However this will
	prevent from connecting to legacy servers.  %PARTIAL_RENEGOTIATION: Prevents renegotiation with clients and
	servers not supporting the safe renegotiation extension. (this is
	the default) %UNSAFE_RENEGOTIATION: Permits (re-)handshakes even unsafe ones.

2010-05-31  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Minor fix.

2010-05-31  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, maint.mk: Update gnulib files.

2010-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: Documented the defaults.

2010-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: Added INITIAL_SAFE_RENEGOTIATION and other small
	updates.

2010-05-28  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Update.

2010-05-28  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/README: Add.

2010-05-28  Simon Josefsson <simon@josefsson.org>

	* .x-sc_prohibit_strings_without_use, build-aux/c++defs.h,
	build-aux/gendocs.sh, build-aux/gnupload, build-aux/vc-list-files,
	configure.ac, doc/gendocs_template, gl/Makefile.am, gl/error.c,
	gl/m4/asm-underscore.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
	gl/m4/stdio_h.m4, gl/m4/unistd_h.m4, m4/valgrind.m4 =>
	gl/m4/valgrind-tests.m4, gl/netdb.in.h, gl/stdio-write.c,
	gl/stdio.in.h, gl/tests/Makefile.am, gl/tests/init.sh,
	gl/tests/test-lseek.sh, gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-verify.sh, gl/tests/verify.h, gl/unistd.in.h,
	gl/vasnprintf.c, gl/wchar.in.h, gtk-doc.make,
	lib/build-aux/c++defs.h, lib/gl/Makefile.am,
	lib/gl/m4/asm-underscore.m4, lib/gl/m4/fcntl-o.m4,
	lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-common.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4, lib/gl/m4/intl.m4,
	lib/gl/m4/netdb_h.m4, lib/gl/m4/po.m4, lib/gl/m4/stdio_h.m4,
	lib/gl/m4/unistd_h.m4, lib/gl/netdb.in.h, lib/gl/stdio-write.c,
	lib/gl/stdio.in.h, lib/gl/tests/Makefile.am, lib/gl/tests/init.sh,
	lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
	lib/gl/tests/test-verify.sh, lib/gl/tests/verify.h,
	lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
	libextra/gl/m4/gnulib-common.m4, maint.mk: Update gnulib files, use
	valgrind-tests module, fix syntax-check problems.

2010-05-28  Simon Josefsson <simon@josefsson.org>

	* doc/announce.txt: Doc fix.

2010-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.h, lib/x509/privkey.c, lib/x509/sign.c,
	lib/x509/verify.c: Use correct hashing algorithms for DSA with q
	over 160 bits.

2010-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Better checks in loops.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl.c: Doc fix.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, gtk-doc.make, m4/gtk-doc.m4: Support
	GTK-DOC PDF file.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Also build PDF manual.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix node/section usage.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/srn5.c: Fix self test.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Readd lost fix from Nikos.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* lib/ext_safe_renegotiation.c: Readd lost fix from Nikos.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c, libextra/includes/gnutls/openssl.h,
	libextra/openssl_compat.c: Doc fixes.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Doc fix.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, NEWS, README, cfg.mk, configure.ac, doc/Makefile.am,
	doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
	doc/examples/Makefile.am, doc/examples/ex-client-srp.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, doc/gnutls.texi, doc/manpages/Makefile.am,
	doc/printlist.c, guile/Makefile.am, guile/modules/Makefile.am,
	guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/priorities.scm,
	guile/modules/gnutls/build/smobs.scm,
	guile/modules/gnutls/build/utils.scm,
	guile/modules/gnutls/extra.scm, guile/src/Makefile.am,
	guile/src/core.c, guile/src/errors.c, guile/src/errors.h,
	guile/src/extra.c, guile/src/make-enum-header.scm,
	guile/src/make-enum-map.scm, guile/src/make-session-priorities.scm,
	guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
	guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
	guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
	guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
	guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
	guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
	guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
	lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
	lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
	lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
	lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
	lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
	lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
	lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
	lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
	lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
	lib/ext_server_name.h, lib/ext_session_ticket.c,
	lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
	lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
	lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
	lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
	lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
	lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
	lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
	lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
	lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/includes/Makefile.am, lib/includes/gnutls/crypto.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/libgnutlsxx.map, lib/m4/hooks.m4,
	lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
	lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am,
	lib/openpgp/Makefile.am, lib/openpgp/compat.c,
	lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
	lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
	lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
	lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
	libextra/configure.ac, libextra/ext_inner_application.c,
	libextra/ext_inner_application.h, libextra/fipsmd5.c,
	libextra/gl/Makefile.am, libextra/gnutls_extra.c,
	libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
	libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
	libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
	libextra/m4/hooks.m4, libextra/openssl_compat.c,
	libextra/openssl_compat.h, src/Makefile.am, src/benchmark.c,
	src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
	src/crypt.c, src/list.h, src/prime.c, src/psk.c, src/serv.c,
	src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c,
	tests/certder.c, tests/certificate_set_x509_crl.c,
	tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
	tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
	tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
	tests/finished.c, tests/gc.c, tests/hostname-check.c,
	tests/init_roundtrip.c, tests/key-id/Makefile.am,
	tests/key-id/key-id, tests/mini-eagain.c,
	tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
	tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
	tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
	tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
	tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
	tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
	tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
	tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
	tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
	tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
	tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
	tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
	tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
	tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
	tests/rsa-md5-collision/Makefile.am,
	tests/rsa-md5-collision/rsa-md5-collision,
	tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
	tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
	tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
	tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
	tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
	tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
	tests/userid/userid, tests/utils.c, tests/utils.h,
	tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
	tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: 
	Change GNUTLS into GnuTLS.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* AUTHORS, ChangeLog.1, NEWS, README, README-alpha, THANKS,
	doc/gnutls.texi, doc/manpages/gnutls-cli-debug.1,
	doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
	doc/manpages/srptool.1, doc/reference/gnutls-docs.sgml,
	lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
	src/cli-gaa.c, src/cli.gaa, src/serv-gaa.c, src/serv.gaa,
	src/tls_test-gaa.c, src/tls_test.gaa: Change GNU TLS into GnuTLS.

2010-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c: Ignore
	parsing of ciphersuite or extensions when safe renegotiation is
	disabled.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/srn5.c: Add test of self renegotiation
	APIs.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/README, tests/safe-renegotiation/srn4.c: 
	Add more rengotiation self tests.

2010-05-22  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/README, tests/safe-renegotiation/srn0.c: 
	Add more safe renegotiation self test.

2010-05-21  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/announce.txt, doc/gnutls.texi,
	doc/manpages/Makefile.am, lib/ext_safe_renegotiation.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	tests/safe-renegotiation/srn2.c: Remove
	gnutls_safe_negotiation_set_initial and
	gnutls_safe_renegotiation_set.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Documented behavioral change.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_priority.c: Because we want to
	differentiate the behavior of server and client with regards to safe
	renegotiation. If a server didn't have either SAFE_RENEGOTIATION or
	UNSAFE_RENEGOTIATION set the safe renegotiation will be the default.
	This (as well as the safe_renegotiation_set flag) has to be removed
	once safe renegotiation is default in both server and client side.

2010-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: Emulate old gnutls behavior regarding safe
	renegotiation if the priority_* functions are not called.

2010-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h: Corrected typo. Reported by Clint
	Adams.

2010-05-03  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn3.c: 
	tests: Add srn3 to test inverse of what srn1 is testing.

2010-05-03  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/srn2.c: tests: Add another safe
	renegotiation self tests.

2010-05-03  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/srn1.c: Also test
	gnutls_safe_renegotiation_status API.

2010-05-03  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/srn1.c: tests: Add first self-test of safe
	renegotiation extension.

2010-05-03  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/mini-x509-rehandshake.c: tests: Add small
	X.509 rehandshake test.

2010-05-03  Simon Josefsson <simon@josefsson.org>

	* tests/mini-x509.c: Protect against infloops.

2010-05-03  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/mini-x509.c: tests: Add mini-x509
	self-test.

2010-04-30  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Improve text, based on suggestions from Tomas
	Hoger <thoger@redhat.com>.

2010-04-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Fix typo.

2010-04-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Improve renegotiation debug messages.

2010-04-29  Simon Josefsson <simon@josefsson.org>

	* doc/announce.txt: Add.

2010-04-29  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Add.

2010-04-29  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add section on safe renegotiation.

2010-04-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_record.c: Remove debug code.

2010-04-25  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Mention shared library map file and GTK-DOC
	guidelines.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* doc/announce.txt: Update URL.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Update my OpenPGP key.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* doc/announce.txt: Update my key.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* doc/announcement-template.txt: Remove.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* doc/ANNOUNCE, doc/announce.txt: Prepare 2.10.0 release notes.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add 2.8.x NEWS entries.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* libextra/configure.ac: Also bump libgnutls-extra version.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4: Bump
	versions.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh: Chmod +x.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2010-04-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.10.

2010-04-21  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
	lib/minitasn1/decoding.c, lib/minitasn1/element.h,
	lib/minitasn1/gstr.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.h, lib/minitasn1/version.c: Upgrade to
	libtasn1 version 2.6.

2010-04-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/ioctl.m4,
	gl/m4/netdb_h.m4, gl/stdbool.in.h, gl/tests/test-lseek.sh,
	gl/tests/test-select-in.sh, gl/tests/test-stdbool.c,
	gl/tests/test-stdint.c, lib/gl/Makefile.am, lib/gl/m4/netdb_h.m4,
	lib/gl/m4/visibility.m4, lib/gl/stdbool.in.h,
	lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stdint.c,
	lib/gl/tests/test-vasprintf.c, maint.mk: Update gnulib files.

2010-04-21  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Structure fork check together.

2010-04-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Fix compiler warning.

2010-04-15  Simon Josefsson <simon@josefsson.org>

	* gl/override/top/maint.mk.diff, libextra/gl/hmac-md5.c,
	libextra/gl/md5.c, maint.mk: Update gnulib files.

2010-04-15  Simon Josefsson <simon@josefsson.org>

	* lib/crypto-api.c, lib/gnutls_priority.c: Indent code.

2010-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c, lib/includes/gnutls/crypto.h: Use size_t instead
	of int for input variables that represent sizes.

2010-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Free the priority structure on error.
	Reported by Paul Aurich.

2010-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: The string is colon separated. Reported by
	Paul Aurich.

2010-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Fix indent bug.

2010-04-14  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, doc/examples/examples.h, guile/src/errors.h,
	guile/src/utils.h, lib/auth_cert.h, lib/auth_dh_common.h,
	lib/crypto.h, lib/ext_oprfi.h, lib/ext_safe_renegotiation.h,
	lib/ext_session_ticket.h, lib/ext_signature.h,
	lib/gnutls_algorithms.h, lib/gnutls_cipher_int.h,
	lib/gnutls_compress.h, lib/gnutls_cryptodev.h, lib/gnutls_errors.h,
	lib/gnutls_extensions.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_mpi.h, lib/gnutls_pk.h, lib/gnutls_sig.h,
	lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.h,
	lib/gnutls_supplemental.h, lib/includes/gnutls/crypto.h,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
	lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/keydb.h,
	lib/opencdk/main.h, lib/opencdk/opencdk.h, lib/opencdk/packet.h,
	lib/opencdk/stream.h, lib/opencdk/types.h,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
	lib/x509/pbkdf2-sha1.h, lib/x509/x509_int.h,
	libextra/includes/gnutls/extra.h,
	libextra/includes/gnutls/openssl.h, src/certtool-cfg.h,
	src/certtool-common.h, src/common.h: More indentation.

2010-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-04-14  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2010-04-14  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-tlsia.c, doc/examples/ex-verify.c,
	doc/examples/ex-x509-info.c, lib/auth_cert.c, lib/auth_rsa.c,
	lib/ext_cert_type.c, lib/ext_max_record.c, lib/ext_oprfi.c,
	lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
	lib/ext_session_ticket.c, lib/ext_signature.c,
	lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
	lib/gnutls_constate.c, lib/gnutls_extensions.c,
	lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_kx.c,
	lib/gnutls_priority.c, lib/gnutls_record.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
	lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
	lib/minitasn1/decoding.c, lib/opencdk/read-packet.c,
	lib/opencdk/sig-check.c, lib/x509/pkcs12.c, lib/x509/verify.c,
	libextra/gl/hmac-md5.c, libextra/gl/md5.c, src/benchmark.c,
	src/certtool.c, src/cli.c, src/serv.c, src/tests.c, src/tls_test.c,
	tests/anonself.c, tests/certder.c, tests/chainverify.c,
	tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
	tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/finished.c,
	tests/gc.c, tests/hostname-check.c, tests/init_roundtrip.c,
	tests/mini-eagain.c, tests/mini.c, tests/netconf-psk.c,
	tests/nul-in-x509-names.c, tests/openpgp-keyring.c,
	tests/openpgpself.c, tests/parse_ca.c, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
	tests/resume.c, tests/set_pkcs12_cred.c, tests/simple.c,
	tests/tlsia.c, tests/utils.c, tests/x509_altname.c, tests/x509dn.c,
	tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: 
	Indent code.

2010-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/crypto-api.c, lib/ext_safe_renegotiation.c,
	lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/libgnutls.map,
	lib/x509/x509.c: Export new ABIs.  Doc fixes for new APIs.

2010-04-14  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/Makefile.am: Disable self-test
	temporarily until we make it work cross-platform.

2010-04-13  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/ext_safe_renegotiation.c, lib/gnutls_algorithms.c,
	lib/includes/gnutls/gnutls.h.in: Doc fixes.

2010-04-13  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, src/certtool-gaa.c: Generated.

2010-04-13  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore c++defs.h.

2010-04-13  Simon Josefsson <simon@josefsson.org>

	* .x-sc_prohibit_empty_lines_at_EOF, GNUmakefile,
	build-aux/c++defs.h, build-aux/warn-on-use.h, doc/certtool.cfg,
	doc/credentials/gnutls-http-serv, doc/credentials/params.pem,
	doc/credentials/x509/Makefile.am, doc/credentials/x509/cert.pem,
	doc/credentials/x509/clicert-dsa.pem, gl/Makefile.am, gl/fseeko.c,
	gl/m4/fseeko.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
	gl/m4/lib-link.m4, gl/m4/memchr.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/string_h.m4, gl/m4/time_h.m4,
	gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/stdio-impl.h,
	gl/stdio.in.h, gl/stdlib.in.h, gl/string.in.h, gl/sys_socket.in.h,
	gl/sys_stat.in.h, gl/sys_time.in.h, gl/tests/Makefile.am,
	gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
	gl/tests/test-vasnprintf.c, gl/time.in.h, gl/unistd.in.h,
	gl/vasnprintf.c, gl/wchar.in.h, guile/modules/gnutls/extra.scm,
	guile/tests/x509-auth.scm, guile/tests/x509-certificate.pem,
	lib/build-aux/c++defs.h, lib/build-aux/warn-on-use.h,
	lib/ext_cert_type.h, lib/gl/Makefile.am, lib/gl/fseeko.c,
	lib/gl/m4/fseeko.m4, lib/gl/m4/gnulib-common.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/lib-link.m4,
	lib/gl/m4/memchr.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
	lib/gl/m4/string_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
	lib/gl/m4/time_r.m4, lib/gl/m4/unistd_h.m4,
	lib/gl/m4/vasnprintf.m4, lib/gl/stdio-impl.h, lib/gl/stdio.in.h,
	lib/gl/stdlib.in.h, lib/gl/string.in.h, lib/gl/sys_socket.in.h,
	lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
	lib/gl/tests/test-vasnprintf.c, lib/gl/time.in.h, lib/gl/time_r.c,
	lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
	lib/minitasn1/Makefile.am, lib/minitasn1/README,
	lib/opencdk/keydb.h, lib/opencdk/packet.h,
	libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4,
	libextra/gl/m4/lib-link.m4, maint.mk, src/certtool.gaa,
	src/cfg/Makefile.am, src/crypt.gaa, src/tls_test.gaa,
	tests/key-id/ca-gnutls-keyid.pem, tests/key-id/ca-no-keyid.pem,
	tests/key-id/ca-weird-keyid.pem,
	tests/pkcs1-padding/pkcs1-pad-broken.pem,
	tests/pkcs1-padding/pkcs1-pad-broken2.pem,
	tests/pkcs1-padding/pkcs1-pad-broken3.pem,
	tests/pkcs1-padding/pkcs1-pad-ok.pem,
	tests/pkcs1-padding/pkcs1-pad-ok2.pem,
	tests/safe-renegotiation/Makefile.am, tests/test25.pem: Update
	gnulib files, fix syntax-check warnings.

2010-03-31  Simon Josefsson <simon@josefsson.org>

	* .gitignore, gl/m4/wchar_h.m4, lib/gl/m4/wchar_h.m4: Add forgotten
	gnulib files, and fix .gitignore.

2010-03-31  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-03-31  Simon Josefsson <simon@josefsson.org>

	* lib/po/LINGUAS, lib/po/it.po.in, lib/po/nl.po.in: Sync with TP.

2010-03-31  Simon Josefsson <simon@josefsson.org>

	* .x-sc_program_name, .x-sc_the_the, cfg.mk,
	lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
	lib/m4/hooks.m4, lib/opencdk/sig-check.c, src/certtool.c,
	src/serv.c, tests/dn.c, tests/mini.c: Update gnulib files.  Fix
	syntax-check warnings.

2010-03-31  Simon Josefsson <simon@josefsson.org>

	* build-aux/c++defs.h, build-aux/vc-list-files,
	build-aux/warn-on-use.h, gl/Makefile.am, gl/accept.c,
	gl/arpa_inet.in.h, gl/bind.c, gl/connect.c, gl/getaddrinfo.c,
	gl/gettext.h, gl/gettimeofday.c, gl/m4/arpa_inet_h.m4,
	gl/m4/getaddrinfo.m4, gl/m4/gettimeofday.m4,
	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
	gl/m4/inet_pton.m4, gl/m4/lseek.m4, gl/m4/netdb_h.m4,
	gl/m4/stddef_h.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
	gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4,
	gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
	gl/m4/time_h.m4, gl/m4/unistd_h.m4, gl/m4/warn-on-use.m4,
	gl/m4/wchar.m4, gl/netdb.in.h, gl/netinet_in.in.h, gl/recv.c,
	gl/select.c, gl/send.c, gl/stdint.in.h, gl/stdio.in.h,
	gl/stdlib.in.h, gl/string.in.h, gl/sys_select.in.h,
	gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/tests/Makefile.am, gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
	gl/tests/test-vc-list-files-git.sh, gl/time.in.h, gl/unistd.in.h,
	gl/wchar.in.h, lib/build-aux/c++defs.h,
	lib/build-aux/warn-on-use.h, lib/gl/Makefile.am, lib/gl/gettext.h,
	lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
	lib/gl/m4/intldir.m4, lib/gl/m4/lseek.m4, lib/gl/m4/netdb_h.m4,
	lib/gl/m4/printf-posix.m4, lib/gl/m4/stddef_h.m4,
	lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4, lib/gl/m4/string_h.m4,
	lib/gl/m4/strings_h.m4, lib/gl/m4/sys_socket_h.m4,
	lib/gl/m4/sys_stat_h.m4, lib/gl/m4/time_h.m4,
	lib/gl/m4/unistd_h.m4, lib/gl/m4/visibility.m4,
	lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar.m4, lib/gl/netdb.in.h,
	lib/gl/stdint.in.h, lib/gl/stdio.in.h, lib/gl/stdlib.in.h,
	lib/gl/string.in.h, lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
	lib/gl/tests/Makefile.am, lib/gl/time.in.h, lib/gl/unistd.in.h,
	lib/gl/wchar.in.h, libextra/gl/m4/gnulib-common.m4,
	libextra/gl/m4/gnulib-comp.m4, maint.mk: Update gnulib files.

2010-03-30  Simon Josefsson <simon@josefsson.org>

	* m4/valgrind.m4: Check for what we use.  Bump serial.

2010-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/valgrind.m4, tests/Makefile.am: Valgrind -q is now set by the
	valgrind detection script to avoid issue when running tests without
	valgrind.

2010-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: increased small value for certificates. Typical
	certificates are much longer than that.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, tests/Makefile.am, tests/anonself.c,
	tests/certder.c, tests/chainverify.c, tests/crq_apis.c,
	tests/crq_key_id.c, tests/cve-2009-1415.c, tests/dhepskself.c,
	tests/dn.c, tests/dn2.c, tests/finished.c, tests/gc.c,
	tests/hostname-check.c, tests/init_roundtrip.c,
	tests/mini-eagain.c, tests/mini.c, tests/moredn.c, tests/mpi.c,
	tests/netconf-psk.c, tests/nul-in-x509-names.c,
	tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
	tests/parse_ca.c, tests/pkcs12_encode.c, tests/pkcs12_s2k.c,
	tests/pskself.c, tests/resume.c, tests/set_pkcs12_cred.c,
	tests/sha2/sha2, tests/simple.c, tests/tlsia.c,
	tests/x509_altname.c, tests/x509dn.c, tests/x509self.c,
	tests/x509sign-verify.c, tests/x509signself.c: Reduced several
	unneeded messages during the make check procedure.  Verbose messages
	can be obtained with --verbose.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: use mv -f to avoid interactiveness.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dn2.c: Modified to account for postalcode.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: added news entry for postalcode.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/common.c: Display postalCode and Name X.509 DN attributes
	correctly.  Based on patch by Pavan Konjarla.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/includes/gnutls/gnutls.h.in, src/serv-gaa.c, src/serv.gaa: Each
	ciphersuite is now tight with a minimum TLS version and a maximum
	one. It is valid if it is between (and including) those. This was
	added to deprecate TLS_RSA_EXPORT_WITH_RC4_40_MD5 which is not
	available with TLS 1.1. Reported by Adrian F. Dimcev.

2010-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: Ignore more files.

2010-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_alert.c,
	lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, src/cli.c: Added
	gnutls_certificate_set_verify_function() to allow checking
	(verifying) certificate before the handshake is completed.

2010-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-rfc2818.c, doc/examples/ex-verify.c: Use the flags
	for expiration instead of getting the time of each certificate.

2010-03-17  Simon Josefsson <simon@josefsson.org>

	* README-alpha: Mention datefudge.

2010-03-17  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-padding/pkcs1-pad: Skip test if datefudge is not
	available.

2010-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: INITIAL_SAFE_RENEGOTIATION implies
	SAFE_RENEGOTIATION.

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/gnutls.h.in: Added missing prototype.

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/safe-renegotiation/testsrn: made SAFE_RENEGOTIATION flags
	explicit.

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c, src/certtool.c: gnutls_x509_crt_verify() and
	gnutls_x509_crt_list_verify() behave identically.  That means that
	gnutls_x509_crt_verify() will now check dates as well.  Certool --verify-chain will use the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
	flag to gnutls_x509_crt_verify() to force verification even if
	certificates are the same.  The only exception is at the final
	certificate (self-checking) where the extra flag
	GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is specified to allow for v1 CA
	certificates.

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: Handle dates before 1-1-1970 (handle as being
	equal to 1-1-1970).

2010-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs1-padding/pkcs1-pad: Fail if required programs are not
	found.

2010-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
	lib/ext_safe_renegotiation.c, lib/gnutls_priority.c,
	lib/gnutls_record.c: Safe renegotiation is not enabled by default in
	client side.

2010-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/gnutls-cli.1, lib/gnutls_priority.c: better
	documentation for %INITIAL_SAFE_RENEGOTIATION

2010-03-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2010-03-15  Simon Josefsson <simon@josefsson.org>

	* tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs: 
	Rewrite tests/openpgp-certs/testselfsigs portably for Solaris.  Fix
	EXTRA_DIST.

2010-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/safe-renegotiation/testsrn: localhost -> 127.0.0.1 to work
	in places where localhost does not resolve.

2010-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: Extended time
	verification to trusted certificate list as well. Introduced the
	flag GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS that will prevent the
	trusted certificate list verification.

2010-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: Added tests for safe
	renegotiation. Removed old tests for obsolete features (lzo) and
	tests that were not actually working (srp).

2010-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in,
	tests/safe-renegotiation/testsrn: Extension generation in SSL 3.0
	(as a reply to SCSV) is not using common code with normal extension
	generation. Solve issue reported by Tomas Mraz that caused SSL 3.0
	renegotiation fail.

2010-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: Removed artificial constrained that prevented
	end-user certificates, being added to the trusted list, treated as
	trusted. Suggestion and patch by Tomas Mraz.

2010-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/gnutls-cli.1: Documented that
	initial_safe_renegotiation is the default.

2010-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: gnutls-serv will terminate connection on rehandshake
	errors.

2010-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_handshake.c,
	lib/includes/gnutls/gnutls.h.in: Avoid sending alerts during
	handshake. Alerts might be interrupted and return a non-fatal error
	which will propagate and in many cases it shouldn't.  Avoid sending no renegotiation alert when a client connects to an
	unsafe server. Thanks to Tomas Hoger for the report.

2010-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: On handshake error send appropriate alert and terminate
	stream.

2010-02-18  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Add id's to chapters.

2010-02-18  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Update.

2010-02-18  Simon Josefsson <simon@josefsson.org>

	* lib/po/zh_CN.po: Remove.

2010-02-18  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Fix -lrt usage.

2010-02-18  Simon Josefsson <simon@josefsson.org>

	* src/benchmark.c: Use gnulib gettime module.  Indent.

2010-02-18  Simon Josefsson <simon@josefsson.org>

	* lib/po/zh_CN.po: Add.

2010-02-18  Simon Josefsson <simon@josefsson.org>

	* lib/gl/netdb.in.h: Update gnulib files.

2010-02-18  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gettime.c, gl/{tests => }/gettimeofday.c,
	gl/m4/clock_time.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/timespec.m4, gl/netdb.in.h,
	gl/tests/Makefile.am, gl/timespec.h: Update gnulib files.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/cryptodev.c: Indent.  Don't include fcntl.h and sys/ioctl.h on
	(for example) Windows.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/testsrn: Fix objdir != srcdir.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* tests/safe-renegotiation/testsrn: Drop bashism.  Make it work on
	Windows.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml,
	lib/ext_safe_renegotiation.c, lib/ext_signature.c,
	lib/gnutls_supplemental.c: More GTK-DOC fixes.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_db.c: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/gnutls_openpgp.c: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Fix enum doc.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: More enum docs.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/crypto.h: More enum documentation.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_ia.c: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/x509.h: More enum documentation.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* libextra/includes/gnutls/extra.h: Document more.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/openpgp.h: Document more.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/pkcs12.h: Document enum.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: More enum.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Fix typo.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: More GTK-DOC documentation.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Improve GTK-DOC coverage.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/crypto.h: Fix comments, for GTK-DOC.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore more headers.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl.c: Doc fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/crypto.h: Fix for GTK-DOC parse breakage.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore gnutlsxx.h too, GTK-DOC doesn't
	handle C++.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Need crypto.h too.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Improve header ignores.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/errors.c,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c: Upgrade to libtasn1 2.5 snapshot, for
	GTK-DOC comments.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/openpgp.h: Another GTK-DOC fix.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c,
	lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
	lib/ext_signature.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_compress.c, lib/gnutls_db.c,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_priority.c,
	lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
	lib/gnutls_rsa_export.c, lib/gnutls_session.c, lib/gnutls_srp.c,
	lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_ui.c,
	lib/gnutls_x509.c, lib/includes/gnutls/crypto.h,
	lib/opencdk/stream.c, lib/openpgp/compat.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
	lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
	lib/x509/common.c, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/output.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_write.c, lib/x509_b64.c, libextra/gnutls_extra.c,
	libextra/gnutls_ia.c, libextra/openssl_compat.c: Fix GTK-DOC syntax.
	Unfortunately this looses some information.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/auth_srp_sb64.c, lib/crypto-api.c,
	lib/ext_safe_renegotiation.c, lib/gnutls_anon_cred.c,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_db.c,
	lib/gnutls_dh.c, lib/gnutls_handshake.c, lib/gnutls_mem.c,
	lib/gnutls_priority.c, lib/gnutls_psk.c, lib/gnutls_record.c,
	lib/gnutls_session.c, lib/gnutls_srp.c, lib/gnutls_state.c,
	lib/gnutls_x509.c, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/sign.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
	libextra/openssl_compat.c: Align indentation of GTK-DOC comments.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/po/vi.po.in: Sync with TP.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Silence gnulib warning about fseek.

2010-02-17  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, build-aux/gnupload, gl/Makefile.am,
	gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gettimeofday.m4,
	gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4, gl/m4/sys_time_h.m4,
	gl/netdb.in.h, gl/stdio.in.h, gl/sys_time.in.h,
	gl/tests/test-getdelim.c, gl/tests/test-getline.c,
	gl/tests/test-gettimeofday.c, lib/gl/Makefile.am,
	lib/gl/m4/stdio_h.m4, lib/gl/netdb.in.h, lib/gl/stdio.in.h,
	maint.mk: Update gnulib files.

2010-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session_pack.c: Corrected calculation of session data
	for PSK ciphersuites. Solves issue #107256 reported by Wolfgang
	Glas.

2010-02-03  Simon Josefsson <simon@josefsson.org>

	* doc/ANNOUNCE: Add announcement message.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* lib/po/LINGUAS, lib/po/cs.po.in, lib/po/de.po.in,
	lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
	lib/po/sv.po.in, lib/po/zh_CN.po.in: Sync with TP.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* build-aux/gnupload, doc/gendocs_template,
	gl/tests/test-gettimeofday.c, gl/tests/test-memchr.c,
	gl/tests/test-read-file.c, gl/tests/test-sockets.c,
	lib/gl/tests/test-memchr.c, lib/gl/tests/test-read-file.c,
	lib/gl/tests/test-sockets.c: Update gnulib files.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/errors.c,
	lib/minitasn1/gstr.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c: Use libtasn1 v2.4.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.pc.in: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* .clcopying: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* tests/key-id/README, tests/libgcrypt.supp,
	tests/rsa-md5-collision/Makefile.am,
	tests/rsa-md5-collision/README, tests/rsa-md5-collision/mbox,
	tests/userid/userid.pem: License fix.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* ChangeLog, cfg.mk, configure.ac, doc/Makefile.am,
	doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
	doc/examples/Makefile.am, doc/extract-guile-c-doc.scm,
	doc/gendocs_template, doc/manpages/Makefile.am, doc/printlist.c,
	gl/gnulib.mk, gl/m4/onceonly_2_57.m4, gl/tests/gnulib.mk,
	guile/Makefile.am, guile/modules/Makefile.am,
	guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/priorities.scm,
	guile/modules/gnutls/build/smobs.scm,
	guile/modules/gnutls/build/utils.scm,
	guile/modules/gnutls/extra.scm,
	guile/modules/system/documentation/c-snarf.scm,
	guile/modules/system/documentation/output.scm,
	guile/pre-inst-guile.in, guile/src/Makefile.am, guile/src/core.c,
	guile/src/errors.c, guile/src/errors.h, guile/src/extra.c,
	guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
	guile/src/make-session-priorities.scm,
	guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
	guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
	guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
	guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
	guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
	guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
	guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
	lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
	lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
	lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
	lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
	lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
	lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
	lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
	lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
	lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
	lib/ext_server_name.h, lib/ext_session_ticket.c,
	lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
	lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
	lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
	lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
	lib/gnutls_session.c, lib/gnutls_session_pack.c,
	lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
	lib/m4/hooks.m4, lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
	lib/minitasn1/gstr.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
	lib/opencdk/Makefile.am, lib/opencdk/armor.c,
	lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
	lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
	lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/verify.c,
	lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
	lib/openpgp/compat.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
	lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
	lib/pk-libgcrypt.c, lib/po/cs.po.in, lib/po/de.po.in,
	lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
	lib/po/sv.po.in, lib/random.c, lib/random.h, lib/rnd-libgcrypt.c,
	lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
	lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
	lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
	libextra/configure.ac, libextra/ext_inner_application.c,
	libextra/ext_inner_application.h, libextra/fipsmd5.c,
	libextra/gl/Makefile.am, libextra/gnutls-extra.pc.in,
	libextra/gnutls_extra.c, libextra/gnutls_ia.c,
	libextra/gnutls_openssl.c, libextra/includes/Makefile.am,
	libextra/includes/gnutls/extra.h,
	libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
	libextra/m4/hooks.m4, libextra/openssl_compat.c,
	libextra/openssl_compat.h, m4/guile.m4, m4/valgrind.m4,
	src/Makefile.am, src/common.c, src/serv.c, tests/Makefile.am,
	tests/anonself.c, tests/certder.c,
	tests/certificate_set_x509_crl.c, tests/chainverify.c,
	tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
	tests/cve-2008-4989.c, tests/cve-2009-1415.c,
	tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
	tests/finished.c, tests/gc.c, tests/hostname-check.c,
	tests/init_roundtrip.c, tests/key-id/Makefile.am,
	tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
	tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
	tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
	tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
	tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
	tests/openpgp-certs/Makefile.am, tests/openpgp-keyring.c,
	tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
	tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
	tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
	tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
	tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
	tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
	tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
	tests/rsa-md5-collision/Makefile.am,
	tests/rsa-md5-collision/rsa-md5-collision, tests/set_pkcs12_cred.c,
	tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
	tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
	tests/userid/userid, tests/utils.c, tests/utils.h,
	tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
	tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: 
	Update copyright years.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* README: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* README-alpha: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* src/crypt.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* src/tls_test.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* src/tests.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* src/psk.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* src/prime.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* src/certtool-cfg.c: Fix copyright/license.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* src/benchmark.c: Indent and fix copyright notices.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* build-aux/gnupload, gl/tests/test-gettimeofday.c,
	gl/tests/test-memchr.c, gl/tests/test-read-file.c,
	gl/tests/test-sockets.c, lib/gl/tests/test-memchr.c,
	lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c: Update
	gnulib files.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* ChangeLog, ChangeLog.1, THANKS, build-aux/gnupload, cfg.mk,
	doc/Makefile.am, doc/credentials/Makefile.am,
	doc/cyclo/Makefile.am, doc/errcodes.c, doc/examples/Makefile.am,
	doc/extract-guile-c-doc.scm, doc/manpages/Makefile.am,
	doc/printlist.c, gl/tests/test-gettimeofday.c,
	gl/tests/test-memchr.c, gl/tests/test-read-file.c,
	gl/tests/test-sockets.c, guile/Makefile.am,
	guile/modules/Makefile.am, guile/modules/gnutls.scm,
	guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/priorities.scm,
	guile/modules/gnutls/build/smobs.scm,
	guile/modules/gnutls/build/utils.scm,
	guile/modules/gnutls/extra.scm,
	guile/modules/system/documentation/c-snarf.scm,
	guile/modules/system/documentation/output.scm,
	guile/pre-inst-guile.in, guile/src/errors.h,
	guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
	guile/src/make-session-priorities.scm,
	guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
	guile/src/utils.h, guile/tests/anonymous-auth.scm,
	guile/tests/errors.scm, guile/tests/openpgp-auth.scm,
	guile/tests/openpgp-keyring.scm, guile/tests/openpgp-keys.scm,
	guile/tests/pkcs-import-export.scm,
	guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
	guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
	lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
	lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
	lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
	lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/crypto-api.c,
	lib/crypto.c, lib/crypto.h, lib/cryptodev.c, lib/debug.c,
	lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
	lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
	lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
	lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
	lib/ext_server_name.h, lib/ext_session_ticket.c,
	lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
	lib/ext_srp.c, lib/ext_srp.h, lib/gl/tests/test-memchr.c,
	lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c,
	lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
	lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
	lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
	lib/gnutls_session.c, lib/gnutls_session_pack.c,
	lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
	lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
	lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/gstr.c,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
	lib/opencdk/Makefile.am, lib/opencdk/hash.c,
	lib/openpgp/Makefile.am, lib/openpgp/compat.c,
	lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
	lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
	lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
	libextra/ext_inner_application.c, libextra/ext_inner_application.h,
	libextra/fipsmd5.c, libextra/gl/Makefile.am,
	libextra/gnutls-extra.pc.in, libextra/gnutls_extra.c,
	libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
	libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
	libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
	libextra/openssl_compat.c, libextra/openssl_compat.h,
	src/Makefile.am, src/benchmark.c, src/certtool-cfg.c,
	src/certtool.c, src/common.c, src/crypt.c, src/prime.c, src/psk.c,
	src/serv.c, src/tests.c, src/tls_test.c, tests/Makefile.am,
	tests/anonself.c, tests/certder.c, tests/chainverify.c,
	tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
	tests/cve-2008-4989.c, tests/cve-2009-1415.c,
	tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
	tests/finished.c, tests/gc.c, tests/hostname-check.c,
	tests/init_roundtrip.c, tests/key-id/Makefile.am,
	tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
	tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
	tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
	tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
	tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
	tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
	tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
	tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
	tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
	tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
	tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
	tests/pkcs12_encode.c, tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
	tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
	tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
	tests/rsa-md5-collision/Makefile.am,
	tests/rsa-md5-collision/rsa-md5-collision,
	tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
	tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
	tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
	tests/userid/userid, tests/utils.c, tests/utils.h,
	tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
	tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: Fix
	FSF copyright notices.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* THANKS, doc/gnutls.texi: doc: Fix pkg-config recommendation.  Reported by Claudio Saavedra <csaavedra@igalia.com> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4095>.

2010-01-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, src/cli.c: gnutls-cli: Handle reading binary data
	from server.  Reported by and tiny patch from Vitaly Mayatskikh
	<v.mayatskih@gmail.com> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>.

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* build-aux/update-copyright, gl/Makefile.am,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
	gl/tests/test-update-copyright.sh: Update gnulib files.

2010-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs,
	tests/safe-renegotiation/testsrn: Added copyright notices!

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am: Generated.

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Improve.

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore more.

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* .gitignore, lib/gl/m4/warn-on-use.m4: Update gnulib files.

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* gl/m4/warn-on-use.m4, lib/build-aux/arg-nonnull.h,
	lib/build-aux/warn-on-use.h: Update gnulib files.

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Fix.

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* lib/gl/tests/macros.h, lib/gl/tests/signature.h: Update gnulib
	files.

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Fix

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* gl/tests/macros.h, gl/tests/signature.h,
	gl/tests/test-sys_ioctl.c: Update gnulib files.

2010-01-26  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, build-aux/arg-nonnull.h, build-aux/config.rpath,
	build-aux/gendocs.sh, build-aux/gnupload, build-aux/link-warning.h,
	build-aux/pmccabe2html, build-aux/useless-if-before-free,
	build-aux/vc-list-files, build-aux/warn-on-use.h, gl/Makefile.am,
	gl/accept.c, gl/alignof.h, gl/alloca.c, gl/alloca.in.h,
	gl/arpa_inet.in.h, gl/asnprintf.c, gl/bind.c, gl/c-ctype.c,
	gl/c-ctype.h, gl/close-hook.c, gl/close-hook.h, gl/close.c,
	gl/connect.c, gl/errno.in.h, gl/error.c, gl/error.h, gl/fclose.c,
	gl/float+.h, gl/float.in.h, gl/fseeko.c, gl/gai_strerror.c,
	gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/getpass.c,
	gl/getpass.h, gl/gettext.h, gl/inet_ntop.c, gl/inet_pton.c,
	gl/intprops.h, gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
	gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/autobuild.m4,
	gl/m4/close.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
	gl/m4/extensions.m4, gl/m4/fclose.m4, gl/m4/float_h.m4,
	gl/m4/fseeko.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gettimeofday.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
	gl/m4/include_next.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
	gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4, gl/m4/lib-ld.m4,
	gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/longlong.m4,
	gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
	gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
	gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
	gl/m4/perror.m4, gl/m4/printf.m4, gl/m4/read-file.m4,
	gl/m4/readline.m4, gl/m4/realloc.m4, gl/m4/select.m4,
	gl/m4/servent.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
	gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
	gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/strerror.m4, gl/m4/string_h.m4,
	gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
	gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
	gl/m4/version-etc.m4, gl/m4/warnings.m4, gl/m4/wchar.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/memchr.c,
	gl/minmax.h, gl/netdb.in.h, gl/netinet_in.in.h,
	gl/override/lib/gettext.h.diff, gl/perror.c, gl/printf-args.c,
	gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
	gl/progname.c, gl/progname.h, gl/read-file.c, gl/read-file.h,
	gl/readline.c, gl/readline.h, gl/realloc.c, gl/recv.c, gl/select.c,
	gl/send.c, gl/setsockopt.c, gl/shutdown.c, gl/size_max.h,
	gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
	gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
	gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h, gl/stdlib.in.h,
	gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
	gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
	gl/tests/Makefile.am, gl/tests/dummy.c, gl/tests/gettimeofday.c,
	gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h, gl/tests/test-alignof.c,
	gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
	gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
	gl/tests/test-fseeko.c, gl/tests/test-getaddrinfo.c,
	gl/tests/test-getdelim.c, gl/tests/test-getline.c,
	gl/tests/test-gettimeofday.c, gl/tests/test-inet_ntop.c,
	gl/tests/test-inet_pton.c, gl/tests/test-lseek.c,
	gl/tests/test-memchr.c, gl/tests/test-netdb.c,
	gl/tests/test-netinet_in.c, gl/tests/test-perror.c,
	gl/tests/test-read-file.c, gl/tests/test-select-fd.c,
	gl/tests/test-select-stdin.c, gl/tests/test-select.c,
	gl/tests/test-snprintf.c, gl/tests/test-stdbool.c,
	gl/tests/test-stddef.c, gl/tests/test-stdint.c,
	gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
	gl/tests/test-strerror.c, gl/tests/test-string.c,
	gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
	gl/tests/test-time.c, gl/tests/test-unistd.c,
	gl/tests/test-vasnprintf.c, gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-version-etc.c,
	gl/tests/test-version-etc.sh, gl/tests/test-wchar.c,
	gl/tests/verify.h, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
	gl/time.in.h, gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h,
	gl/version-etc-fsf.c, gl/version-etc.c, gl/version-etc.h,
	gl/w32sock.h, gl/wchar.in.h, gl/xsize.h,
	lib/build-aux/config.rpath, lib/build-aux/link-warning.h,
	lib/gl/Makefile.am, lib/gl/alignof.h, lib/gl/alloca.in.h,
	lib/gl/asnprintf.c, lib/gl/asprintf.c, lib/gl/byteswap.in.h,
	lib/gl/c-ctype.c, lib/gl/c-ctype.h, lib/gl/close-hook.c,
	lib/gl/close-hook.h, lib/gl/errno.in.h, lib/gl/float+.h,
	lib/gl/float.in.h, lib/gl/fseeko.c, lib/gl/gettext.h,
	lib/gl/lseek.c, lib/gl/m4/00gnulib.m4, lib/gl/m4/alloca.m4,
	lib/gl/m4/byteswap.m4, lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
	lib/gl/m4/extensions.m4, lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4,
	lib/gl/m4/func.m4, lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4,
	lib/gl/m4/glibc21.m4, lib/gl/m4/gnulib-cache.m4,
	lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
	lib/gl/m4/gnulib-tool.m4, lib/gl/m4/iconv.m4,
	lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
	lib/gl/m4/intldir.m4, lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
	lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
	lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
	lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
	lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
	lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
	lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
	lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
	lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
	lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
	lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
	lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
	lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
	lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4, lib/gl/m4/stdint.m4,
	lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
	lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
	lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
	lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
	lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
	lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
	lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
	lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
	lib/gl/m4/wchar.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
	lib/gl/m4/xsize.m4, lib/gl/memchr.c, lib/gl/memmem.c,
	lib/gl/minmax.h, lib/gl/netdb.in.h,
	lib/gl/override/lib/gettext.h.diff, lib/gl/printf-args.c,
	lib/gl/printf-args.h, lib/gl/printf-parse.c, lib/gl/printf-parse.h,
	lib/gl/read-file.c, lib/gl/read-file.h, lib/gl/realloc.c,
	lib/gl/size_max.h, lib/gl/snprintf.c, lib/gl/sockets.c,
	lib/gl/sockets.h, lib/gl/stdbool.in.h, lib/gl/stddef.in.h,
	lib/gl/stdint.in.h, lib/gl/stdio-impl.h, lib/gl/stdio-write.c,
	lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
	lib/gl/strcasecmp.c, lib/gl/string.in.h, lib/gl/strings.in.h,
	lib/gl/strncasecmp.c, lib/gl/strverscmp.c, lib/gl/sys_socket.in.h,
	lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
	lib/gl/tests/dummy.c, lib/gl/tests/intprops.h,
	lib/gl/tests/test-alloca-opt.c, lib/gl/tests/test-byteswap.c,
	lib/gl/tests/test-c-ctype.c, lib/gl/tests/test-errno.c,
	lib/gl/tests/test-fseeko.c, lib/gl/tests/test-func.c,
	lib/gl/tests/test-memchr.c, lib/gl/tests/test-netdb.c,
	lib/gl/tests/test-read-file.c, lib/gl/tests/test-snprintf.c,
	lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
	lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
	lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
	lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
	lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
	lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
	lib/gl/tests/test-vasnprintf.c, lib/gl/tests/test-vasprintf.c,
	lib/gl/tests/test-vsnprintf.c, lib/gl/tests/test-wchar.c,
	lib/gl/tests/verify.h, lib/gl/tests/zerosize-ptr.h,
	lib/gl/time.in.h, lib/gl/time_r.c, lib/gl/unistd.in.h,
	lib/gl/vasnprintf.c, lib/gl/vasnprintf.h, lib/gl/vasprintf.c,
	lib/gl/vsnprintf.c, lib/gl/w32sock.h, lib/gl/wchar.in.h,
	lib/gl/xsize.h, libextra/build-aux/config.rpath,
	libextra/gl/gnulib.mk, libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
	libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
	libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
	libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
	libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
	libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
	libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
	libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
	libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
	maint.mk: Update gnulib files.

2010-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Documented addition of new priority strings.

2010-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Documented Steve Dispensa's patch addition.

2010-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/safe-renegotiation/testsrn: Added tests for new behaviour of
	client.

2010-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Revert "Always allow initial negotiation.
	Disable subsequent unsafe renegotiations." This reverts commit
	1e4981cfbec360a19cfb7470ce96093aaa95b32e.  Ah, this was to twart the attack (description by Daniel Kahn
	Gilmor): The problem, as i understand it, is that the client is
	incapable of telling whether the plaintext prefix injection attack
	has already happened.  I don't think disabling renegotiation for the
	session resolves the problem.  For a server which does not announce and enforce safe renegotiation,
	what the client sees as an initial connection may unknowingly
	actually be renegotiating an existing session that was started by an
	attacker.  The concern isn't that the (legitimate) client will have their
	session re-negotiated by an attacker; it's that the MITM attacker
	can trick the server into viewing the client's initial
	authentication as a re-negotiation of a TLS session already
	underway.  for servers which do odd things like apply the credentials of the
	post-renegotiation client to the traffic that happened before the
	renegotiation (e.g. HTTPS, with client-side certificates required
	only for certain subdirectories), a safe-renegotiation-aware client
	*should* refuse to connect to servers which do not announce safe
	renegotiation if they want to resist this attack.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Added safe-renegotiation subdir.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_priority.c, tests/Makefile.am,
	tests/safe-renegotiation/Makefile.am,
	tests/safe-renegotiation/params.dh,
	tests/safe-renegotiation/testsrn: Added safe renegotiation test
	cases. Added priority string option to completely disable
	renegotiation to assist in testing more cases.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Added the
	--rehandshake option to gnutls-cli to allow connection and immediate
	rehandshake.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_safe_renegotiation.c: More carefull copying of data. Check
	for the malicious case where a server does initial unsafe
	negotiation and proceeds with a safe renegotiation.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Always allow initial negotiation. Disable
	subsequent unsafe renegotiations.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_state.c: Safe renegotiation variable
	cleanup. No longer clear variables that should stay across
	rehandshakes.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c, lib/gnutls_cipher_int.c: Documented the
	crypto-api functions and made the API tolerant to NULL IV.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Added documentation of rehandshake usage
	in gnutls if full-duplex capability is required.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: Reduced asserts to reduce unneeded
	printings.

2010-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: Removed rehandshake initiation capability
	from client and transferred it to the echo server. Once the server
	receives a string **REHANDSHAKE** will request a rehandshake.

2010-01-19  Steve Dispensa <dispensa@phonefactor.com>

	* lib/gnutls_handshake.c: Here is another patch that fixes an
	interoperability problem with safe renegotiation and resumption. In
	copying forward the safe renegotiation state across resumptions, I
	got a little carried away and copied too much data (new connections
	should start with empty RI data).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_oprfi.c, lib/ext_session_ticket.c, lib/gnutls_constate.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h: Modified extensions
	(session ticket, oprfi) to store internal data in gnutls internal
	structure and input data only in the security_parameters extension
	structure.  Session ticket extension will call the user supplied hello function
	on resumption.  (the current API to handle that is inexistant. To be revised)

2010-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_session_ticket.c, lib/gnutls_constate.c,
	lib/gnutls_int.h, lib/gnutls_session_pack.c: Further cleanup the
	extension internal structure. Now if values are not saved and
	restored when resumming they will be initialized to zero.

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
	tests/cve-2008-4989.c, tests/dn2.c, tests/finished.c, tests/mini.c,
	tests/pkcs12_s2k_pem.c, tests/tlsia.c, tests/x509sign-verify.c: 
	Tests compile with --enable-gcc-warnings.

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_safe_renegotiation.h, lib/gnutls_constate.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_state.c, tests/resume.c, tests/simple.c: Specify in
	detail what to be copied when resuming. It seems there are
	extensions (like safe renegotiation) that do not need to read the
	stored values. Moreover this might overcome any bugs by the
	extensions that used to store pointers in the extension structure.

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_safe_renegotiation.c: Initialize the default value to 0.
	It seemed to have default value of 0 when non resuming :)

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-tlsia.c, tests/utils.c: Removed warnings.

2010-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: Added -Wno-int-to-pointer-cast to enable compilation
	when enable-gcc-warnings is given.

2010-01-13  Steve Dispensa <dispensa@phonefactor.com>

	* lib/gnutls_handshake.c: Here are two more patches. The first adds
	support for renegotiation of resumption.  Also, I found a bug in my initial implementation - I was incorrectly
	sending the SCSV on all connections, not only those using SSLv3, as
	should have been the case.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1: 
	Documentation updates.

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: When denying an initial negotiation due to
	missing safe renegotiation extension reply with NO_RENEGOTIATION
	alert.

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_handshake.c,
	lib/includes/gnutls/gnutls.h.in, tests/resume.c: When resuming no
	extensions were parsed thus the safe renegotiation extension was
	ignored as well causing a false detection of unsafe session.
	Corrected by making a special class of extensions called RESUMED.
	Those are parsed even when resuming (normally we don't do it to
	prevent clients overwriting capabilities and credentials).

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
	lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in: Added Steve
	Dispensa's patch for safe renegotiation (with artistic changes).
	Effectively reverted my previous patch
	1a338cbaaeec11d958de8da4d1ae036979fccf3e.

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: Updated thanks file.

2010-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/opencdk/sig-check.c, src/certtool.c,
	tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs: 
	When checking self signature also check the signatures of all
	subkeys.  Ilari Liusvaara noticed and reported the issue and
	provided test vectors as well.  certtool --pgp-certificate-info will check self signatures.  Added self tests for self-sigs.

2010-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/gc.c: hash_fast -> hmac_fast

2010-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
	lib/Makefile.am, lib/ext_safe_renegotiation.c,
	lib/ext_safe_renegotiation.h, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, src/cli.c,
	src/serv.c: Added safe renegotiation patch from Steve Dispensa,
	modified to suit gnutls code style and error checking. Modified to
	conform to draft-ietf-tls-renegotiation-03.txt.  gnutls-cli will search input for **RENEGOTIATION** to perform a
	renegotiation and gnutls-serv will perform one if requested.

2010-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/mpi.c: Corrections for --disable-extra-pki configure flag
	to work. Patch by Bill Randle.

2010-01-04  Andreas Metzler <ametzler@downhill.at.eu.org>

	* ChangeLog, doc/certtool.cfg, doc/gnutls.texi, lib/gnutls_auth.c,
	lib/gnutls_priority.c, lib/gnutls_session.c, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c: Typo fixes: successful, precedence, preferred

2009-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cryptodev.c: define EALG_MAX_BLOCK_LEN if not there.

2009-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/fipsmd5.c: use C99 initializations

2009-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/compat.c, lib/crypto-api.c,
	lib/crypto.c, lib/crypto.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, libextra/fipsmd5.c, src/benchmark.c: Reverted all
	previous changes to combine hashes with MAC algorithms.  It is now
	permissible to register a hash algorithm separately from a MAC.

2009-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
	lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_constate.c, lib/gnutls_constate.h,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
	lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
	lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
	lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
	lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
	lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c: 
	Revert "Merged the two internal hash API functions, to simplify and
	reduce code." This reverts commit bc3e43d5f121e404aa32212dcfcc5027de807056.  Conflicts:         lib/crypto.c         lib/gnutls_cipher.c         lib/gnutls_hash_int.c         lib/gnutls_hash_int.h         lib/includes/gnutls/crypto.h         lib/mac-libgcrypt.c

2009-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
	lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Revert
	"Added plain MD5 hash check and corrected gnutls_hash_fast() usage
	in openssl.c" This reverts commit 54486afbfcf3398846d5c20d3094bdb7d0a43ff2.

2009-12-04  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-x509-info.c: Improve example of printing cert
	info.

2009-12-04  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Typo fix.  Reported by Laurence <lfinsto@gwdg.de> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4036>.

2009-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/compat.c, lib/gnutls_algorithms.h: fixes for compilation.

2009-12-03  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c: Check return value from
	gnutls_x509_crt_get_key_usage.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: This is a follow-up to commit
	3d8da5765133c6ced37bf29b5a07f950b8c26cd7, that fixes some issues
	with DSA and RSA certificate encoding. Due to that the shown public
	key IDs are different than the ones in previous gnutls versions.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: reduced calls to gnutls_hash on
	encryption/decryption. Only initialize MAC when needed.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
	lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Added
	plain MD5 hash check and corrected gnutls_hash_fast() usage in
	openssl.c Corrected new hash API bug that prevented usage of plain
	hash functions.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/gnutls.texi, lib/Makefile.am, lib/compat.c,
	lib/crypto.c, lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
	lib/includes/gnutls/crypto.h, lib/libgnutls.map,
	lib/opencdk/read-packet.c, lib/x509/privkey_pkcs8.c,
	src/benchmark.c, tests/gc.c: Exported gnutls_cipher_get_block_size()
	and all hash functions added to libgnutls.map.  Expanded benchmark
	with 3DES and ARCFOUR. Corrected test that used non-existing symbol.

2009-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/m4/hooks.m4: Corrected check for cryptodev. Only enable it if
	--enable-cryptodev is specified.

2009-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cryptodev.c, lib/gnutls_cryptodev.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/mac-libgcrypt.c, lib/x509/mpi.c: 
	Corrected compilation issues.

2009-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, lib/m4/hooks.m4: Moved cryptodev check to
	lib/m4/hooks.m4 and now --enable-cryptodev actually works.

2009-11-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: Doc fix.

2009-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cryptodev.c: corrected old type.

2009-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cryptodev.c: Only include cryptodev.h if cryptodev is there.

2009-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
	lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_constate.c, lib/gnutls_constate.h,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
	lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
	lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
	lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
	lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
	lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c: 
	Merged the two internal hash API functions, to simplify and reduce
	code.  gnutls_hmac* and gnutls_hash* were merged to gnutls_hash API.

2009-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore, configure.ac, lib/Makefile.am, lib/crypto-api.c,
	lib/crypto.c, lib/cryptodev.c, lib/gnutls_cipher_int.c,
	lib/gnutls_cryptodev.h, lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
	lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map, src/Makefile.am, src/benchmark.c: Added cryptodev
	support (/dev/crypto). Tested with
	http://www.logix.cz/michal/devel/cryptodev/.  Added benchmark
	utility for AES. Exported API to access encryption algorithms.

2009-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Documented certtool's certificate request generation fix.

2009-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/mpi.c: Corrected two issues that affected certificate
	request generation.  1. Null padding is added on integers (found thanks to Wilankar
	Trupti <trupti.wilankar@hp.com>) 2. In optional SignatureAlgorithm parameters field for DSA keys the
	DSA parameters were added. Those were rejected by verisign. Gnutls
	no longer adds those parameters there since other implementations
	don't do either and having them does not seem to offer anything
	(anyway you need the signer's certificate to verify thus public key
	will be available).

2009-11-27  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, tests/key-id/key-id,
	tests/nist-pkits/gnutls_test_entry, tests/x509paths/chain: More
	fixes of grep -q problem.

2009-11-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: Allow exporting of Certificate requests to DER
	format.  Added option --no-crq-extensions to avoid adding extensions
	to a request.

2009-11-23  Simon Josefsson <simon@josefsson.org>

	* tests/rfc2253-escape-test: Don't use 'grep -q', to fix portability
	to OpenSolaris.  Reported by "Dr. David Kirkby" <david.kirkby@onetel.net> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3993>.

2009-11-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-11-15  Simon Josefsson <simon@josefsson.org>

	* doc/guile.texi: Doc fix.

2009-11-15  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/intprops.h, gl/m4/sys_stat_h.m4,
	gl/m4/unistd_h.m4, gl/sys_stat.in.h, gl/unistd.in.h,
	gl/version-etc.c, lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4,
	lib/gl/m4/unistd_h.m4, lib/gl/sys_stat.in.h,
	lib/gl/tests/intprops.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
	files.

2009-11-09  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-11-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.9.

2009-11-09  Simon Josefsson <simon@josefsson.org>

	* build-aux/pmccabe2html, gl/Makefile.am, gl/getpagesize.c,
	gl/m4/getpagesize.m4, gl/m4/gnulib-comp.m4, gl/tests/test-fseeko.c,
	lib/gl/Makefile.am, lib/gl/getpagesize.c, lib/gl/m4/getpagesize.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/tests/test-fseeko.c: Update gnulib
	files.

2009-11-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-11-09  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Cleanup header inclusion.

2009-11-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: More dead code removed. Based on
	suggestions by Steve Grubb and Tomaz Mraz

2009-11-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-11-06  Simon Josefsson <simon@josefsson.org>

	* configure.ac, m4/valgrind.m4: Fix --disable-valgrind-tests.

2009-11-06  Simon Josefsson <simon@josefsson.org>

	* gl/tests/Makefile.am: Update gnulib files.

2009-11-06  Simon Josefsson <simon@josefsson.org>

	* gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4, maint.mk: Update
	gnulib files.

2009-11-06  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Link to libgcrypt explicitly when libgcrypt
	functions are used.

2009-11-06  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c, src/serv.c: Fix libgcrypt usage.

2009-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Simplified code which was based on older
	version of internal structures.  Based on observations by Steve
	Grubb and Tomas Mraz.

2009-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Corrected bug fix author.

2009-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Documented previous commit.

2009-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_constate.c, lib/gnutls_sig.c,
	libextra/gnutls_openssl.c, src/certtool.c, src/cfg/cfg+.c,
	src/cfg/platon/str/strdyn.c, src/serv.c: Cleanups and several bug
	fixes found by Tomas Mraz.  "I've patched the following problems in the code found by review of
	gnutls-2.8.5 code done by Steve Grubb.  See the patch attached.  The gnutls_constate.c bug might be potentially serious so I've
	decided to mail it to you directly, not to the public mailing list.  The auth_cert.c change is just cleanup of the code.  In gnutls_openssl.c I've just fixed the potential crasher, correct
	fix would require using asprintf or precomputed length of the buffer
	to allocate a memory.  The certtool.c change is again just a cleanup."

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.8.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* lib/gl/tests/test-func.c: Update gnulib files.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
	gl/tests/Makefile.am, gl/tests/test-inet_ntop.c,
	gl/tests/test-inet_pton.c, gl/tests/test-sys_socket.c,
	lib/gl/tests/test-func.c, lib/gl/tests/test-sys_socket.c,
	libextra/gl/md5.c: Update gnulib files.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* lib/m4/hooks.m4: Make sure libgcrypt's dependency on libgpg-error
	is known.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Fix API name change.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix API name change.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
	doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, guile/src/core.c, lib/auth_cert.c,
	lib/auth_dhe.c, lib/auth_rsa_export.c, lib/auth_srp.c,
	lib/auth_srp_passwd.c, lib/auth_srp_rsa.c, lib/ext_cert_type.c,
	lib/ext_server_name.c, lib/ext_session_ticket.c,
	lib/ext_signature.c, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_mpi.c, lib/gnutls_priority.c,
	lib/gnutls_psk.c, lib/gnutls_record.c, lib/gnutls_session_pack.c,
	lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_str.c,
	lib/gnutls_supplemental.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
	lib/minitasn1/decoding.c, lib/opencdk/armor.c, lib/opencdk/keydb.c,
	lib/opencdk/literal.c, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/read-packet.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509_write.c,
	libextra/gl/md5.c, libextra/gnutls_openssl.c, src/certtool-cfg.c,
	src/cli.c, src/common.c, src/crypt.c, src/psk.c, src/serv.c,
	tests/anonself.c, tests/chainverify.c, tests/crq_apis.c,
	tests/cve-2008-4989.c, tests/cve-2009-1415.c, tests/dhepskself.c,
	tests/dn2.c, tests/finished.c, tests/hostname-check.c,
	tests/mini-eagain.c, tests/mini.c, tests/nul-in-x509-names.c,
	tests/openpgpself.c, tests/oprfi.c, tests/pkcs12_encode.c,
	tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
	tests/resume.c, tests/tlsia.c, tests/x509_altname.c,
	tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c,
	tests/x509signself.c: Indent code.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-cert-select.c, src/cli.c: Fix API name change.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am, lib/ext_signature.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Fix NEWS blurb.
	Shorten new API name.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* lib/ext_signature.c: Doc fix, add Since tag.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* lib/ext_signature.c: Indent code.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4: Fix compile error.  Tiny patch by Brad Hards <bradh@frogmouth.net> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3943>.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* lib/ext_signature.c: Fix compile errors.  Tiny patch from Brad Hards <bradh@frogmouth.net> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3942>.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c: Fix compile errors.  Tiny patch from Brad Hards <bradh@frogmouth.net> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3941>.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/stdlib_h.m4, gl/stdlib.in.h,
	gl/tests/test-getaddrinfo.c, lib/gl/Makefile.am,
	lib/gl/m4/stdlib_h.m4, lib/gl/stdlib.in.h: Update gnulib files.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-11-05  Simon Josefsson <simon@josefsson.org>

	* lib/po/vi.po.in: Sync with TP.

2009-11-03  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am, src/Makefile.am, tests/Makefile.am: Use
	INET_NTOP_LIB and INET_PTON_LIB.

2009-11-03  Simon Josefsson <simon@josefsson.org>

	* build-aux/pmccabe2html, build-aux/useless-if-before-free,
	gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
	gl/m4/inet_pton.m4, gl/m4/pmccabe2html.m4, gl/m4/ungetc.m4,
	gl/sockets.c, gl/stdio.in.h, gl/sys_stat.in.h,
	gl/tests/test-arpa_inet.c, gl/tests/test-getaddrinfo.c,
	gl/tests/test-getdelim.c, gl/tests/test-getline.c,
	gl/tests/test-gettimeofday.c, gl/tests/test-memchr.c,
	gl/tests/test-netinet_in.c, gl/tests/test-select-stdin.c,
	gl/tests/test-select.c, gl/tests/test-sockets.c,
	gl/tests/test-stddef.c, gl/tests/test-stdint.c,
	gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
	gl/tests/test-strerror.c, gl/tests/test-string.c,
	gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
	gl/tests/test-time.c, gl/tests/test-unistd.c,
	gl/tests/test-version-etc.c, gl/tests/test-wchar.c,
	lib/gl/m4/fseeko.m4, lib/gl/m4/ungetc.m4, lib/gl/sockets.c,
	lib/gl/stdio.in.h, lib/gl/sys_stat.in.h,
	lib/gl/tests/test-memchr.c, lib/gl/tests/test-sockets.c,
	lib/gl/tests/test-stddef.c, lib/gl/tests/test-stdint.c,
	lib/gl/tests/test-stdio.c, lib/gl/tests/test-stdlib.c,
	lib/gl/tests/test-string.c, lib/gl/tests/test-strverscmp.c,
	lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
	lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
	lib/gl/tests/test-wchar.c, libextra/gl/md5.c, maint.mk: Update
	gnulib files.

2009-11-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-11-02  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Fix time bomb in chainverify self-test.  Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Documented change for certificate retrieval callbacks.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: do not use gnutls_x509_crt_get_signature_algorithm() on
	null certificates.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: Do not check signature algorithms for certificate
	selection when using openpgp certificates.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/gnutls-cli.1: Avoid code duplication by using all the
	functions defined in gnutls_algorithms to map from TLS 1.2 signature
	algorithm numbers to gnutls signature algorithms.  Added minimal documentation for SIGN-* in gnutls-cli priority
	strings.  Corrected bug in signature algorithm extension generation.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/ext_signature.c,
	lib/ext_signature.h, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_int.h, lib/gnutls_sig.c: Avoid
	code duplication by using all the functions defined in
	gnutls_algorithms to map from TLS 1.2 signature algorithm numbers to
	gnutls signature algorithms.  Added minimal documentation for SIGN-* in gnutls-cli priority
	strings.  Corrected bug in signature algorithm extension generation.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa_export.c,
	lib/auth_srp_rsa.c, lib/gnutls_sig.c, lib/gnutls_sig.h: Rationalized
	function names for signature generation and verification during
	handshake.  _gnutls_tls_sign_hdata ->
	_gnutls_handshake_sign_cert_vrfy _gnutls_verify_sig_hdata ->
	_gnutls_handshake_verify_cert_vrfy _gnutls_tls_sign_params ->
	_gnutls_handshake_sign_data _gnutls_verify_sig_params ->
	_gnutls_handshake_verify_data

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_signature.c: Do not output error if a server replies with
	a SignatureAlgorithms extension.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dn2.c, tests/pathlen/ca-no-pathlen.pem: RSA_SHA -> RSA_SHA1

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Documented memory leak fix.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-cert-select.c, doc/gnutls.texi,
	lib/auth_cert.c, lib/ext_cert_type.c, lib/ext_cert_type.h,
	lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_alert.c,
	lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: Final
	touch on signature algorithms in TLS 1.2 support. Added function
	gnutls_session_sign_algorithm_get_requested() for callbacks to be
	able to verify they return a correct certificate as well as
	documentation for its usage.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_cert.c, lib/auth_cert.h,
	lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_errors.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in, lib/openpgp/gnutls_openpgp.c: 
	Improved TLS 1.2 support. Added support for the SignatureAlgorithm
	extension as well for the SignatureAlgorithm in certificate request.  Limitation for TLS 1.2 clients:  Only SHA1 or SHA256 are supported for generating signatures in
	certificate verify message. That is to avoid storing all handshake
	messages in memory. To be reconsidered in the future.

2009-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: fixes in order to compile with -Werror

2009-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_cert_type.c, lib/gnutls_cipher.c: remove unnessesary
	warning.

2009-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_cert_type.c: correctly check extension size.

2009-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c: When resuming a session do not
	overwrite the initial session data with resumed session data.
	Discovered on discussion at help-gnutls with Sebastien Decugis.

2009-10-26  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cipher.c, lib/gnutls_handshake.c, src/certtool.c: Fix
	code style so it compiles with gcc 4.4 with warnings.

2009-10-26  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/sys_stat_h.m4, gl/sys_stat.in.h,
	lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4, lib/gl/sys_stat.in.h: 
	Update gnulib files.

2009-10-26  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Drop unknown mini-hfail.

2009-10-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-10-25  Daiki Ueno <ueno@unixuser.org>

	* lib/gnutls_handshake.c: Enable ClientHello to carry arbitrary
	length extension data.

2009-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/pkcs12.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_int.h,
	src/certtool.c: Added GNUTLS_BAG_SECRET that adds support for
	storing a randomly generated key into a PKCS-12 structure. This is a
	gnutls extension, since PKCS-12 does not specify what should be in
	the secret bag. What we do is store the key as OCTET string and
	specify an OID of the PKCS-9 random nonce.

2009-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/privkey_pkcs8.c: Corrected warnings in picky
	compilers and rearanged code.

2009-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/certtool.1, lib/cipher-libgcrypt.c,
	lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
	lib/x509/x509_int.h, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa: Added support for the AES family
	of ciphers in the PKCS8 and 12 encryption options.

2009-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: Do not print auto-generated files.

2009-10-23  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2009-10-23  Simon Josefsson <simon@josefsson.org>

	* lib/gnutlsxx.cpp: Fix forgotten braces.  Reported by Jason Pettiss <jpettiss@yahoo.com>.

2009-10-23  Simon Josefsson <simon@josefsson.org>

	* lib/gnutlsxx.cpp: Indent code.

2009-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_sig.c, lib/gnutls_state.c: 1. Fix for memory leaks on interrupted handshake.  2. Fixes issue where a TLS 1.2 client will wrongly calculate hashes
	if the server will select a different than 1.2 protocol.  3. In TLS 1.2 when a certificate request is sent, support is not
	complete. In that case abort the handshake. By checking TLS 1.2 it
	seems that the algorithms to be used for the signature in the
	certificate verify message are negotiated not at the client/server
	hello messages but rather selected by the server at the certificate
	request. This might not look as bad, but since in this message we
	have to sign all previous handshake messages, it forces us to keep
	all the handshake messages into a buffer until this point... I don't
	know who proposed this change to the TLS WG, but it seems it wasn't
	really thought of.

2009-10-20  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Fix expired cert.

2009-10-16  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Make sure we use libgcrypt correctly.

2009-10-15  Simon Josefsson <simon@josefsson.org>

	* gl/m4/time_h.m4: Update gnulib files.

2009-10-15  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/sys_stat_h.m4,
	gl/sys_stat.in.h, gl/tests/Makefile.am, gl/tests/test-sys_stat.c,
	gl/tests/test-time.c, gl/time.in.h, gl/unistd.in.h,
	lib/gl/Makefile.am, lib/gl/m4/gnulib-comp.m4,
	lib/gl/m4/sys_stat_h.m4, lib/gl/sys_stat.in.h,
	lib/gl/tests/test-sys_stat.c, lib/gl/unistd.in.h: Update gnulib
	files.

2009-10-15  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutlsxx.map: Export C++ symbol visibility.  Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.

2009-10-14  Simon Josefsson <simon@josefsson.org>

	* lib/pkix_asn1_tab.c: Regenerate.

2009-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-10-14  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs12_encode.c: Fix MAC password.

2009-10-14  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs12_encode.c: Use better friendly names.

2009-10-14  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/pkcs12_encode.c: Add self test to test
	PKCS#12 functions.

2009-10-14  Simon Josefsson <simon@josefsson.org>

	* lib/pkix.asn: Work around 'Cannot find OID: 1.2.840.113549.1.9.21'
	PKCS#12 problem.  Reported by Michael Welsh Duggan <mwd@cert.org> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1786>.

2009-10-14  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Mention that sometimes CA certs needs to be
	included in PKCS#12 files.  Reported by Ivars Suba <Ivars.Suba@bank.lv>.

2009-10-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: After setting priorities using new API,
	update current TLS version.

2009-10-06  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-10-06  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-10-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.7.

2009-10-06  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4,
	gl/m4/unistd_h.m4, gl/progname.c, gl/stdio.in.h, gl/unistd.in.h,
	lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/m4/unistd_h.m4,
	lib/gl/stdio.in.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
	files.

2009-10-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-10-06  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutlsxx.map: Fix symbol export rules.  Tiny patch by Boyan Kasarov <bkasarov@gmail.com>.

2009-10-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutlsxx.cpp: Include config.h.  Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.

2009-10-01  Daiki Ueno <ueno@unixuser.org>

	* lib/gnutls_sig.c: Reserve enough room for hash buffers.  This fixes x509self self-test.

2009-09-30  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4,
	gl/tests/Makefile.am, gl/unistd.in.h, lib/gl/Makefile.am,
	lib/gl/m4/sys_stat_h.m4, lib/gl/m4/unistd_h.m4,
	lib/gl/tests/Makefile.am, lib/gl/unistd.in.h: Update gnulib files.

2009-09-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-09-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Attempt to negotiate TLS 1.2 by default.

2009-09-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-09-30  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c: Fix comment.

2009-09-30  Daiki Ueno <ueno@unixuser.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa_export.c,
	lib/auth_srp_rsa.c, lib/gnutls_sig.c, lib/gnutls_sig.h: Fix
	server-side TLS 1.2 support.

2009-09-30  Daiki Ueno <ueno@unixuser.org>

	* lib/gnutls_sig.c: Calculate DER-encoded DigestInfo on-the-fly
	rather than hard code it.

2009-09-28  Ludovic Courtès <ludo@gnu.org>

	* configure.ac, guile/src/core.c: guile: Adjust for Guile 1.9.3+.  * guile/src/core.c (mark_session_record_port,
	  free_session_record_port): Conditionalize on `SCM_MAJOR_VERSION == 1
	  && SCM_MINOR_VERSION <= 8'.  (scm_init_gnutls_session_record_port_type): Adjust accordingly.    (make_session_record_port): Use `scm_gc_malloc_pointerless ()'
	  when available.

2009-09-28  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: guile: Syntactic nitpicking.  * guile/src/core.c (SCM_GNUTLS_MAKE_SESSION_DATA,   SCM_GNUTLS_SET_SESSION_RECORD_PORT): Remove extraneous semicolon.

2009-09-28  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: guile: Use Guile's malloc routines.  * guile/src/core.c (scm_init_gnutls): Use Guile's malloc routines.

2009-09-23  Simon Josefsson <simon@josefsson.org>

	* lib/ext_server_name.c: Clarify gnutls_server_name_set usage.  Reported by Daniel Black <daniel@cacert.org> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3878>.

2009-09-23  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: Fix integer/pointer cast warnings in the Guile
	bindings on x86_64.  * guile/src/core.c (do_fill_port, fill_session_record_port_input,   scm_gnutls_set_session_transport_fd_x): Make sure pointer/integer
	  casts use integers of the right size.

2009-09-23  Ludovic Courtès <ludo@gnu.org>

	* guile/src/extra.c: Update Guile bindings to the current OpenPGP
	API.  * guile/src/extra.c (scm_gnutls_openpgp_certificate_id,   scm_gnutls_openpgp_certificate_id_x): Use   the newer `gnutls_openpgp_crt_get_key_id ()'.

2009-09-23  Ludovic Courtès <ludo@gnu.org>

	* doc/Makefile.am, guile/src/Makefile.am, guile/tests/Makefile.am: 
	Turn off auto-compilation when using Guile 1.9+.  * guile/src/Makefile.am (GUILE_FOR_BUILD): Turn off auto-compilation   with Guile 1.9+.  * guile/tests/Makefile.am (TESTS_ENVIRONMENT): Likewise.  * doc/Makefile.am (GUILE_FOR_BUILD): Likewise.

2009-09-23  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c, guile/src/errors.c, guile/src/extra.c,
	guile/src/utils.c, guile/src/utils.h: Fix inclusion of <config.h> in
	Guile bindings.  * guile/src/core.c, guile/src/errors.c, guile/src/extra.c,   guile/src/utils.c: Include <config.h> first, as suggested by Simon   Josefsson.  * guile/src/utils.h: Don't include <config.h>.

2009-09-22  Simon Josefsson <simon@josefsson.org>

	* gl/unistd.in.h, lib/gl/unistd.in.h: Update gnulib files.

2009-09-22  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-09-22  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh: Chmod.

2009-09-22  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-09-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.6.

2009-09-22  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/getdelim.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4,
	gl/stdio.in.h, gl/stdlib.in.h, gl/sys_stat.in.h, gl/unistd.in.h,
	lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
	lib/gl/m4/sys_stat_h.m4, lib/gl/m4/unistd_h.m4, lib/gl/stdio.in.h,
	lib/gl/stdlib.in.h, lib/gl/sys_stat.in.h, lib/gl/unistd.in.h,
	maint.mk: Update gnulib files.

2009-09-13  Brad Hards <bradh@frogmouth.net>

	* lib/x509/x509.c: Add forgotten documentation bits for issuer
	altname Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-09-11  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, gl/m4/getaddrinfo.m4, gl/m4/getline.m4,
	gl/m4/readline.m4, gl/m4/select.m4, gl/m4/sockets.m4,
	gl/m4/socklen.m4, gl/m4/sockpfaf.m4, lib/gl/m4/sockets.m4,
	lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4, lib/gl/m4/time_r.m4: 
	Update gnulib files.

2009-09-11  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cipher.c: Add debug message.  Tiny patch from Miroslav
	Kratochvil <exa.exa@gmail.com> in
	<http://thread.gmane.org/gmane.network.gnutls.general/1758>.

2009-09-11  Daiki Ueno <ueno@unixuser.org>

	* lib/Makefile.am: Fix out-of-tree build.  Fix out-of-tree build; gnutls.h is generated in the build tree.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/m4/hooks.m4: Enable Camellia by default.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.5.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Bump version.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/stdio_h.m4, gl/m4/string_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4, gl/stdio.in.h,
	gl/string.in.h, gl/sys_stat.in.h, gl/unistd.in.h,
	lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/m4/string_h.m4,
	lib/gl/m4/sys_stat_h.m4, lib/gl/m4/unistd_h.m4, lib/gl/stdio.in.h,
	lib/gl/string.in.h, lib/gl/sys_stat.in.h, lib/gl/unistd.in.h,
	maint.mk: Update gnulib files.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* lib/m4/hooks.m4: Bump library version for new APIs.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c, lib/x509/x509.c: Indent.

2009-09-10  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Move the new ABIs to the GNUTLS_2_10 section.

2009-09-09  Brad Hards <bradh@frogmouth.net>

	* doc/manpages/Makefile.am, lib/includes/gnutls/x509.h,
	lib/libgnutls.map, lib/x509/output.c, lib/x509/x509.c,
	tests/Makefile.am, tests/x509_altname.c: Add X509 Issuer Altname
	functions Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-09-07  Simon Josefsson <simon@josefsson.org>

	* tests/key-id/key-id: Don't use ! to negate exit status.  Reported
	by "Tom G. Christensen" <tgc@jupiterrise.com> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3861>.

2009-09-03  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/close.c, gl/inet_ntop.c, gl/inet_pton.c,
	gl/m4/sys_stat_h.m4, gl/sys_stat.in.h, gl/tests/Makefile.am,
	gl/unistd.in.h, lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4,
	lib/gl/sys_stat.in.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
	files.

2009-09-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/configure.ac, lib/m4/hooks.m4, libextra/configure.ac: 
	Bump versions.

2009-09-03  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Commit cyclo/ dir too.

2009-09-03  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-09-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.4.

2009-09-03  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check.c: Build when OpenPGP is disabled.

2009-09-03  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix!

2009-09-03  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Typo.

2009-09-03  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Ugly hack for autobuilder.

2009-09-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Use SHA256 as MAC by default.

2009-09-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-09-01  Daiki Ueno <ueno@unixuser.org>

	* lib/gnutls_algorithms.c: Add SHA-2 cipher suites.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-09-01  Daiki Ueno <ueno@unixuser.org>

	* lib/debug.c: Print NewSessionTicket handshake.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Handle XMPP SANs properly.  Reported by Howard
	Chu <hyc@symas.com> in <https://savannah.gnu.org/support/?106975>.

2009-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/auth_dhe.c: Need another header.

2009-08-31  Simon Josefsson <simon@josefsson.org>

	* AUTHORS, NEWS: Add.

2009-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Add comment explaining where magic values
	come from.

2009-08-31  Daiki Ueno <ueno@unixuser.org>

	* lib/auth_cert.c: Fix parsing Certificate Request for TLS 1.2.  Fix the logic to skip supported_signature_algorithms in Certificate
	Request.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Daiki Ueno <ueno@unixuser.org>

	* lib/gnutls_handshake.c, lib/gnutls_pk.c, lib/gnutls_state.c: Use
	SHA256 for PRF if TLS 1.2.  Use SHA256 for the basis of PRF, and for the hash over handshake
	messages.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Daiki Ueno <ueno@unixuser.org>

	* lib/auth_dhe.c, lib/auth_rsa_export.c, lib/auth_srp_rsa.c,
	lib/gnutls_sig.c, lib/gnutls_sig.h: Respect TLS signature algorithm
	in server KX.  Verify signature of DH parameters in Server Key Exchange with the
	embedded signature algorithm.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Daiki Ueno <ueno@unixuser.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_int.h: Add functions for TLS signature algorithm.  Add functions to convert TLS signature algorithm from/to constants
	defined by GnuTLS.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-08-31  Simon Josefsson <simon@josefsson.org>

	* maint.mk: Update gnulib files.

2009-08-31  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2009-08-25  Fabian Keil <fk@fabiankeil.de>

	* src/serv.c: Remove dead store in listen_socket().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

	* lib/gnutls_buffers.c: Remove dead store in
	_gnutls_io_write_buffered().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

	* lib/x509/x509.c: Remove dead store in
	gnutls_x509_crt_list_import().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

	* lib/auth_srp_passwd.c: Remove dead store in pwd_put_values().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

	* src/certtool.c: Remove dead store in pkcs12_info().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

	* lib/auth_cert.c: Remove write-only variable info in
	_gnutls_proc_cert_cert_req().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

	* lib/auth_rsa_export.c: Remove write-only variable info in
	gen_rsa_export_server_kx().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

	* src/cfg/shared.c: Remove write-only variable sep_ar_idx in
	split_multi_arg().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

	* lib/x509/pkcs12.c: Remove write-only variable tmp_size in
	_pkcs12_decode_safe_content().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-29  Fabian Keil <fk@fabiankeil.de>

	* THANKS: Remove duplicates. Two exact ones and a pretty close one.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Fabian Keil <fk@fabiankeil.de>

	* lib/auth_srp_passwd.c: Mark what looks like a bug in in
	_gnutls_srp_pwd_read_entry() Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

	* src/crypt.c: In main(), rename salt to salt_size and don't bother
	reading info.salt which we don't use anyway.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/misc.c: (cdk_strlist_next): Handle NULL root value better.  Based on report
	by Fabian Keil <fk@fabiankeil.de>.

2009-08-24  Fabian Keil <fk@fabiankeil.de>

	* lib/x509/output.c: In print_extensions(), declare the *_idx
	variables as int instead of size_t.  While it shouldn't make a difference, it makes more sense to me.
	It's also consistent with (at least) print_crl().  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

	* lib/x509/output.c: In print_extensions(), initialize *_idx
	variables once before entering the for loop instead of each run.  Otherwise checking them is pointless as they always will be zero.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

	* lib/x509/output.c: In print_crq(), initialize challenge and
	extensions once before entering the for loop instead of each run.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Fabian Keil <fk@fabiankeil.de>

	* lib/x509/output.c: In print_crl(), initialize aki_idx and crl_nr
	once before entering the for loop instead of each run.  Otherwise the "error: more than one AKI extension\n" and "error:
	more than one CRL number\n" checks want work.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-28  Simon Josefsson <simon@josefsson.org>

	* tests/x509dn.c: Likewise.

2009-08-28  Simon Josefsson <simon@josefsson.org>

	* tests/x509dn.c: Don't use deprecated type.

2009-08-28  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Overwrite gettext's size_max.m4 to make sure we use one
	that works.

2009-08-28  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/stdlib_h.m4,
	gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4, gl/progname.c,
	gl/stdlib.in.h, gl/sys_socket.in.h, gl/tests/Makefile.am,
	gl/unistd.in.h, gl/vasnprintf.c, lib/gl/Makefile.am,
	lib/gl/m4/stdlib_h.m4, lib/gl/m4/sys_socket_h.m4,
	lib/gl/m4/unistd_h.m4, lib/gl/stdlib.in.h, lib/gl/sys_socket.in.h,
	lib/gl/tests/test-func.c, lib/gl/unistd.in.h, lib/gl/vasnprintf.c,
	libextra/gl/override/lib/md5.c.diff: Update gnulib files.

2009-08-28  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/configure.ac, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_str.h, lib/opencdk/Makefile.am,
	lib/x509/privkey_pkcs8.c, libextra/configure.ac: Fix use of
	deprecated types, for now and the future.

2009-08-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Fix gnutls_datum usage.

2009-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.c, lib/gnutls_pk.c, lib/gnutls_str.c,
	lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
	lib/opencdk/pubkey.c, lib/openpgp/gnutls_openpgp.c,
	lib/x509/common.c, lib/x509/extensions.c, lib/x509/mpi.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509_write.c, src/certtool.c,
	tests/openpgp_test.c, tests/resume.c, tests/x509_test.c,
	tests/x509dn.c, tests/x509sign-verify.c: Fix deprecated usage of
	gnutls_datum.

2009-08-27  Dan Fandrich <dan@coneharvesters.com>

	* lib/opencdk/new-packet.c, lib/opencdk/packet.h,
	lib/opencdk/pubkey.c, lib/opencdk/read-packet.c,
	lib/opencdk/stream.c, lib/opencdk/stream.h, lib/opencdk/verify.c,
	lib/x509/crq.c: Fix compiler warning bugs for OpenWatcom.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-25  Daiki Ueno <ueno@unixuser.org>

	* tests/resume.c: Fix double-free Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-24  Simon Josefsson <simon@josefsson.org>

	* .gitattributes: Disable whitespace for file that need it.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check.c: Add check of OpenPGP cert too.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* libextra/gl/override/lib/md5.c.diff: Work around whitespace commit
	hook.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/stdio_h.m4, gl/select.c, gl/stdio.in.h,
	lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/stdio.in.h,
	maint.mk: Update gnulib files.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* libextra/gl/gnulib.mk, libextra/gl/m4/gnulib-cache.m4,
	libextra/gl/md5.c, libextra/gl/override/lib/md5.c.diff: Reduce stack
	usage and remove code.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Remove unused constant.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Reduce stack usage.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/pgp.c: Fix OpenPGP hostname comparison.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/output.c, lib/openpgp/pgp.c: Reduce stack usage.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Reduce stack usage.

2009-08-20  Simon Josefsson <simon@josefsson.org>

	* .x-sc_m4_quote_check, lib/gnutls_sig.c,
	lib/opencdk/write-packet.c: Fix syntax-check nits.

2009-08-20  Daiki Ueno <ueno@unixuser.org>

	* lib/libgnutls.map, lib/opencdk/keydb.c, tests/dn2.c, tests/mpi.c,
	tests/resume.c: Fix memleaks.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix references.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Also commit devel/ web pages.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Fix ChangeLog.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.3.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* lib/ext_session_ticket.c: Typo.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_sig.c: Need gnutls_algorithms.h for prototypes.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add.

2009-08-18  Jonathan Bastien-Filiatrault <joe@x2a.org>

	* lib/auth_cert.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/gnutls_sig.c, lib/gnutls_state.c: 
	Replace explicit version checks with feature checks Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Reformat paragraphs.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, src/cli-gaa.c, src/cli-gaa.h,
	src/serv-gaa.c, src/serv-gaa.h: Generated.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Typo.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add cross reference.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml, lib/ext_session_ticket.c: Fix
	GTK-DOC output.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Fix namespace of new APIs.

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* lib/ext_session_ticket.c, lib/gnutls_extensions.c,
	lib/gnutls_session_pack.c: Fix whitespace.

2009-08-19  Daiki Ueno <ueno@unixuser.org>

	* doc/TODO, lib/Makefile.am, lib/ext_session_ticket.c,
	lib/ext_session_ticket.h, lib/gnutls_constate.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_session_pack.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
	lib/m4/hooks.m4, src/cli.c, src/cli.gaa, src/serv.c, src/serv.gaa,
	tests/resume.c: session ticket support Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-19  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix indent rule.

2009-08-19  Daiki Ueno <ueno@unixuser.org>

	* doc/gnutls.texi: internals doc update Hi, When I wrote SessionTicket extension I referred to the manual node
	"Adding a New TLS Extension", and noticed that it is not up to date.
	So, here is a patch.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-18  Simon Josefsson <simon@josefsson.org>

	* gl/stdio.in.h, lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/memmove.m4, lib/gl/memmove.c,
	lib/gl/stdio.in.h, maint.mk: Update gnulib files.

2009-08-15  Simon Josefsson <simon@josefsson.org>

	* gl/m4/stddef_h.m4, lib/gl/m4/stddef_h.m4: Update gnulib files.

2009-08-15  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Don't ignore gl/ files!

2009-08-15  Simon Josefsson <simon@josefsson.org>

	* gl/tests/test-stddef.c, lib/gl/tests/test-stddef.c: Update gnulib
	files.

2009-08-15  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/wchar.m4,
	gl/stddef.in.h, gl/stdlib.in.h, gl/string.in.h,
	gl/tests/Makefile.am, gl/tests/test-stdio.c,
	gl/tests/test-stdlib.c, gl/tests/test-string.c,
	gl/tests/test-unistd.c, gl/tests/test-wchar.c, gl/unistd.in.h,
	lib/gl/Makefile.am, lib/gl/m4/gnulib-comp.m4, lib/gl/m4/wchar.m4,
	lib/gl/stddef.in.h, lib/gl/stdlib.in.h, lib/gl/string.in.h,
	lib/gl/tests/Makefile.am, lib/gl/tests/test-stdio.c,
	lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
	lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
	lib/gl/tests/test-wchar.c, lib/gl/time.in.h, lib/gl/unistd.in.h,
	maint.mk: Update gnulib files.

2009-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-08-14  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.2.

2009-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add 2.8.3 entry.

2009-08-14  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/close.m4, gl/m4/fclose.m4,
	gl/m4/gnulib-comp.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_socket_h.m4,
	gl/m4/unistd_h.m4, gl/tests/Makefile.am, gl/tests/sys_ioctl.in.h,
	gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
	gl/tests/test-string.c, gl/tests/test-unistd.c,
	gl/tests/test-version-etc.sh, gl/unistd.in.h, gl/vasnprintf.c,
	lib/gl/Makefile.am, lib/gl/m4/sys_socket_h.m4,
	lib/gl/m4/threadlib.m4, lib/gl/m4/unistd_h.m4,
	lib/gl/tests/test-stdio.c, lib/gl/tests/test-stdlib.c,
	lib/gl/tests/test-string.c, lib/gl/tests/test-unistd.c,
	lib/gl/unistd.in.h, lib/gl/vasnprintf.c: Update gnulib files.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* gl/tests/test-version-etc.sh: Update gnulib files.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* gl/tests/test-version-etc.sh: Update gnulib files.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Don't generate gzip archives.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_int.h,
	lib/io_debug.h: Remove io_debug.h stuff, it is superseded by
	self-tests like mini-eagain.c.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: (gnutls_x509_crt_import): Re-initialize the ASN.1 structure.  If this is not done here, the next certificate loading may fail
	because asn1_der_decoding modified the ASN.1 structure.  Triggered
	by the hostname-check self-test.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Revert "Always build vc checkouts with debugging." This reverts commit b68235be4d1ff7739456e0c5d8c28c6e96e15a14.  It
	breaks because -Wdisabled-optimizations will cause an error when
	optimizations are disabled.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Always build vc checkouts with debugging.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check.c: Fix.

2009-08-13  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check.c: Add another SAN/CN collision test.
	Reported by Daniel Stenberg <daniel@haxx.se> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1735>.

2009-08-12  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check.c: Fix logic.

2009-08-12  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check.c: Test when SAN and CN differs.  Inspired by
	report by Daniel Stenberg <daniel@haxx.se> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1734>.

2009-08-12  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am, libextra/gl/m4/sockets.m4: Use include
	instead of copy.

2009-08-12  Simon Josefsson <simon@josefsson.org>

	* libextra/gl/m4/sockets.m4: Add, needed for -lws2_32 in libextra.

2009-08-12  Simon Josefsson <simon@josefsson.org>

	* libextra/m4/hooks.m4: Add.

2009-08-11  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Doc fix.

2009-08-11  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_psk.c,
	lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_x509.c,
	lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
	libextra/gnutls_ia.c: Fix typos in documentation.  Reported by Daiki
	Ueno <ueno> in <https://savannah.gnu.org/support/?106969>.

2009-08-10  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-comp.m4, gl/m4/sys_select_h.m4, gl/stdio-write.c,
	gl/sys_select.in.h, gl/tests/gettimeofday.c,
	gl/tests/test-sys_select.c, gl/tests/test-version-etc.sh,
	lib/gl/m4/gnulib-comp.m4, lib/gl/stdio-write.c, maint.mk: Update
	gnulib files.

2009-08-10  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Need to add LIBSOCKET because we link to
	../lib's gnulib library, for mingw.

2009-08-10  Simon Josefsson <simon@josefsson.org>

	* lib/po/cs.po.in, lib/po/fr.po.in, lib/po/nl.po.in,
	lib/po/pl.po.in, lib/po/sv.po.in: Sync with TP.

2009-08-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add 2.8.x news entries.

2009-08-10  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix usage.

2009-08-10  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Copy cyclomatic code complexity charts too.

2009-08-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-08-10  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Look only for latest _required_
	libgcrypt/libtasn1 version.  Reported by Marco d'Itri <md@linux.it> via Andreas Metzler
	<ametzler@downhill.at.eu.org> as Debian BTS #540449.

2009-08-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit c529f792e4c899080eb1f6e104c8552fa0770356 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Sat Aug 8 09:06:57 2009
	+0300

2009-08-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-08-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-08-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-08-07  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Check for NUL in SANs and replace accordingly.

2009-08-07  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/hostname-check.README,
	tests/hostname-check.c: Move comment into source.

2009-08-07  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Refuse to return DNs with embedded NULs which
	breaks other code.  Problem published by Dan Kaminsky and Moxie Marlinspike at
	BlackHat09.

2009-08-07  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Revert everything since last release, to allow
	minimal patch to be applied.

2009-08-06  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Fix invocation of rfc2253-escape-test.  Reported by Brad Hards <bradh@frogmouth.net> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3750>.

2009-08-06  Simon Josefsson <simon@josefsson.org>

	* build-aux/vc-list-files, gl/Makefile.am, gl/error.c, gl/fseeko.c,
	gl/m4/gnulib-comp.m4, gl/m4/lib-link.m4, gl/m4/stdio_h.m4,
	gl/m4/unistd_h.m4, gl/socket.c, gl/sockets.c, gl/stdio.in.h,
	gl/tests/Makefile.am, gl/tests/test-select.c,
	gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
	gl/tests/test-string.c, gl/tests/test-unistd.c,
	gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
	gl/unistd.in.h, gl/version-etc.c, gl/version-etc.h,
	lib/gl/Makefile.am, lib/gl/fseeko.c, lib/gl/m4/iconv.m4,
	lib/gl/m4/lib-link.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/time_h.m4,
	lib/gl/m4/unistd_h.m4, lib/gl/sockets.c, lib/gl/stdio.in.h,
	lib/gl/tests/test-stdio.c, lib/gl/tests/test-stdlib.c,
	lib/gl/tests/test-string.c, lib/gl/tests/test-unistd.c,
	lib/gl/time.in.h, lib/gl/unistd.in.h, libextra/gl/m4/lib-link.m4,
	libextra/gl/md5.h, maint.mk: Update gnulib files.

2009-08-05  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/rfc2253-escape-test: Add self-test of RFC
	2253 escaping.

2009-08-04  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Simplify and fix mem leak.

2009-08-04  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Don't use fixed size buffer for strings.

2009-08-04  Simon Josefsson <simon@josefsson.org>

	* tests/nul-in-x509-names.c: Exit with failure on failure.

2009-08-04  Simon Josefsson <simon@josefsson.org>

	* tests/nul-in-x509-names.c: Fix output.

2009-08-04  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_str.c: Cleanup code.

2009-08-04  Tomas Hoger <thoger@redhat.com>

	* lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/pgp.c,
	lib/x509/rfc2818_hostname.c: GnuTLS vs. NULL chars in CNs Check cert name size in _gnutls_hostname_compare()     This is needed to protect against NULL (\0) characters embedded
	    in X509 certificates' CNs or subjectAltNames, that can be used
	    to fool SSL certificate verification as was demonstrated by Moxie
	Marlinspike on BH USA 2009:
	http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#MarlinspikeSigned-off-by: Simon Josefsson <simon@josefsson.org>

2009-08-04  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/nul-in-x509-names.c: Add self-test for
	NUL in X.509 CN/SAN problem.

2009-08-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Fix typo.

2009-08-03  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Fix expected output, a cert have expired.

2009-08-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Fix crash.

2009-08-03  Simon Josefsson <simon@josefsson.org>

	* tests/mini-eagain.c: Make it build.

2009-07-29  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Drop .c and sort.

2009-07-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/minitasn1/errors.c, lib/minitasn1/libtasn1.h: Use
	libtasn1 v2.3.

2009-07-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit c02e9f1459330119d2947a4e46fb60c0e12fa32d Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Sun Jul 26 15:22:06 2009
	+0300

2009-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: do not allow null character in DN.

2009-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: updated files to be ignored.

2009-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/dn.c: Typo fix in test output. Patch by Brad Hards
	<bradh@frogmouth.net>

2009-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: Removed duplicate entry of Daniel and added Fabian, Brad
	and Daiki.

2009-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
	doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
	lib/auth_cert.c, lib/gnutls_buffers.c, lib/gnutls_mpi.c,
	lib/gnutls_pk.c, lib/gnutls_sig.c, lib/opencdk/stream.c,
	lib/opencdk/write-packet.c, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c, lib/x509/privkey_pkcs8.c, src/certtool.c,
	src/psk.c: Several bug fixes by Fabian Keil (some were modified by
	me).

2009-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-eagain.c: reduced transferred data size.

2009-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/gnutls_buffers.c, lib/gnutls_errors.c,
	lib/gnutls_record.c, lib/gnutls_supplemental.c,
	lib/opencdk/armor.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
	lib/opencdk/read-packet.c, lib/opencdk/sig-check.c,
	lib/opencdk/stream.c, src/certtool-cfg.c, tests/chainverify.c: Added
	casts to reduce warnings (based on report by Brad Hards).

2009-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitignore: Added more stuff to have a clean status.

2009-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README-alpha: Documentation corrections by Brad Hards.

2009-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c: size_t and unsigned int fixes.

2009-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: There are cases where those buffers might
	overlap

2009-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Patch by Tim Kosse: "If
	_gnutls_send_finished fails with GNUTLS_E_AGAIN or GNUTLS_E_AGAIN it
	eventually gets called a second time.  It however does not call _gnutls_send_handshake with a NULL pointer
	on repeated calls, ultimately leading to an internal error in
	_gnutls_handshake_io_send_int."

2009-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.h, lib/gnutls_ui.c: Corrected
	gnutls_certificate_client_get_request_status(). Based on observation
	by Peter Hendrickson <pdh@wiredyne.com>.

2009-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, tests/Makefile.am, tests/mini-eagain.c: 
	Added bug fix that allows gnutls_record_recv/send resuming from
	previously interrupted actions. Patch by from Tim Kosse
	<tim.kosse@filezilla-project.org>.  Added a self test to check those functions in handling interrupted
	states.

2009-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 21a7186bf83084a2bc85bbb7ddb600ccd070f1c2 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Tue Jun 23 23:04:51 2009
	+0200

2009-06-23  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Doc fix.

2009-06-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-06-22  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/dn2.c: Add self-test of off-by-one size
	error.

2009-06-22  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2009-06-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-06-22  Simon Josefsson <simon@josefsson.org>

	* lib/x509/dn.c: Fix off-by-one size computation that leads to
	truncated strings.  Reported by Tim Kosse
	<tim.kosse@filezilla-project.org> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.

2009-06-18  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/errno.in.h, gl/{tests => }/getpagesize.c,
	gl/m4/errno_h.m4, gl/m4/gnulib-comp.m4, gl/m4/memchr.m4,
	gl/m4/string_h.m4, gl/memchr.valgrind, gl/strerror.c,
	gl/string.in.h, gl/tests/Makefile.am, lib/gl/Makefile.am,
	lib/gl/errno.in.h, lib/gl/{tests => }/getpagesize.c,
	lib/gl/m4/errno_h.m4, lib/gl/m4/gnulib-comp.m4,
	lib/gl/m4/memchr.m4, lib/gl/m4/string_h.m4, lib/gl/memchr.valgrind,
	lib/gl/string.in.h, lib/gl/tests/Makefile.am: Update gnulib files.

2009-06-18  Simon Josefsson <simon@josefsson.org>

	* libextra/m4/hooks.m4: Fix --disable-openssl-compatibility
	parameter.  Reported by Matthias Drochner <M.Drochner@fz-juelich.de>
	in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3646>.

2009-06-17  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Typo.

2009-06-17  Simon Josefsson <simon@josefsson.org>

	* tests/mpi.c: Fix build error.

2009-06-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-06-17  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_ui.c: Return proper MPI lengths in bits.  Reported by
	Peter Hendrickson <pdh@wiredyne.com> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.

2009-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit fad0d9b3289087dbd56176e7a1ccb498cf5ef099 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Wed Jun 10 17:55:05 2009
	+0200

2009-06-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-06-10  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs12_s2k.c: Improve test vectors.

2009-06-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/Makefile.am, tests/pkcs12_s2k_pem.c: Added new
	self-test pkcs12_s2k_pem.

2009-06-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-06-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-06-10  Simon Josefsson <simon@josefsson.org>

	* lib/x509/pkcs12_encr.c: Fix PKCS#12 string to key function for
	1/128 inputs.  Reported by "Kukosa, Tomas"
	<tomas.kukosa@siemens-enterprise.com> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.

2009-06-09  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/getpagesize.m4, gl/m4/gnulib-comp.m4,
	gl/m4/memchr.m4, gl/m4/mmap-anon.m4, gl/memchr.c,
	gl/tests/Makefile.am, gl/tests/getpagesize.c,
	gl/tests/test-memchr.c, gl/tests/zerosize-ptr.h,
	lib/gl/Makefile.am, lib/gl/m4/getpagesize.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/memchr.m4,
	lib/gl/m4/mmap-anon.m4, lib/gl/memchr.c, lib/gl/tests/Makefile.am,
	lib/gl/tests/getpagesize.c, lib/gl/tests/test-memchr.c,
	lib/gl/tests/zerosize-ptr.h: Update gnulib files.

2009-06-09  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-06-09  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-06-09  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-comp.m4, gl/m4/version-etc.m4,
	gl/tests/test-alignof.c, gl/version-etc.c: Update gnulib files.

2009-06-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.1.

2009-06-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.c: Mark global extfunc_size as having static
	scope.

2009-06-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-06-08  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/init_roundtrip.c: Add self-test to detect
	extension init/deinit problem.

2009-06-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.c: Deinitalize extension global variable
	properly.  See <http://bugs.gentoo.org/272388>.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/alignof.h, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
	gl/tests/test-alignof.c, lib/gl/alignof.h: Update gnulib files.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/auth_srp.c, lib/debug.c, lib/debug.h, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/libgnutls.map, lib/pk-libgcrypt.c,
	tests/mpi.c: Rename _gnutls_dump_mpi to _gnutls_mpi_log.  Rewrite to
	use less stack space.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Reduce stack size limit check.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Reduce stack size.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Fix malloc failure error strings.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* tests/crq_apis.c: Test more.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: (_gnutls_x509_oid_data2string): Return proper @res_size for NULL
	res.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Indent.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Doc fix.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Reduce stack usage.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Doc fix.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Simplify.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* tests/crq_apis.c: Test more.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Reduce stack usage.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* tests/crq_apis.c: Test more.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Reduce stack usage.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Fix uninitialized variable access.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Reduce stack frame usage.

2009-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_write.c: Reduce stack usage.

2009-06-02  Simon Josefsson <simon@josefsson.org>

	* gl/m4/manywarnings.m4: Update gnulib files.

2009-06-02  Simon Josefsson <simon@josefsson.org>

	* tests/crq_apis.c: Add.

2009-06-02  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Don't assert on expected errors.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add crq self-test.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* lib/x509/extensions.c: Reduce stack usage.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Reduce stack usage.  Fix build failure wrt
	variable names.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/x509.h: Doc fix.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Doc fix.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Return buffer size for NULL/0 inputs.  Fix output
	buffer size computation.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* lib/x509/extensions.c: Fix mem leak.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Don't assert for expected errors.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Export wstack.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* lib/configure.ac, libextra/configure.ac: Fix WSTACK_CFLAGS.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Improve logging and fix warnings.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/Makefile.am, lib/openpgp/Makefile.am,
	lib/x509/Makefile.am, libextra/Makefile.am: Check stack size.

2009-06-01  Simon Josefsson <simon@josefsson.org>

	* gl/m4/manywarnings.m4: Update gnulib files.

2009-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: Added gnutls_dh_get_prime_bits limitation.

2009-05-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/pkcs12_bag.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_write.c: Doc fix.  Reported by Peter Hendrickson
	<pdh@wiredyne.com>.

2009-05-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-28  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-05-28  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix paths.

2009-05-28  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-05-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.9.0.

2009-05-28  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix paths for alpha release.

2009-05-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_ui.c: Doc fix.

2009-05-28  Simon Josefsson <simon@josefsson.org>

	* build-aux/gnupload: Update gnulib files.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/srptool.1: Fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/gnutls-serv.1: Doc fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk.c: Doc fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/pkcs7.c: Doc fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Cleanup rules.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/gnutls.texi, lib/Makefile.am,
	lib/openpgp/Makefile.am, lib/x509/Makefile.am, libextra/Makefile.am: 
	Move API texinfo generation into doc/.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* gl/m4/include_next.m4, gl/m4/size_max.m4,
	lib/gl/m4/include_next.m4, lib/gl/m4/size_max.m4: Update gnulib
	files.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.8.0.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* doc/announcement-template.txt: Typo.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, cfg.mk, configure.ac, lib/configure.ac,
	libextra/configure.ac: Prepare for stable release.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_ui.c: Doc fix.  Reported by Peter Hendrickson
	<pdh@wiredyne.com>.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* src/select.c: Remove unused file, replaced by poll from gnulib.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix generation of error_codes.texi and
	algorithms.texi.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* doc/announcement-template.txt: Fix.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.14.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* src/certtool-gaa.c, src/serv-gaa.c: Regenerate.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c, lib/includes/gnutls/compat.h,
	libextra/gnutls_extra.c, libextra/includes/gnutls/extra.h,
	libextra/includes/gnutls/openssl.h, tests/openssl.c, tests/simple.c: 
	Fix version symbol namespace.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
	doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
	doc/gnutls.texi, doc/manpages/certtool.1,
	doc/manpages/gnutls-serv.1, lib/auth_anon.c, lib/auth_dh_common.c,
	lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/gnutls_anon_cred.c,
	lib/gnutls_errors.c, lib/gnutls_handshake.c, lib/gnutls_psk.c,
	lib/gnutls_record.c, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in, libextra/gnutls_ia.c,
	src/certtool.gaa, src/prime.c, src/serv.c, src/serv.gaa,
	src/tls_test.c, tests/anonself.c, tests/dhepskself.c,
	tests/openpgpself.c, tests/oprfi.c, tests/resume.c, tests/tlsia.c,
	tests/x509dn.c, tests/x509self.c, tests/x509signself.c: Doc fixes.
	Suggested by Peter Hendrickson <pdh@wiredyne.com>.

2009-05-26  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_auth.c: Doc fix.  Reported by Peter Hendrickson
	<pdh@wiredyne.com>.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.13.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* doc/announcement-template.txt: Fix.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* doc/announcement-template.txt: Improve.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Sort symbols.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Auto-generate from GnuTLS 2.6.x list of
	exported symbols.  No substantial change.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Move functions.  Reported by Andreas Metzler
	<ametzler@downhill.at.eu.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3578>.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Move gnutls_x509_crq_set_key back to old ABI
	namespace.  Reported by Andreas Metzler
	<ametzler@downhill.at.eu.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3576>.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-25  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Fix expired certs.  Exit early to make it
	easier to find failing test.  Reported by Andreas Metzler
	<ametzler@downhill.at.eu.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3580>.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* .clcopying: Fix.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Fix PGP key.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi, src/Makefile.am, src/README, src/README.srptool: 
	Removed duplicated documentation.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.12.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/serv.c, src/tls_test.c: Fix gnutls-serv and
	gnutls-cli-debug on Windows.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* gl/getdelim.c: Update gnulib files.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/reference/Makefile.am, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c: Use libtasn1 2.2.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* build-aux/gnupload, gl/Makefile.am, gl/m4/sys_socket_h.m4,
	gl/sys_socket.in.h, gl/tests/test-sys_socket.c, lib/gl/Makefile.am,
	lib/gl/m4/sys_socket_h.m4, lib/gl/sys_socket.in.h,
	lib/gl/tests/test-sys_socket.c, maint.mk: Update gnulib files.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/vsnprintf.m4,
	lib/gl/tests/Makefile.am, lib/gl/tests/test-vsnprintf.c,
	lib/gl/vsnprintf.c: Replace vsnprintf if needed.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-05-20  Simon Josefsson <simon@josefsson.org>

	* tests/crq_key_id.c: Reorder gcry quick random to make it
	effective.  Reported by Andreas Metzler
	<ametzler@downhill.at.eu.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3570>.

2009-05-18  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-05-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.11.

2009-05-18  Simon Josefsson <simon@josefsson.org>

	* NEWS, cfg.mk, configure.ac, doc/examples/Makefile.am,
	lib/Makefile.am, lib/configure.ac, lib/openpgp/Makefile.am,
	lib/x509/Makefile.am, libextra/Makefile.am, libextra/configure.ac,
	src/Makefile.am, tests/Makefile.am: Don't build with warnings all
	the time.  Use a WERROR_CFLAGS.

2009-05-18  Simon Josefsson <simon@josefsson.org>

	* maint.mk: Update gnulib files.

2009-05-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-18  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Don't use unportable NI_MAXHOST/NI_MAXSERV.

2009-05-17  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Link getaddrinfo libraries.  Reported by "Tom G.
	Christensen" <tgc@jupiterrise.com> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3560>.

2009-05-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac: Need to run AC_PROG_CXX
	unconditionally.

2009-05-16  Simon Josefsson <simon@josefsson.org>

	* doc/doxygen/Doxyfile.in, libextra/gl/Makefile.am: Fix old gnulib
	lgpl/ paths.  Reported by "Tom G. Christensen" <tgc@jupiterrise.com>
	in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3556>.

2009-05-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-05-14  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am: Need -DASN1_BUILDING for libtasn1.

2009-05-14  Simon Josefsson <simon@josefsson.org>

	* doc/announcement-template.txt: Add.

2009-05-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-14  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am: Fix -I's after gnulib changes.
	Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3548>.

2009-05-14  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.10.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/tests/Makefile.am, gl/tests/test-alignof.c, lib/gl/Makefile.am,
	lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
	lib/gl/tests/Makefile.am, lib/gl/tests/test-alignof.c: Avoid failing
	tests.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_global.c, lib/gnutls_priority.c,
	lib/gnutls_psk.c, lib/gnutls_session.c, lib/gnutls_state.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
	lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
	lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/pkcs12_bag.c, lib/x509/x509.c,
	lib/x509/x509_write.c, libextra/gnutls_ia.c: Doc fixes for GTK-DOC.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* lib/ext_server_name.c, lib/gnutls_priority.c,
	lib/gnutls_record.c, lib/gnutls_srp.c, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/gnutls_x509.c,
	lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_write.c: Doc fixes for GTK-DOC.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/crypto.h, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/x509.h, lib/openpgp/gnutls_openpgp.c,
	lib/x509/dn.c, lib/x509/output.c, lib/x509/pkcs7.c,
	lib/x509/verify.c, lib/x509/x509.c: Doc fixes for GTK-DOC.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
	doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
	doc/examples/ex-client1.c, doc/examples/ex-client2.c,
	doc/examples/ex-crq.c, doc/examples/ex-pkcs12.c,
	doc/examples/ex-rfc2818.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
	doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
	doc/examples/tcp.c: Place examples in public domain.  After
	discussion with Karl.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* gl/alignof.h, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
	gl/tests/test-alignof.c, lib/gl/alignof.h,
	lib/gl/m4/gnulib-comp.m4, lib/gl/tests/Makefile.am,
	lib/gl/tests/test-alignof.c, maint.mk: Update gnulib files.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/keydb.c: Avoid sprintf.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-tlsia.c, lib/opencdk/literal.c,
	lib/opencdk/misc.c, src/common.c, tests/chainverify.c,
	tests/tlsia.c: Fix warnings.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-05-13  Simon Josefsson <simon@josefsson.org>

	* lib/pk-libgcrypt.c: Fix crash.

2009-05-12  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c: Doc fix.

2009-05-12  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_dh_primes.c: Doc fix.

2009-05-12  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am, lib/minitasn1/errors.h: Drop removed
	libtasn1 file.

2009-05-12  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h: Upgrade
	libtasn1 to v2.1.

2009-05-12  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c, libextra/gnutls_extra.c: Doc fixes.  Remove
	debugging code.

2009-05-12  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.9.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* lib/configure.ac, libextra/configure.ac: Drop obsolete stuff.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Drop obsolete stuff.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
	lib/gl/m4/gnulib-comp.m4, {gl => lib/gl}/m4/ld-output-def.m4, {gl
	=> lib/gl}/m4/ld-version-script.m4, libextra/gl/gnulib.mk,
	libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4,
	libextra/gl/m4/ld-output-def.m4,
	libextra/gl/m4/ld-version-script.m4: Move gnulib tests into proper
	directory.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Fix gnutls_priority_init documentation.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Revert "Fix man output for "%COMPAT" in
	docstrings." This reverts commit d10f1872bcbf7eb63632a8ce2e50728f42bd03fa.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Fix man output for "%COMPAT" in docstrings.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: When writing man pages, don't append to
	any existing file.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Doc fix.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/examples/Makefile.am, lib/gl/Makefile.am,
	lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
	lib/gl/tests/Makefile.am, lib/gl/tests/test-lseek.c,
	lib/gl/tests/test-lseek.sh, src/Makefile.am, tests/Makefile.am: Fix
	MinGW build failures.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* lib/autogen.sh: Add.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* maint.mk: Update gnulib files.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* gtk-doc.make: Fix syntax-check.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* gtk-doc.make, m4/gtk-doc.m4: Upgrade gtk-doc files.

2009-05-11  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, gl/sys_socket.in.h, gl/tests/test-vc-list-files-git.sh,
	lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/sys_socket.in.h,
	lib/gl/tests/Makefile.am, lib/gl/tests/test-lseek.c,
	lib/gl/tests/test-lseek.sh, libextra/gl/gnulib.mk,
	libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4: 
	Update gnulib files.

2009-05-10  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Verisign CA v1 cert has expired!  Change
	expected results.  Also test expiration code more.

2009-05-08  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Don't always rebuild manual.

2009-05-08  Simon Josefsson <simon@josefsson.org>

	* gl/m4/sys_socket_h.m4, lib/gl/m4/sys_socket_h.m4: Update gnulib
	files.

2009-05-08  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, lib/gl/Makefile.am: Update gnulib files.

2009-05-08  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/alignof.h, lib/gl/Makefile.am: Update gnulib
	files.

2009-05-08  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix.

2009-05-08  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix.

2009-05-08  Simon Josefsson <simon@josefsson.org>

	* build-aux/gnupload, gl/Makefile.am, gl/m4/errno_h.m4,
	gl/m4/gnulib-comp.m4, gl/m4/multiarch.m4, gl/m4/sys_socket_h.m4,
	gl/m4/vasnprintf.m4, gl/sys_socket.in.h,
	gl/tests/test-sys_socket.c, lib/gl/Makefile.am, lib/gl/alignof.h,
	lib/gl/m4/errno_h.m4, lib/gl/m4/gnulib-comp.m4,
	lib/gl/m4/multiarch.m4, lib/gl/m4/sys_socket_h.m4,
	lib/gl/m4/vasnprintf.m4, lib/gl/sys_socket.in.h,
	lib/gl/tests/test-sys_socket.c, maint.mk: Update gnulib files.

2009-05-08  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix -Werror handling.

2009-05-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Fix warnings.

2009-05-07  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
	doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
	tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
	tests/oprfi.c, tests/pskself.c, tests/resume.c, tests/tlsia.c,
	tests/x509dn.c, tests/x509self.c, tests/x509signself.c: Fix
	warnings.

2009-05-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-05-07  Simon Josefsson <simon@josefsson.org>

	* tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
	tests/oprfi.c, tests/pskself.c, tests/resume.c, tests/tlsia.c,
	tests/x509dn.c, tests/x509self.c, tests/x509signself.c: Use memset
	instead of deprecated bzero.

2009-05-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/certtool-cfg.c, src/serv.c: Fix build failure on systems
	without AF_INET6, e.g., Solaris 2.6.  Reported by "Tom G.
	Christensen" <tgc@jupiterrise.com> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3524>.

2009-05-06  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Drop README.GIT.

2009-05-06  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Need to link directly to libgcrypt here.

2009-05-06  Simon Josefsson <simon@josefsson.org>

	* lib/mpi-libgcrypt.c: Don't use casts that break strict-aliasing
	rules.

2009-05-06  Simon Josefsson <simon@josefsson.org>

	* README-alpha: Fix.

2009-05-06  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Fix.

2009-05-05  Simon Josefsson <simon@josefsson.org>

	* README-alpha, doc/README.GIT: Replace doc/README.GIT with
	README-alpha.

2009-05-05  Simon Josefsson <simon@josefsson.org>

	* README-alpha: Fix.

2009-05-05  Simon Josefsson <simon@josefsson.org>

	* README-alpha: Add.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/libgnutls.map: Fix build failure when LZO is enabled.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
	libextra/includes/gnutls/extra.h: Fix gtk-doc warnings.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c: Regenerated libtasn1
	files.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Build tools before using them.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* .x-sc_GPL_version, .x-sc_avoid_if_before_free,
	.x-sc_cast_of_alloca_return_value, .x-sc_cast_of_argument_to_free,
	.x-sc_file_system, .x-sc_m4_quote_check, .x-sc_makefile_check,
	.x-sc_program_name, .x-sc_prohibit_HAVE_MBRTOWC,
	.x-sc_prohibit_S_IS_definition, .x-sc_space_tab, .x-sc_the_the,
	.x-sc_two_space_separator_in_usage, .x-sc_useless_cpp_parens, NEWS,
	cfg.mk, doc/examples/ex-serv-export.c, doc/gnutls.texi,
	gtk-doc.make, lib/gnutls.asn, lib/m4/hooks.m4,
	lib/openpgp/Makefile.am, lib/pkix.asn, lib/x509/Makefile.am,
	libextra/m4/hooks.m4, m4/valgrind.m4, src/Makefile.am,
	src/certtool-cfg.c, src/certtool.c, src/crypt.c, src/psk.c,
	src/serv.c, src/tls_test.c, tests/Makefile.am, tests/resume.c,
	tests/x509dn.c: Fix syntax-check warnings.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, gtk-doc.make: Upgrade gtk-doc files.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.8.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gettext.h, gl/m4/wchar.m4, gl/wchar.in.h,
	lib/gl/Makefile.am, lib/gl/gettext.h, lib/gl/m4/wchar.m4,
	lib/gl/wchar.in.h: Update gnulib files.

2009-05-03  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-padding/pkcs1-pad: Fix self test fails because of
	expired certs using datefudge.

2009-05-01  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Print cert details.  Fix verifying expired
	cert.

2009-05-01  Simon Josefsson <simon@josefsson.org>

	* tests/cve-2008-4989.c: Avoid time checks.

2009-04-30  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/cve-2009-1415.c, tests/cve-2009-1416.c: 
	Add self-tests for security problems.

2009-04-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-04-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
	lib/includes/gnutls/x509.h, lib/x509/verify.c, src/common.c: 
	libgnutls: Check activation/expiration times on untrusted
	certificates.  Reported by Romain Francoise.

2009-04-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pk.c: Fix DSA key generation.

2009-04-30  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Use modern git names.

2009-04-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add old NEWS entries.

2009-04-30  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Document how to use TLS exporters.

2009-04-30  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Fix getaddrinfo/bind loop.

2009-04-28  Simon Josefsson <simon@josefsson.org>

	* maint.mk: Update gnulib files.

2009-04-27  Simon Josefsson <simon@josefsson.org>

	* : Replace PDF with official ZIP file.  The PDFs have the same
	SHA-1.  The file was downloaded from:

	http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/PKI%20Testing%20Page.htmUsing the direct link:

	http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/certpath1.07.zip

2009-04-27  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix.

2009-04-27  Simon Josefsson <simon@josefsson.org>

	* build-aux/useless-if-before-free, build-aux/vc-list-files,
	gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, maint.mk: Update gnulib files.

2009-04-27  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix some error messages.

2009-04-27  Simon Josefsson <simon@josefsson.org>

	* gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/vasnprintf.c,
	lib/gl/m4/lib-link.m4, lib/gl/m4/lib-prefix.m4,
	lib/gl/vasnprintf.c, libextra/gl/m4/lib-link.m4,
	libextra/gl/m4/lib-prefix.m4, maint.mk: Update gnulib files.

2009-04-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-04-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-04-27  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Move symbols new with gnutls 2.8.x under
	GNUTLS_2_8 version.

2009-04-24  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/serv.c: gnutls-serv: Listen on all interfaces.

2009-04-24  Simon Josefsson <simon@josefsson.org>

	* maint.mk: Update gnulib files.

2009-04-24  Simon Josefsson <simon@josefsson.org>

	* lib/pk-libgcrypt.c: Cleanup code and fix memory leaks.

2009-04-23  Simon Josefsson <simon@josefsson.org>

	* doc/gendocs_template: Update gnulib files.

2009-04-23  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/gnutls.texi: Improve texinfo section names.

2009-04-23  Simon Josefsson <simon@josefsson.org>

	* tests/x509sign-verify.c: Also test DSA keys.

2009-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: release allocated mpis in
	_gnutls_x509_verify_algorithm().

2009-04-21  Simon Josefsson <simon@josefsson.org>

	* tests/libgcrypt.supp: Suppress more for modern libgcrypt.

2009-04-21  Simon Josefsson <simon@josefsson.org>

	* tests/x509sign-verify.c: Cleanup code.

2009-04-21  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Pass proper socket to libgnutls on Windows.

2009-04-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/{tests => }/sockets.c, gl/{tests => }/sockets.h,
	gl/tests/Makefile.am, gl/tests/dummy.c: Need sockets module.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.map: Make check needs more symbols.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/Makefile.am, lib/libgnutls.map, libextra/Makefile.am,
	libextra/libgnutls-extra.map, libextra/libgnutls-extra.vers: Improve
	version scripts.  Limit exported symbols on systems without linker
	script.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, build-aux/gendocs.sh, configure.ac, lib/configure.ac,
	lib/m4/hooks.m4, libextra/configure.ac: Bump version.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.7.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Really generate DSA key in example.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Fix return value.  Doc fix.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Explain how to generate DSA key.

2009-04-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c, lib/x509/x509.c: Doc fix for new APIs.

2009-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pk-libgcrypt.c: Corrected possible memory corruption on
	signature verification failure. Reported by Miroslav Kratochvil
	<exa.exa@gmail.com>

2009-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/printlist.c: Added small patch from Romain Francoise to remove
	unneeded include.

2009-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/privkey.c, lib/x509/x509.c,
	tests/Makefile.am, tests/x509sign-verify.c: Added self test for
	gnutls_x509_crt_verify_hash() and
	gnutls_x509_crt_get_verify_algorithm().  Added some notes in
	gnutls_x509_privkey_sign_hash().

2009-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c,
	lib/x509/x509.c: gnutls_x509_crt_get_sig_algorithm was renamed to
	gnutls_x509_crt_get_verify_algorithm.  Corrected some issues with
	the code.

2009-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Reorder.

2009-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/gnutls.pc.in: Add -ltasn1 to pkg-config file.  Reported
	by Andreas Metzler <ametzler@downhill.at.eu.org> in

	<http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3467>.

2009-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-04-17  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Use new po domain.

2009-04-17  Simon Josefsson <simon@josefsson.org>

	* lib/po/de.po.in: Sync with TP.

2009-04-17  Simon Josefsson <simon@josefsson.org>

	* lib/po/de.po.in: Sync with TP.

2009-04-17  Simon Josefsson <simon@josefsson.org>

	* maint.mk: Update gnulib files.

2009-04-17  Simon Josefsson <simon@josefsson.org>

	* lib/po/de.po.in: Sync with TP.

2009-04-16  Simon Josefsson <simon@josefsson.org>

	* : commit 934102c33ac89ace9a1e1d02047d54f2fea6b59b Merge: bc279f40a
	d720f3f19 Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date:
	Wed Apr 15 22:43:03 2009 +0300

2009-04-14  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, doc/gendocs_template, doc/lgpl-2.1.texi: 
	Update gnulib files.

2009-04-11  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/inet_ntop.m4, maint.mk: Update gnulib files.

2009-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented Cedric Bail's function addition

2009-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 258d2e873f61d5543c674f46a6247b4a379d2cca Author: Simon
	Josefsson <simon@josefsson.org> Date:   Fri Apr 3 15:20:09 2009
	+0200

2009-04-03  Simon Josefsson <simon@josefsson.org>

	* lib/po/POTFILES.in: Fix filenames.

2009-04-03  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix PODIR.

2009-04-03  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.ac, lib/Makefile.am, lib/configure.ac, {po
	=> lib/po}/LINGUAS, {po => lib/po}/Makevars, {po =>
	lib/po}/POTFILES.in, {po => lib/po}/cs.po.in, {po =>
	lib/po}/de.po.in, {po => lib/po}/fr.po.in, {po => lib/po}/ms.po.in,
	{po => lib/po}/nl.po.in, {po => lib/po}/pl.po.in, {po =>
	lib/po}/sv.po.in, {po => lib/po}/vi.po.in: Move i18n dir back to
	lib/, after discussion with Bruno.

2009-04-03  Simon Josefsson <simon@josefsson.org>

	* configure.ac, gl/Makefile.am, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/ld-version-script.m4,
	m4/linker-script.m4: Use linker-script from gnulib.

2009-04-03  Simon Josefsson <simon@josefsson.org>

	* configure.ac, gl/Makefile.am, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/ld-output-def.m4, lib/configure.ac,
	libextra/configure.ac, m4/output-def.m4: Use output-def test from
	gnulib.

2009-04-03  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/Makefile.am, lib/{libgnutls.vers =>
	libgnutls.map}, lib/{libgnutlsxx.vers => libgnutlsxx.map}: Rename
	linker script.

2009-04-03  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/m4/hooks.m4, libextra/Makefile.am: Use
	DLL_VERSION variable name.

2009-03-30  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/cs.po.in: Sync with TP.

2009-03-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c, lib/openpgp/output.c, lib/x509/output.c: Fix
	warnings.

2009-03-30  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Only add warnings when using gcc.  Don't use
	-Wformat-nonliteral.

2009-03-30  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, build-aux/gnupload, gl/Makefile.am, gl/close-hook.c,
	gl/close-hook.h, gl/close.c, gl/fseeko.c, gl/gai_strerror.c,
	gl/m4/close.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
	gl/m4/printf.m4, gl/m4/select.m4, gl/m4/stdarg.m4,
	gl/m4/sys_select_h.m4, gl/readline.c, gl/{winsock-select.c =>
	select.c}, gl/setsockopt.c, gl/stdint.in.h, gl/sys_select.in.h,
	gl/sys_socket.in.h, gl/tests/Makefile.am, gl/tests/sockets.c,
	gl/tests/sockets.h, gl/tests/test-getaddrinfo.c,
	gl/tests/test-sockets.c, gl/unistd.in.h, gl/vasnprintf.c,
	lib/gl/Makefile.am, lib/gl/close-hook.c, lib/gl/close-hook.h,
	lib/gl/fseeko.c, lib/gl/m4/gnulib-common.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/printf.m4, lib/gl/sockets.c,
	lib/gl/sockets.h, lib/gl/stdint.in.h, lib/gl/sys_socket.in.h,
	lib/gl/tests/test-sockets.c, lib/gl/unistd.in.h,
	lib/gl/vasnprintf.c, lib/gl/w32sock.h,
	libextra/gl/m4/gnulib-common.m4, maint.mk: Update gnulib files.

2009-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/includes/gnutls/x509.h, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_int.h: Applied patch by Cedric Bail to add functions
	gnutls_x509_crt_verify_hash() and
	gnutls_x509_crt_get_sig_algorithm().

2009-03-23  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix bootstrap.

2009-03-23  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, cfg.mk, configure.ac, lib/Makefile.am,
	lib/configure.ac: Fix po paths.

2009-03-23  Simon Josefsson <simon@josefsson.org>

	* lib/po/POTFILES.in, {lib/po => po}/LINGUAS, {lib/po =>
	po}/Makevars, po/POTFILES.in, {lib/po => po}/de.po.in, {lib/po =>
	po}/fr.po.in, {lib/po => po}/ms.po.in, {lib/po => po}/nl.po.in,
	{lib/po => po}/pl.po.in, {lib/po => po}/sv.po.in, {lib/po =>
	po}/vi.po.in: Move lib/po to po/ since the gettext domain is global
	for gnutls.

2009-03-04  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Cosmetic fix.

2009-03-04  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c, lib/x509/x509_int.h: Be compatible with
	libtasn1 before v1.6.

2009-03-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-03-04  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/errors.c,
	lib/minitasn1/errors.h, lib/minitasn1/gstr.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c: Update to minitasn1 v1.8.

2009-03-04  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c, lib/gnutls_global.h, lib/x509/common.c,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/pkcs12.c, lib/x509/pkcs7.c,
	lib/x509/x509.c: Use modern libtasn1 interfaces.

2009-03-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-03-02  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump version.

2009-03-02  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Add -I's for errcodes/printlist.  Reported by
	Roman Bogorodskiy <novel@FreeBSD.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3435>.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix distcheck.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Remove error_codes.texi and algorithms.texi to
	fix make distcheck.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Update --css-include path to fix distcheck.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.6.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Fix.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* gl/tests/test-fseeko2.sh, lib/gl/tests/test-fseeko2.sh: Update
	gnulib files.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-comp.m4, gl/m4/printf.m4, gl/m4/stdint.m4,
	gl/m4/stdlib_h.m4, gl/m4/vasnprintf.m4, gl/tests/Makefile.am,
	gl/tests/test-fseeko.c, gl/tests/test-getaddrinfo.c,
	gl/vasnprintf.c, lib/gl/m4/gnulib-comp.m4, lib/gl/m4/printf.m4,
	lib/gl/m4/stdint.m4, lib/gl/m4/stdlib_h.m4,
	lib/gl/m4/vasnprintf.m4, lib/gl/tests/Makefile.am,
	lib/gl/tests/test-fseeko.c, lib/gl/vasnprintf.c: Update gnulib
	files.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* gl/m4/ungetc.m4, lib/gl/m4/ungetc.m4: Update gnulib files.

2009-02-27  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Revert %-hack that lead to syntax errors in
	texinfo output.

2009-02-24  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Minor cleanup.

2009-02-24  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/certtool-cfg.c: certtool: Query for multiple dnsName
	subjectAltName in interactive mode.

2009-02-23  Simon Josefsson <simon@josefsson.org>

	* gl/m4/include_next.m4, lib/gl/m4/include_next.m4: Update gnulib
	files.

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: documented pkix.asn change

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn: Removed several unneeded parameters from pkix tree.
	This reduces initial memory usage after gnutls_global_init() from
	140kb (in amd64) to 50kb.

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c, tests/crq_key_id.c: Added more verbose information.

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/dn.c,
	tests/crq_key_id.c: Revert "Added more verbose debugging info" This reverts commit c2d3596cddbb54ac4f19c44b15a03ee1fcceab12.

2009-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/dn.c,
	tests/crq_key_id.c: Added more verbose debugging info

2009-02-22  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* doc/TODO: removed items that have already been done or solved.

2009-02-22  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS: documented the SSL3_RECORD_VERSION priority string

2009-02-22  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* doc/scripts/gdoc, lib/gnutls_priority.c: Applied patch by Martin
	von Gagern: The attached patch fixes gnutls_priority_init(3), but in
	a very hackish way, treating a percent sign as indicating a constant
	only if it is not immediately preceded by a double quote.

2009-02-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* doc/manpages/gnutls-cli.1: Corrected listing of special keywords.
	Reported by Martin von Gagern.

2009-02-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* doc/manpages/gnutls-cli.1, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_priority.c: Added %SSL3_RECORD_VERSION
	priority option that allows to specify the client hello message
	record version. Used to overcome buggy TLS servers. Report by Martin
	von Gagern.

2009-02-15  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/verify.c: Corrected bit disable (was flipping instead).
	Initialy reported by Daniel Kahn Gillmor on 9/1/2008. Many thanks to
	moog@sysdev.oucs.ox.ac.uk for bringing this into my attention.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/serv.c: gnutls-serv: No longer disable MAC padding by
	default.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: More gnulib usage.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Use more gnulib interfaces.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Update gnutls-serv --help output.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Update gnutls-cli --help output.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_x509.c: 
	libgnutls: Add new priority strings for allowing RSA-MD5 and V1-CA.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/cli.c: gnutls-cli: Don't permit V1 CAs by default.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, {src => doc}/errcodes.c, {src =>
	doc}/printlist.c, src/Makefile.am: Move doc related tools from src/
	to doc/.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Typo.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Typo.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Print OpenPGP cert info using libgnutls.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/openpgp/output.c: libgnutls: gnutls_openpgp_crt_print
	supports oneline mode.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: Fix expected test vectors.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/output.c: libgnutls: gnutls_x509_crt_print prints
	signature algorithm in oneline mode.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* gl/m4/close.m4, gl/m4/sockets.m4, gl/tests/sockets.h,
	gl/tests/test-sockets.c, lib/gl/m4/sockets.m4, lib/gl/sockets.h,
	lib/gl/tests/test-sockets.c: Update gnulib files.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/common.c: gnutls-cli: Print certificate info using
	libgnutls.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-02-11  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Print bit size of RSA exponents.

2009-02-06  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-02-06  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Need -lgnutls etc for certtool-cfg.c.

2009-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.5.

2009-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Merge in old NEWS entries.

2009-02-06  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify.c: Move down revocation check to revert code to
	how it looked before.  The idea is that if you have marked a cert as
	trusted, you may want to trust it even though some authority has
	revoked it.  This changes back how this code used to work.

2009-02-02  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/TODO, lib/x509/verify.c, tests/chainverify.c: Make it
	possible to trust intermediary certificates.  Based on tiny patch
	from "Douglas E. Engert" <deengert@anl.gov> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3376>.

2009-02-02  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Add another chain from bug reports.

2009-02-02  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Print more certificate status values.

2009-02-02  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Assert less for expected errors.

2009-02-02  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Simplify keyid printing to avoid allocation and
	asserts.

2009-02-01  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, doc/scripts/gdoc: Update gdoc and use
	-pkg-name.

2009-02-01  Simon Josefsson <simon@josefsson.org>

	* build-aux/gnupload, gl/Makefile.am, gl/m4/00gnulib.m4,
	gl/m4/errno_h.m4, gl/m4/extensions.m4, gl/m4/gnulib-common.m4,
	gl/m4/gnulib-comp.m4, gl/m4/multiarch.m4, gl/m4/pmccabe2html.m4,
	gl/m4/stdlib_h.m4, gl/stdlib.in.h, gl/tests/test-getaddrinfo.c,
	gl/version-etc.c, gl/version-etc.h, lib/gl/Makefile.am,
	lib/gl/m4/00gnulib.m4, lib/gl/m4/errno_h.m4,
	lib/gl/m4/extensions.m4, lib/gl/m4/gnulib-common.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/multiarch.m4,
	lib/gl/m4/stdlib_h.m4, lib/gl/stdlib.in.h,
	libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
	libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4: 
	Update gnulib files.

2009-01-27  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, lib/gnutls_handshake.c: gnutls_handshake when sending client
	hello during a rehandshake, will not offer a version number larger
	than the current.  Reported by Tristan Hill <stan@saticed.me.uk>.

2009-01-27  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_psk.c: result_size in gnutls_hex_encode behaves as
	documented. It now holds the size of the result. Reported by John
	Brooks.

2009-01-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/arpa_inet.in.h, gl/fseeko.c, gl/m4/alloca.m4,
	gl/m4/errno_h.m4, gl/m4/getaddrinfo.m4, gl/m4/getline.m4,
	gl/m4/getpass.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-common.m4,
	gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4, gl/m4/intmax_t.m4,
	gl/m4/inttypes_h.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/longlong.m4, gl/m4/malloc.m4, gl/m4/minmax.m4,
	gl/m4/printf.m4, gl/m4/readline.m4, gl/m4/realloc.m4,
	gl/m4/sockets.m4, gl/m4/sockpfaf.m4, gl/m4/stdbool.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/m4/wchar_t.m4,
	gl/m4/wint_t.m4, gl/progname.c, gl/stdint.in.h, gl/stdio.in.h,
	gl/strerror.c, gl/sys_stat.in.h, gl/tests/gettimeofday.c,
	gl/tests/ioctl.c, gl/tests/test-unistd.c, gl/unistd.in.h,
	gl/wchar.in.h, lib/gl/Makefile.am, lib/gl/fseeko.c,
	lib/gl/m4/alloca.m4, lib/gl/m4/byteswap.m4, lib/gl/m4/codeset.m4,
	lib/gl/m4/errno_h.m4, lib/gl/m4/gettext.m4,
	lib/gl/m4/gnulib-common.m4, lib/gl/m4/iconv.m4,
	lib/gl/m4/intldir.m4, lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
	lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
	lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
	lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4, lib/gl/m4/lock.m4,
	lib/gl/m4/longlong.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memmem.m4,
	lib/gl/m4/memmove.m4, lib/gl/m4/minmax.m4, lib/gl/m4/nls.m4,
	lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
	lib/gl/m4/progtest.m4, lib/gl/m4/realloc.m4, lib/gl/m4/sockets.m4,
	lib/gl/m4/sockpfaf.m4, lib/gl/m4/stdbool.m4, lib/gl/m4/stdint.m4,
	lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/strcase.m4,
	lib/gl/m4/strverscmp.m4, lib/gl/m4/threadlib.m4,
	lib/gl/m4/uintmax_t.m4, lib/gl/m4/unistd_h.m4,
	lib/gl/m4/vasnprintf.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
	lib/gl/stdint.in.h, lib/gl/stdio.in.h, lib/gl/sys_stat.in.h,
	lib/gl/tests/test-unistd.c, lib/gl/unistd.in.h, lib/gl/wchar.in.h: 
	Update gnulib files.

2009-01-21  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2009-01-21  Simon Josefsson <simon@josefsson.org>

	* libextra/gl/Makefile.am, libextra/gl/gnulib.mk,
	libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
	libextra/gl/m4/lib-ld.m4, libextra/gl/m4/lib-link.m4,
	libextra/gl/m4/md5.m4: Add -I's in libextra/gl for stdint.h on
	Solaris.  Reported by Dagobert Michelsen <dam@opencsw.org> in

	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3388

2009-01-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: Check return value properly.

2009-01-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: Fix mem leak because buffer is not expanded
	correctly.

2009-01-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix typos.

2009-01-09  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/verify.c: Permit V1 Certificate Authorities
	properly.  Before they were mistakenly rejected even though
	GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
	GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied.  Reported by
	"Douglas E. Engert" <deengert@anl.gov> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

2009-01-09  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Permit V1 CA's in new --verify-chain code.

2009-01-09  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2009-01-09  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Added chain supplied by "Douglas E. Engert"
	<deengert@anl.gov>.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* src/errcodes.c, src/printlist.c: Fix license header.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_global.c,
	lib/gnutls_global.h, lib/gnutls_int.h: Cleanup logger function type.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.4.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_rsa_export.c: Doc fixes.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
	doc/examples/ex-client1.c, lib/gnutls_algorithms.c,
	lib/gnutls_rsa_export.c, lib/openpgp/output.c, lib/x509/output.c,
	lib/x509/privkey.c, src/cli.c, src/common.c, src/serv.c,
	src/tls_test.c, tests/dhepskself.c: Fix warnings.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, doc/gendocs_template, gl/Makefile.am,
	gl/m4/errno_h.m4, gl/m4/extensions.m4, gl/m4/getaddrinfo.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inttypes_h.m4,
	gl/m4/lib-link.m4, gl/m4/manywarnings.m4, gl/m4/multiarch.m4,
	gl/m4/printf.m4, gl/m4/size_max.m4, gl/m4/stdint.m4,
	gl/m4/stdint_h.m4, gl/m4/wchar.m4, gl/m4/wchar_t.m4,
	gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/stdint.in.h, gl/stdlib.in.h,
	gl/sys_select.in.h, gl/tests/Makefile.am,
	gl/tests/test-select-in.sh, gl/unistd.in.h, gl/version-etc.c,
	gl/wchar.in.h, lib/gl/Makefile.am, lib/gl/m4/codeset.m4,
	lib/gl/m4/errno_h.m4, lib/gl/m4/extensions.m4,
	lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
	lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
	lib/gl/m4/iconv.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intlmacosx.m4,
	lib/gl/m4/intmax.m4, lib/gl/m4/inttypes-pri.m4,
	lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
	lib/gl/m4/lib-link.m4, lib/gl/m4/multiarch.m4, lib/gl/m4/nls.m4,
	lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
	lib/gl/m4/progtest.m4, lib/gl/m4/size_max.m4, lib/gl/m4/stdint.m4,
	lib/gl/m4/stdint_h.m4, lib/gl/m4/threadlib.m4,
	lib/gl/m4/uintmax_t.m4, lib/gl/m4/visibility.m4,
	lib/gl/m4/wchar.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
	lib/gl/m4/xsize.m4, lib/gl/stdint.in.h, lib/gl/stdlib.in.h,
	lib/gl/tests/Makefile.am, lib/gl/unistd.in.h, lib/gl/wchar.in.h,
	libextra/gl/Makefile.am, libextra/gl/m4/extensions.m4,
	libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4,
	libextra/gl/m4/lib-link.m4: Update gnulib files.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix NEWS entry.

2009-01-07  Simon Josefsson <simon@josefsson.org>

	* tests/sha2/sha2: Fix self-test with new certtool --verify-chain
	output.

2009-01-06  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* NEWS: added NEWS item about MD5 deprecation

2009-01-06  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-padding/pkcs1-pad: Fix expect strings to compensate
	for new certtool -e output.

2009-01-06  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/certtool.c: certtool: Make --verify-chain use libgnutls
	verification algorithm.

2009-01-06  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Test chain with EE cert signed using RSA-MD5.

2009-01-06  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* lib/x509/verify.c: actually deprecate MD5 and MD2 signatures
	during X.509 verification by treating them as invalid unless the
	GNUTLS_VERIFY_ALLOW_SIGN_RSA_{MD5,MD2} flags are present.

2008-12-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add NEWS entries from 2.6.3.

2008-12-12  Simon Josefsson <simon@josefsson.org>

	* tests/crq_key_id.c: Fix.

2008-12-12  Simon Josefsson <simon@josefsson.org>

	* tests/crq_key_id.c: Make it compile.  Speed up key generation.

2008-12-12  Simon Josefsson <simon@josefsson.org>

	* tests/crq_key_id.c: Indent.

2008-12-12  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/Makefile.am, tests/crq_key_id.c: Add crq_key_id
	self-test from David Marín Carreño.

2008-12-11  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Update manywarnings usage.

2008-12-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-12-11  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Print public key id for certificate requests
	too.

2008-12-11  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-12-11  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2008-12-11  Simon Josefsson <simon@josefsson.org>

	* AUTHORS, NEWS, lib/includes/gnutls/x509.h, lib/x509/crq.c: gnutls:
	New interface to get key id for certificate requests.  Patch from
	David Marín Carreño <davefx@gmail.com> in

	<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3321>.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.3.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Check ca=false with flags too.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* gl/override/tests/test-lseek.sh.diff, gl/tests/test-lseek.sh,
	lib/gl/tests/test-lseek.sh: Disable parts of gnulib self-tests that
	fail on mingw.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* lib/gl/tests/test-lseek.c, maint.mk: Update gnulib files.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* gl/override/tests/test-lseek.c.diff,
	gl/override/tests/test-select-in.sh.diff, gl/tests/test-lseek.c,
	gl/tests/test-select-in.sh: Disable parts of gnulib self-tests that
	fail on mingw.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-cxx.cpp: Drop config.h, not needed (hopefully?)
	and breaks mingw due to rpl_gmtime.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Certtool need libgnutls etc for
	libcmd-certtool.la too, due to certtool-cfg.c.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/x509self.c: Fix comments.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/cve-2008-4989.c: Align with Nikos' patch.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/Makefile.am, lib/opencdk/armor.c,
	lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/read-packet.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c: Revert "Fix warnings
	in opencdk." This reverts commit 59cddc711e55bbd094bdf95986277fb33ba964ee.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify.c: Revert last commit.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Add GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag
	when needed.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Add hbci chain.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Fix comments.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Fix order to match comments.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Don't fail on expect errors, to allow more
	information to be collected.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/verify.c: Revert Nikos revert, and fix verification
	hopefully better.  The new logic is to include the CA cert in
	validation, but short-cut full validation of trusted certificates.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/chainverify.c: Add chain with CA having a basic constraint
	saying CA=FALSE.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* tests/cve-2008-4989.c: Add note.

2008-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/Makefile.am, tests/chainverify.c: Add self-test of
	chain verification logic.

2008-12-09  Simon Josefsson <simon@josefsson.org>

	* tests/libgcrypt.supp: Ignore more.

2008-12-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-12-05  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/verify.c: reintroduced the self signed certificate
	removal code. This time shouldn't have the drawbacks that used to.

2008-12-05  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Disable secmem rather than overriding
	libgcrypt memory allocators.  Suggested by Werner Koch in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/2056>.

2008-12-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_global.c: rearranged initialization stuff based on
	Werner's suggestions.

2008-12-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/certtool.c: gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0) is
	being called after libgcrypt initialization (gnutls_global_init).

2008-12-03  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/Makefile.am, lib/opencdk/armor.c,
	lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/read-packet.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c: Fix warnings in
	opencdk.

2008-12-03  Simon Josefsson <simon@josefsson.org>

	* gl/m4/manywarnings.m4: Add.

2008-12-01  Simon Josefsson <simon@josefsson.org>

	* configure.ac, gl/Makefile.am, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/include_next.m4, gl/m4/warnings.m4,
	gl/stdint.in.h, gl/sys_time.in.h, lib/gl/m4/include_next.m4,
	lib/gl/stdint.in.h: Update gnulib files.

2008-11-29  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* tests/x509self.c: Incorporated patch (with modifications) from Joe
	Orton that also checks the rehandshake capabilities.

2008-11-25  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
	libextra/Makefile.am, tests/Makefile.am: Fix minitasn1 -I's.

2008-11-25  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Fix minitasn1 -I.

2008-11-25  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.c: Fix compiler warning.

2008-11-23  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Libreadline is needed by libcmd_certtool.la, not
	certtool.  Reported by Arfrever Frehtes Taifersar Arahesis
	<arfrever.fta@gmail.com> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3293>.

2008-11-23  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/opencdk/context.h, lib/opencdk/literal.c, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
	lib/opencdk/read-packet.c: Converted non-C compliant code to
	standard C. The usage of structures like: struct x {   int el1;   char str[1]; } and the trick of using a single allocation for str and the structure
	itself by allocating sizeof(x) + strlen()-1, are questionable. They
	were converted to: struct x {   int el1;   char *str; } and there is a single allocation of sizeof(x)+strlen() but then the
	str pointer is updated to point to the rest of the data.

2008-11-23  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_str.c,
	lib/gnutls_str.h, lib/x509/dn.c: When reading data from a buffer
	(gnutls_string) avoid memmoving all remaining data.  This will speed
	up short byte reads.

2008-11-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* doc/TODO: reorganized goals

2008-11-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/cli.c: return non zero error code on error conditions.

2008-11-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* doc/certtool.cfg: better grouping of configuration directives

2008-11-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit 8b14ab18cf5e5214ac3d28412e0c503e83a753c1 Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Fri Nov 21 21:02:45
	2008 +0200

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_compress.c: Clean up LZO initialization.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c: Don't use // comments.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Change link order, so that gnulib is last.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* maint.mk: Update gnulib files.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* lib/po/LINGUAS: Sync with TP.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* lib/po/LINGUAS: Sync with TP.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* lib/po/LINGUAS, lib/po/ms.po.in: Sync with TP.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.2.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Add deprecated guard for libtasn1.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/element.h,
	lib/minitasn1/errors.c, lib/minitasn1/gstr.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
	lib/minitasn1/structure.h: Sync with libtasn1 v1.7.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am, lib/Makefile.am,
	lib/openpgp/Makefile.am, libextra/Makefile.am: Fix WARN_CFLAGS uses.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_compress.c: Fix warnings.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Respect ENABLE_OPENSSL.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Move gnulib EARLY early.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac, {lib/m4 => m4}/output-def.m4: Move C++ and
	-output-def detection.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac, {lib/m4 => m4}/linker-script.m4: Fix linker
	script test.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Fix typo.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* configure.ac, libextra/m4/hooks.m4: Print Openssl status.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/m4/hooks.m4: Print C++ status.

2008-11-18  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Cleanup guile tests.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* gl/m4/warnings.m4: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Rewrite warning initializations.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Typo.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* gl/m4/warnings.m4: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* doc/examples/examples.h: Add.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* configure.ac, doc/examples/Makefile.am, doc/examples/ex-alert.c,
	doc/examples/ex-client-psk.c, doc/examples/ex-pkcs12.c,
	doc/examples/ex-rfc2818.c, doc/examples/ex-session-info.c,
	doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
	doc/examples/tcp.c, gl/gettext.h, gl/override/lib/gettext.h.diff,
	lib/gl/gettext.h, lib/gl/override/lib/gettext.h.diff,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c,
	lib/gnutls_str.h, lib/openpgp/output.c, lib/x509/Makefile.am,
	lib/x509/dn.c, lib/x509/output.c, lib/x509/privkey.c,
	libextra/fipsmd5.c, libextra/gnutls_extra.c,
	libextra/gnutls_openssl.c, src/Makefile.am, src/cli.c,
	src/common.h, src/crypt.c, src/prime.c, src/psk.c, src/serv.c,
	src/tls_test.c, tests/Makefile.am, tests/anonself.c,
	tests/crypto_rng.c, tests/dhepskself.c, tests/dn.c,
	tests/finished.c, tests/gc.c, tests/mini.c, tests/openpgpself.c,
	tests/pkcs12_s2k.c, tests/pskself.c, tests/resume.c,
	tests/set_pkcs12_cred.c, tests/tlsia.c, tests/utils.c,
	tests/utils.h, tests/x509dn.c, tests/x509self.c,
	tests/x509signself.c: Use more warnings.  Fix many warnings.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* gl/m4/warnings.m4, gl/override/tests/test-select-out.sh.diff,
	gl/tests/test-select-out.sh: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
	lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
	lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h: Fix
	cosmetic nits in header files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/includes/gnutls/compat.h,
	lib/includes/gnutls/gnutls.h.in: Fix namespace of version symbols.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Move #include's outside of C++
	markers.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/serv-gaa.c, src/serv-gaa.h: 
	Generated.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Work around gnulib+mingw problem.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* src/cli.gaa, src/common.h, src/serv.c, src/serv.gaa: Never include
	config.h in *.h files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* gl/m4/hostent.m4, gl/m4/servent.m4: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* gl/override/tests/test-select-out.sh.diff,
	gl/tests/test-select-out.sh: Work around reported bug in gnulib
	self-tests.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4, gl/m4/sockets.m4,
	gl/tests/test-select-out.sh, lib/gl/m4/sockets.m4: Update gnulib
	files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, build-aux/gnupload, gl/m4/getaddrinfo.m4,
	gl/m4/netdb_h.m4, gl/netdb.in.h, gl/tests/sockets.h,
	lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/netdb_h.m4, lib/gl/netdb.in.h,
	lib/gl/sockets.h, lib/gl/tests/Makefile.am,
	libextra/gl/Makefile.am, libextra/gl/m4/gnulib-cache.m4,
	libextra/gl/m4/gnulib-comp.m4: Update gnulib files.

2008-11-17  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_auth.c: Make it build.

2008-11-15  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_auth.c: Corrected memory leak in
	_gnutls_free_auth_info(). Trace and patch by Michael Weiser.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Disable openpgp-keyring when not building
	openpgp.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add -I for libextra too.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutlsxx.cpp: Make it compile with --disable-openpgp.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* tests/resume.c: Fix warning.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/mpi-libgcrypt.c: Don't return from void function.  Reported by
	Jeff Cai <jeff.cai@sun.com> in
	https://savannah.gnu.org/support/?106549

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h, libextra/ext_inner_application.c,
	libextra/gnutls_ia.c: Include gnutls/extra.h at the right places.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/mac-libgcrypt.c: Don't return from void function.  Reported by
	Jeff Cai <jeff.cai@sun.com> in
	https://savannah.gnu.org/support/?106549

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/pkcs12-decode/Makefile.am,
	tests/{pkcs12-decode => }/pkcs12_s2k.c: Move pkcs12_s2k.c test to
	top-level to avoid -I/etc flag duplication.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs12-decode/pkcs12: Test pkcs12_2certs.p12 too.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs12-decode/Makefile.am: Dist pkcs12_2certs.p12.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Dist README.gaa.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Remove README.autoconf.

2008-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/m4/hooks.m4: Run AC_PROG_CXX only when needed.  Reported by
	Daniel Black <dragonheart@gentoo.org> in
	<https://savannah.gnu.org/support/?106542>.

2008-11-13  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Use more warnings.

2008-11-13  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openssl.c: Fix warning.

2008-11-13  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Drop incorrect -I.

2008-11-13  Simon Josefsson <simon@josefsson.org>

	* doc/README.gaa: Add.

2008-11-13  Simon Josefsson <simon@josefsson.org>

	* configure.ac, doc/examples/ex-serv-export.c,
	libextra/gnutls_ia.c, src/Makefile.am, src/certtool-gaa.c,
	src/cli-gaa.c, src/crypt-gaa.c, src/psk-gaa.c, src/serv-gaa.c,
	src/tests.c, src/tls_test-gaa.c: Use more warnings.  Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c, lib/gnutls_mpi.c, lib/gnutls_pk.c,
	lib/mac-libgcrypt.c: Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Add -Werror again, code is fixed.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Use warning flags, but not for C++ code.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/cve-2008-4989.c: Use more warnings.  Fix
	warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am, src/certtool-cfg.h, src/certtool-gaa.c: Use more
	warnings.  Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/Makefile.am, libextra/Makefile.am,
	libextra/gl/Makefile.am, libextra/gl/m4/extensions.m4,
	libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4: Use
	more warning flags.  Need extensions in libextra.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.c, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_mpi.c,
	lib/gnutls_x509.c: Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Add prototype for
	gnutls_certificate_set_x509_simple_pkcs12_mem.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Use WARN_CFLAGS.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/ext_server_name.c, lib/gnutls_cipher.c,
	lib/gnutls_constate.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_record.c,
	lib/gnutls_supplemental.c, lib/gnutls_v2_compat.c: Fix warnings.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Build gl/ later.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Drop -Werror because gnutls code doesn't compile with it.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/Makefile.am: Disable pointer sign warnings.  Use
	WARN_CFLAGS more.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Better warning flag hangling.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, doc/README.GIT: Drop --enable-developer-mode.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* configure.ac: Remove debug code.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, configure.ac: Use warnings module.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, configure.ac, gl/m4/gnulib-comp.m4, gl/m4/warnings.m4,
	lib/configure.ac, libextra/configure.ac: Use gnulib warnings module.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add v2.6.2 entries.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/m4/hooks.m4, lib/m4/output-def.m4: Use output-def.m4.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.pc.in, libextra/gnutls-extra.pc.in: Add URL fields.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/m4/hooks.m4, lib/m4/linker-script.m4: Fix version script
	detection.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	lib/m4/linker-script.m4, libextra/configure.ac, m4/valgrind.m4: Use
	external m4 files for shared tests.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* tests/cve-2008-4989.c: Frob expected verify status code.  With
	latest verify.c patch it just say the chain is invalid, rather than
	complaining about missing signer certificate.  This is arguable more
	correct.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify.c: Remove check of last certificate in path is
	self signed.  Causes crashes further down in the code for
	certificate chains that only contain one self-signed certificate.
	Still protects against the GNUTLS-SA-2008-3 vulnerabillity.
	Reported by Michael Meskes <meskes@debian.org> in
	<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>.

2008-11-12  Simon Josefsson <simon@josefsson.org>

	* gl/tests/test-select-out.sh: Comment out broken test.

2008-11-11  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	{lib/gl => gl}/m4/warnings.m4, lib/gl/Makefile.am,
	lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4: Update gnulib
	files.

2008-11-11  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Need more -I's.

2008-11-11  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/warnings.m4: Update gnulib
	files.

2008-11-11  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/fseeko.c, gl/m4/getaddrinfo.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
	gl/m4/printf.m4, gl/netdb.in.h, gl/tests/test-select-fd.c,
	gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
	lib/gl/Makefile.am, lib/gl/fseeko.c, lib/gl/m4/netdb_h.m4,
	lib/gl/m4/printf.m4, lib/gl/netdb.in.h: Update gnulib files.

2008-11-11  Simon Josefsson <simon@josefsson.org>

	* tests/cve-2008-4989.c: Also test chain length of 1 since the
	security patch caused a crash.

2008-11-11  Simon Josefsson <simon@josefsson.org>

	* tests/libgcrypt.supp: Add another gcrypt leak.

2008-11-11  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_global.c: Fix mem leak.

2008-11-11  Simon Josefsson <simon@josefsson.org>

	* tests/cve-2008-4989.c: Fix mem leaks.

2008-11-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/Makefile.am, tests/cve-2008-4989.c: Add
	cve-2008-4989.c self-test.

2008-11-10  Simon Josefsson <simon@josefsson.org>

	* gl/tests/gettimeofday.c, gl/tests/test-gettimeofday.c,
	gl/tests/test-select-fd.c, gl/tests/test-select-in.sh,
	gl/tests/test-select-out.sh, gl/tests/test-select-stdin.c: Update
	gnulib files.

2008-11-10  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gettimeofday.m4, gl/m4/gnulib-comp.m4,
	gl/m4/sys_ioctl_h.m4, gl/tests/Makefile.am,
	lib/gl/m4/include_next.m4, lib/gl/sys_stat.in.h: Update gnulib
	files.

2008-11-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, lib/x509/verify.c: Merge in v2.6.1 fixes.

2008-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/m4/hooks.m4: Use modern -Wl,--version-script check.

2008-11-07  Simon Josefsson <simon@josefsson.org>

	* doc/cyclo/Makefile.am: Cover more files.

2008-11-07  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/opencdk.h: Fix C++ rule, for pmccabe2html.

2008-11-07  Simon Josefsson <simon@josefsson.org>

	* build-aux/pmccabe.css, build-aux/pmccabe2html, configure.ac,
	doc/Makefile.am, doc/cyclo/Makefile.am, gl/Makefile.am,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/pmccabe2html.m4,
	gl/sys_stat.in.h: Add cyclomatic code complexity charts.

2008-11-07  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/m4/hooks.m4, libextra/configure.ac: Need LZO detection
	in libgnutls.

2008-11-05  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, lib/gnutls_x509.c, tests/Makefile.am,
	tests/set_pkcs12_cred.c: * Added gnutls_certificate_set_x509_simple_pkcs12_mem * Made gnutls_certificate_set_x509_simple_pkcs12_file() more
	advanced.  It will return a corresponding certificate and key pair.
	[The previous version would return the first ones found]. Eliminated
	memory leaks on error conditions on these functions.

2008-11-05  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* .gitignore: ignore more stuff

2008-11-05  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, doc/certtool.cfg, src/certtool-cfg.c, src/certtool.c: 
	certtool: allow setting arbitrary key purpose object identifiers.

2008-11-05  Simon Josefsson <simon@josefsson.org>

	* doc/README.autoconf: Remove obsolete instructions.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_srp.c, lib/gnutls_ui.c: Doc fix.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Use error instead of fprintf.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Indent differently for gtk-doc.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore gnulib headers.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* m4/ax_create_stdint_h.m4: Remove.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore config.h.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Drop pointless gc_LDADD.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Drop removed -Ilgl.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/Makefile.am, doc/{fdl.texi => fdl-1.3.texi},
	doc/gnutls.texi, gl/Makefile.am, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/include_next.m4: Update gnulib files.
	Use GFDLv1.3 for manual.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Fix typo.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Sync gnutls_srp_set_prime_bits
	prototype with code.

2008-11-04  Simon Josefsson <simon@josefsson.org>

	* lib/includes/gnutls/gnutls.h.in: Add forgotten prototype for
	gnutls_srp_server_get_username.  Reported by Kevin Quick.

2008-11-03  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_ui.c: documented that gnutls_dh_set_prime_bits() has no
	effect in server side.

2008-11-03  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit fe191e360728fcee72cf5ba835f2301f1bf78b49 Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Mon Nov 3 21:44:38
	2008 +0200

2008-11-03  Simon Josefsson <simon@josefsson.org>

	* lib/gl/Makefile.am, lib/gl/m4/gnulib-comp.m4,
	lib/gl/m4/memchr.m4, lib/gl/m4/memcmp.m4, lib/gl/memchr.c,
	lib/gl/memcmp.c, lib/gl/tests/Makefile.am,
	lib/gl/tests/test-memchr.c, lib/gl/tests/test-memcmp.c, maint.mk: 
	Update gnulib files.

2008-11-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-11-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
	libextra/configure.ac: Bump versions.

2008-11-03  Simon Josefsson <simon@josefsson.org>

	* lib/m4/hooks.m4: Check for C99 macros.

2008-11-02  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/minitasn1/decoding.c, lib/minitasn1/element.c,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h: * added BER octet string decoder from libtasn1.  * added the tree generation optimizations.

2008-11-02  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/certtool.c: * Some more verbose out.  * Do not abort the pkcs12 structure parsing if one bag failed.

2008-11-02  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/pkcs12.c: Reduce verbosity

2008-11-02  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/pkcs12.c: print DER errors if any.

2008-10-31  Simon Josefsson <simon@josefsson.org>

	* doc/texinfo.css: Use white background.

2008-10-31  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-10-31  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.1.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am: Really fix -I's.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am: Fix -I's.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add -lgnutls-extra for openpgp-keyring.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/sys_stat_h.m4, gl/sys_stat.in.h, gl/tests/Makefile.am,
	gl/tests/test-sys_stat.c: Need more gnulib modules.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/{tests => }/connect.c, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/recv.c, gl/send.c, gl/tests/Makefile.am,
	src/certtool.c, src/cli.c: Need more gnulib modules.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/{tests => }/perror.c, gl/tests/Makefile.am: Update gnulib files.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* .gitignore: Update.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* doc/.gitignore, lib/po/.gitignore, libextra/.gitignore: Update.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/minmax.m4, gl/m4/read-file.m4, gl/minmax.h, gl/read-file.c,
	gl/read-file.h, gl/tests/Makefile.am, gl/tests/test-read-file.c,
	src/Makefile.am, src/cli.c, src/serv.c: Need more gnulib modules.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* gl/accept.c, gl/alloca.c, gl/bind.c, gl/close.c, gl/fclose.c,
	gl/listen.c, gl/m4/close.m4, gl/m4/fclose.m4, gl/m4/perror.m4,
	gl/m4/sockets.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4,
	gl/m4/sys_time_h.m4, gl/setsockopt.c, gl/socket.c,
	gl/sys_select.in.h, gl/sys_time.in.h, gl/tests/connect.c,
	gl/tests/ioctl.c, gl/tests/perror.c, gl/tests/sockets.c,
	gl/tests/sockets.h, gl/tests/sys_ioctl.in.h,
	gl/tests/test-perror.c, gl/tests/test-perror.sh,
	gl/tests/test-select.c, gl/tests/test-sockets.c,
	gl/tests/test-sys_select.c, gl/tests/test-sys_time.c,
	gl/tests/w32sock.h, gl/winsock-select.c: Update gnulib files.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/shutdown.c, gl/tests/Makefile.am, gl/tests/dummy.c,
	gl/w32sock.h, lib/Makefile.am, src/common.h: Use sockets module.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am: Fix.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* configure.ac, lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
	lib/gl/m4/gnulib-comp.m4, lib/gl/m4/sockets.m4, lib/gl/sockets.c,
	lib/gl/sockets.h, lib/gl/tests/Makefile.am,
	lib/gl/tests/test-sockets.c, lib/gnutls_buffers.c,
	lib/gnutls_global.c: Better gnulib module usage.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-comp.m4: Update gnulib files.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* configure.in => configure.ac: Rename.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am, src/Makefile.am: Fixes.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/configure.ac, tests/Makefile.am: Fixes.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in, doc/Makefile.am,
	doc/examples/Makefile.am, doc/reference/Makefile.am,
	guile/src/Makefile.am, includes/Makefile.am, lib/Makefile.am,
	lib/configure.ac, lib/includes/Makefile.am, {includes =>
	lib/includes}/gnutls/compat.h, {includes =>
	lib/includes}/gnutls/crypto.h, {includes =>
	lib/includes}/gnutls/gnutls.h.in, {includes =>
	lib/includes}/gnutls/gnutlsxx.h, {includes =>
	lib/includes}/gnutls/openpgp.h, {includes =>
	lib/includes}/gnutls/pkcs12.h, {includes =>
	lib/includes}/gnutls/x509.h, lib/opencdk/Makefile.am,
	lib/openpgp/Makefile.am, lib/x509/Makefile.am,
	libextra/Makefile.am, libextra/configure.ac,
	libextra/includes/Makefile.am, {includes =>
	libextra/includes}/gnutls/extra.h, {includes =>
	libextra/includes}/gnutls/openssl.h, src/Makefile.am,
	tests/Makefile.am, tests/{hostname-check/README =>
	hostname-check.README}, tests/{hostname-check =>
	}/hostname-check.c, tests/hostname-check/Makefile.am,
	tests/{openpgp/keyring.c => openpgp-keyring.c},
	tests/openpgp/Makefile.am, tests/pkcs12-decode/Makefile.am: Separate
	headers as well.  Clean up -I's.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am, tests/Makefile.am,
	tests/pkcs12-decode/Makefile.am: Builds on my system now.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/gnutls_mem.h: Drop dmalloc and efence support.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
	lib/openpgp/Makefile.am, lib/x509/Makefile.am,
	libextra/Makefile.am, src/Makefile.am: Make it build better.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/Makefile.am, lib/m4/hooks.m4,
	libextra/Makefile.am, src/Makefile.am: Fixes.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, configure.in, includes/gnutls/gnutls.h.in,
	lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
	lib/openpgp/Makefile.am, lib/x509/Makefile.am: Make it build.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/po/POTFILES.in: Fix paths.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, lib/m4/hooks.m4: Build fixes.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix i18n stuff.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/m4/hooks.m4, libextra/m4/hooks.m4: New files, forgotten in
	last commit.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/build-aux/config.rpath, lib/build-aux/link-warning.h,
	lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
	libextra/build-aux/config.rpath: Update gnulib files.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in, lib/AUTHORS, COPYING.LIB =>
	lib/COPYING, lib/ChangeLog, lib/Makefile.am, lib/NEWS, lib/README,
	lib/configure.ac, {po => lib/po}/.gitignore, {po =>
	lib/po}/LINGUAS, {po => lib/po}/Makevars, {po =>
	lib/po}/POTFILES.in, {po => lib/po}/de.po.in, {po =>
	lib/po}/fr.po.in, {po => lib/po}/ms.po.in, {po => lib/po}/nl.po.in,
	{po => lib/po}/pl.po.in, {po => lib/po}/sv.po.in, {po =>
	lib/po}/vi.po.in, libextra/AUTHORS, libextra/COPYING,
	libextra/ChangeLog, libextra/Makefile.am, libextra/NEWS,
	libextra/README, libextra/configure.ac, libextra/gl/Makefile.am,
	libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4,
	libextra/gl/m4/lib-ld.m4, libextra/gl/m4/lib-link.m4,
	libextra/gl/m4/lib-prefix.m4: More splitting updates.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* libextra/gl/Makefile.am, libextra/gl/m4/gnulib-cache.m4,
	libextra/gl/m4/gnulib-comp.m4: Update gnulib files.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* gl/alloca.in.h, gl/asnprintf.c, gl/errno.in.h, gl/float+.h,
	gl/float.in.h, gl/fseeko.c, gl/gettext.h, gl/lseek.c,
	gl/m4/alloca.m4, gl/m4/errno_h.m4, gl/m4/float_h.m4,
	gl/m4/fseeko.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
	gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/malloc.m4,
	gl/m4/printf.m4, gl/m4/realloc.m4, gl/m4/size_max.m4,
	gl/m4/snprintf.m4, gl/m4/sockpfaf.m4, gl/m4/stdbool.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/string_h.m4, gl/m4/sys_socket_h.m4,
	gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/m4/wchar.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4,
	gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
	gl/printf-parse.h, gl/realloc.c, gl/size_max.h, gl/snprintf.c,
	gl/stdbool.in.h, gl/stdint.in.h, gl/stdio-impl.h, gl/stdio-write.c,
	gl/stdio.in.h, gl/stdlib.in.h, gl/string.in.h, gl/sys_socket.in.h,
	gl/tests/dummy.c, gl/tests/test-alloca-opt.c,
	gl/tests/test-errno.c, gl/tests/test-fseeko.c,
	gl/tests/test-fseeko.sh, gl/tests/test-lseek.c,
	gl/tests/test-lseek.sh, gl/tests/test-snprintf.c,
	gl/tests/test-stdbool.c, gl/tests/test-stdint.c,
	gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
	gl/tests/test-string.c, gl/tests/test-sys_socket.c,
	gl/tests/test-unistd.c, gl/tests/test-vasnprintf.c,
	gl/tests/test-wchar.c, gl/tests/verify.h, gl/unistd.in.h,
	gl/vasnprintf.c, gl/vasnprintf.h, gl/wchar.in.h, gl/xsize.h: Update
	gnulib files.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in, gl/Makefile.am, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, lib/configure.ac,
	libextra/Makefile.am, libextra/configure.ac: More splitting.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath, lib/gl/Makefile.am,
	lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
	lib/gl/m4/stdlib_h.m4, lib/gl/m4/sys_ioctl_h.m4,
	lib/gl/m4/sys_socket_h.m4, lib/gl/stdlib.in.h,
	lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
	lib/gl/tests/Makefile.am, lib/gl/unistd.in.h: Update gnulib files.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, build-aux/config.rpath, configure.in,
	lib/Makefile.am, lib/configure.ac, {lgl => lib/gl}/Makefile.am,
	{lgl => lib/gl}/alloca.in.h, {lgl => lib/gl}/asnprintf.c, {lgl =>
	lib/gl}/asprintf.c, {lgl => lib/gl}/byteswap.in.h, {lgl =>
	lib/gl}/c-ctype.c, {lgl => lib/gl}/c-ctype.h, {lgl =>
	lib/gl}/errno.in.h, {lgl => lib/gl}/float+.h, {lgl =>
	lib/gl}/float.in.h, {lgl => lib/gl}/fseeko.c, {lgl =>
	lib/gl}/gettext.h, {lgl => lib/gl}/lseek.c, {lgl =>
	lib/gl}/m4/alloca.m4, {lgl => lib/gl}/m4/byteswap.m4, {lgl =>
	lib/gl}/m4/codeset.m4, {lgl => lib/gl}/m4/errno_h.m4, {lgl =>
	lib/gl}/m4/extensions.m4, {lgl => lib/gl}/m4/float_h.m4, {lgl =>
	lib/gl}/m4/fseeko.m4, {lgl => lib/gl}/m4/func.m4, {lgl =>
	lib/gl}/m4/gettext.m4, {lgl => lib/gl}/m4/glibc2.m4, {lgl =>
	lib/gl}/m4/glibc21.m4, {lgl => lib/gl}/m4/gnulib-cache.m4, {lgl =>
	lib/gl}/m4/gnulib-common.m4, {lgl => lib/gl}/m4/gnulib-comp.m4,
	{lgl => lib/gl}/m4/gnulib-tool.m4, {lgl => lib/gl}/m4/iconv.m4,
	{lgl => lib/gl}/m4/include_next.m4, {lgl => lib/gl}/m4/intdiv0.m4,
	{lgl => lib/gl}/m4/intl.m4, {lgl => lib/gl}/m4/intldir.m4, {lgl =>
	lib/gl}/m4/intlmacosx.m4, {lgl => lib/gl}/m4/intmax.m4, {lgl =>
	lib/gl}/m4/intmax_t.m4, {lgl => lib/gl}/m4/inttypes-pri.m4, {lgl =>
	lib/gl}/m4/inttypes_h.m4, {lgl => lib/gl}/m4/lcmessage.m4, {lgl =>
	lib/gl}/m4/lib-ld.m4, {lgl => lib/gl}/m4/lib-link.m4, {lgl =>
	lib/gl}/m4/lib-prefix.m4, {lgl => lib/gl}/m4/lock.m4, {lgl =>
	lib/gl}/m4/longlong.m4, {lgl => lib/gl}/m4/lseek.m4, {lgl =>
	lib/gl}/m4/malloc.m4, {lgl => lib/gl}/m4/memchr.m4, {lgl =>
	lib/gl}/m4/memcmp.m4, {lgl => lib/gl}/m4/memmem.m4, {lgl =>
	lib/gl}/m4/memmove.m4, {lgl => lib/gl}/m4/minmax.m4, {lgl =>
	lib/gl}/m4/netdb_h.m4, {lgl => lib/gl}/m4/nls.m4, {lgl =>
	lib/gl}/m4/po.m4, {lgl => lib/gl}/m4/printf-posix.m4, {lgl =>
	lib/gl}/m4/printf.m4, {lgl => lib/gl}/m4/progtest.m4, {lgl =>
	lib/gl}/m4/read-file.m4, {lgl => lib/gl}/m4/realloc.m4, {lgl =>
	lib/gl}/m4/size_max.m4, {lgl => lib/gl}/m4/snprintf.m4, {lgl =>
	lib/gl}/m4/socklen.m4, {lgl => lib/gl}/m4/sockpfaf.m4, {lgl =>
	lib/gl}/m4/stdbool.m4, {lgl => lib/gl}/m4/stdint.m4, {lgl =>
	lib/gl}/m4/stdint_h.m4, {lgl => lib/gl}/m4/stdio_h.m4, {lgl =>
	lib/gl}/m4/stdlib_h.m4, {lgl => lib/gl}/m4/strcase.m4, {lgl =>
	lib/gl}/m4/string_h.m4, {lgl => lib/gl}/m4/strings_h.m4, {lgl =>
	lib/gl}/m4/strverscmp.m4, {lgl => lib/gl}/m4/sys_ioctl_h.m4, {lgl
	=> lib/gl}/m4/sys_socket_h.m4, {lgl => lib/gl}/m4/sys_stat_h.m4,
	{lgl => lib/gl}/m4/threadlib.m4, {lgl => lib/gl}/m4/time_h.m4, {lgl
	=> lib/gl}/m4/time_r.m4, {lgl => lib/gl}/m4/uintmax_t.m4, {lgl =>
	lib/gl}/m4/unistd_h.m4, {lgl => lib/gl}/m4/vasnprintf.m4, {lgl =>
	lib/gl}/m4/vasprintf.m4, {lgl => lib/gl}/m4/visibility.m4, {lgl =>
	lib/gl}/m4/wchar.m4, {lgl => lib/gl}/m4/wchar_t.m4, {lgl =>
	lib/gl}/m4/wint_t.m4, {lgl => lib/gl}/m4/xsize.m4, {lgl =>
	lib/gl}/memchr.c, {lgl => lib/gl}/memcmp.c, {lgl =>
	lib/gl}/memmem.c, {lgl => lib/gl}/memmove.c, {lgl =>
	lib/gl}/minmax.h, {lgl => lib/gl}/netdb.in.h, {lgl =>
	lib/gl}/override/lib/gc-libgcrypt.c.diff, {lgl =>
	lib/gl}/printf-args.c, {lgl => lib/gl}/printf-args.h, {lgl =>
	lib/gl}/printf-parse.c, {lgl => lib/gl}/printf-parse.h, {lgl =>
	lib/gl}/read-file.c, {lgl => lib/gl}/read-file.h, {lgl =>
	lib/gl}/realloc.c, {lgl => lib/gl}/size_max.h, {lgl =>
	lib/gl}/snprintf.c, {lgl => lib/gl}/stdbool.in.h, {lgl =>
	lib/gl}/stdint.in.h, {lgl => lib/gl}/stdio-impl.h, {lgl =>
	lib/gl}/stdio-write.c, {lgl => lib/gl}/stdio.in.h, {lgl =>
	lib/gl}/stdlib.in.h, {lgl => lib/gl}/str-two-way.h, {lgl =>
	lib/gl}/strcasecmp.c, {lgl => lib/gl}/string.in.h, {lgl =>
	lib/gl}/strings.in.h, {lgl => lib/gl}/strncasecmp.c, {lgl =>
	lib/gl}/strverscmp.c, {lgl => lib/gl}/sys_socket.in.h, {lgl =>
	lib/gl}/sys_stat.in.h, {lgl => lib/gl}/tests/Makefile.am, {lgl =>
	lib/gl}/tests/dummy.c, {lgl => lib/gl}/tests/intprops.h, {lgl =>
	lib/gl}/tests/test-alloca-opt.c, {lgl =>
	lib/gl}/tests/test-byteswap.c, {lgl =>
	lib/gl}/tests/test-c-ctype.c, {lgl => lib/gl}/tests/test-errno.c,
	{lgl => lib/gl}/tests/test-fseeko.c, {lgl =>
	lib/gl}/tests/test-fseeko.sh, {lgl => lib/gl}/tests/test-func.c,
	{lgl => lib/gl}/tests/test-lseek.c, {lgl =>
	lib/gl}/tests/test-lseek.sh, {lgl => lib/gl}/tests/test-memchr.c,
	{lgl => lib/gl}/tests/test-memcmp.c, {lgl =>
	lib/gl}/tests/test-netdb.c, {lgl => lib/gl}/tests/test-read-file.c,
	{lgl => lib/gl}/tests/test-snprintf.c, {lgl =>
	lib/gl}/tests/test-stdbool.c, {lgl => lib/gl}/tests/test-stdint.c,
	{lgl => lib/gl}/tests/test-stdio.c, {lgl =>
	lib/gl}/tests/test-stdlib.c, {lgl => lib/gl}/tests/test-string.c,
	{lgl => lib/gl}/tests/test-strings.c, {lgl =>
	lib/gl}/tests/test-strverscmp.c, {lgl =>
	lib/gl}/tests/test-sys_socket.c, {lgl =>
	lib/gl}/tests/test-sys_stat.c, {lgl => lib/gl}/tests/test-time.c,
	{lgl => lib/gl}/tests/test-unistd.c, {lgl =>
	lib/gl}/tests/test-vasnprintf.c, {lgl =>
	lib/gl}/tests/test-vasprintf.c, {lgl => lib/gl}/tests/test-wchar.c,
	{lgl => lib/gl}/tests/verify.h, {lgl => lib/gl}/time.in.h, {lgl =>
	lib/gl}/time_r.c, {lgl => lib/gl}/unistd.in.h, {lgl =>
	lib/gl}/vasnprintf.c, {lgl => lib/gl}/vasnprintf.h, {lgl =>
	lib/gl}/vasprintf.c, {lgl => lib/gl}/wchar.in.h, {lgl =>
	lib/gl}/xsize.h, libextra/configure.ac: Start configure split.

2008-10-30  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, doc/gnutls.texi, lib/Makefile.am,
	lib/libgnutls-config.in, lib/libgnutls.m4, libextra/.gitignore,
	libextra/Makefile.am, libextra/libgnutls-extra-config.in,
	libextra/libgnutls-extra.m4: Remove *-config scripts and old M4
	checks.

2008-10-29  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, maint.mk: Update gnulib files.

2008-10-28  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix coverage rules.

2008-10-28  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Need to build before running checks.

2008-10-28  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Add code coverage rules.

2008-10-23  Simon Josefsson <simon@josefsson.org>

	* : commit 3eab289192e97f0bada61ca2c4d51214a4e4f7df Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Wed Oct 22 22:06:21
	2008 +0300

2008-10-22  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit 8973cd66b52fda65b4c9ffadab3b9db59a464fb0 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Wed Oct 22 18:42:41 2008
	+0200

2008-10-22  Simon Josefsson <simon@josefsson.org>

	* gl/m4/netdb_h.m4, gl/netdb.in.h, lgl/m4/netdb_h.m4,
	lgl/netdb.in.h, lgl/sys_socket.in.h: Update gnulib files.

2008-10-22  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Sync gdoc with libidn for license fixes.

2008-10-22  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Use netdb.h instead of getaddrinfo.h.

2008-10-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-10-22  Simon Josefsson <simon@josefsson.org>

	* gl/arpa_inet.in.h, gl/gai_strerror.c, gl/getaddrinfo.c,
	gl/getaddrinfo.h, gl/gnulib.mk, gl/m4/getaddrinfo.m4,
	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
	gl/netdb.in.h, gl/netinet_in.in.h, gl/stdarg.in.h,
	gl/tests/gnulib.mk, gl/tests/test-getaddrinfo.c,
	gl/tests/test-netdb.c, lgl/Makefile.am, lgl/errno.in.h,
	lgl/float.in.h, lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/netdb_h.m4, lgl/m4/stdlib_h.m4, lgl/m4/sys_socket_h.m4,
	lgl/m4/sys_stat_h.m4, lgl/m4/unistd_h.m4, lgl/netdb.in.h,
	lgl/stdint.in.h, lgl/stdio.in.h, lgl/stdlib.in.h, lgl/string.in.h,
	lgl/strings.in.h, lgl/sys_socket.in.h, lgl/sys_stat.in.h,
	lgl/time.in.h, lgl/unistd.in.h, lgl/wchar.in.h, lgl/winsock.c,
	libextra/gl/m4/gnulib-common.m4: Update gnulib files.

2008-10-22  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-10-16  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit a1c1da1939efe571f427a6323a8bb5311d933061 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Thu Oct 16 12:21:32 2008
	+0200

2008-10-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.7.0.

2008-10-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Drop netdb.h check.

2008-10-16  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/netdb_h.m4, lgl/netdb.in.h, lgl/tests/Makefile.am,
	lgl/tests/test-netdb.c, src/common.h: Add netdb gnulib module.  Use
	it.

2008-10-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-10-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-10-16  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am: Upgrade.

2008-10-16  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, gl/getaddrinfo.c, gl/m4/getaddrinfo.m4,
	lgl/Makefile.am, lgl/m4/gnulib-comp.m4, lgl/m4/stdio_h.m4,
	lgl/m4/sys_ioctl_h.m4, lgl/m4/sys_socket_h.m4, lgl/m4/unistd_h.m4,
	lgl/stdio-write.c, lgl/stdio.in.h, lgl/sys_socket.in.h,
	lgl/unistd.in.h, lgl/winsock.c: Update gnulib files.

2008-10-15  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Need to build libutils.la before recursing into
	e.g. pkcs12-decode.

2008-10-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutlsxx.cpp: Minimize ABI changes.

2008-10-13  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2008-10-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Improve GNUTLS_E_AGAIN explanation.
	Suggested by "Lavrentiev, Anton (NIH/NLM/NCBI) [C]"
	<lavr@ncbi.nlm.nih.gov>.

2008-10-12  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2008-10-11  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* .gitignore: added to reduce untracked files.

2008-10-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-10-11  Simon Josefsson <simon@josefsson.org>

	* THANKS, libextra/fipsmd5.c: Add static qualifiers on internal
	symbols.  Tiny patch from Aaron Ucko <ucko@ncbi.nlm.nih.gov>.

2008-10-09  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Sync with upstream.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.h, lib/opencdk/armor.c, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/new-packet.c,
	lib/opencdk/seskey.c, lib/opencdk/verify.c, lib/x509/x509_int.h,
	src/cfg/platon/str/strplus.c: Fix syntax-check warnings.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/opencdk.h: Indent.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* lib/debug.c, lib/opencdk/seskey.c, lib/opencdk/sig-check.c: Drop
	gcrypt.h includes.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention libgcrypt dependency.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/Makefile.am, lib/opencdk/Makefile.am,
	lib/openpgp/Makefile.am, lib/x509/Makefile.am, libextra/Makefile.am: 
	More libgcrypt fixes.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/Makefile.am, src/Makefile.am, tests/Makefile.am: 
	More libgcrypt fixes.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/gnutls_global.c, m4/libgcrypt.m4: Modernize
	libgcrypt detection.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml, includes/gnutls/x509.h,
	lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/output.c, lib/x509/x509_write.c: Doc fixes.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Sync with real list.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_int.h: Need libtasn1.h here.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* lib/auth_rsa.c, lib/auth_rsa_export.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_mpi.h, lib/gnutls_sig.c,
	lib/gnutls_x509.c, lib/mpi-libgcrypt.c, lib/rnd-libgcrypt.c: Reduce
	libtasn1.h includes.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* configure.in: Drop obsolete libtasn1 flags.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, libextra/Makefile.am, src/Makefile.am: Update
	libtasn1 linker flags.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, configure.in, gl/arpa_inet.in.h, gl/c-ctype.h,
	gl/gnulib.mk, gl/m4/arpa_inet_h.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
	gl/strerror.c, lgl/Makefile.am, lgl/c-ctype.h, lgl/errno.in.h,
	lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4, lgl/m4/memcmp.m4,
	lgl/m4/stdio_h.m4, lgl/m4/string_h.m4, lgl/m4/sys_socket_h.m4,
	lgl/m4/unistd_h.m4, lgl/m4/wchar.m4, lgl/stdio.in.h,
	lgl/string.in.h, lgl/sys_socket.in.h, lgl/unistd.in.h,
	libextra/gl/Makefile.am, libextra/gl/m4/gnulib-cache.m4,
	libextra/gl/md5.c: Update gnulib files.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove obsolete stuff.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c, lib/gnutls_constate.c, lib/gnutls_mpi.c,
	lib/gnutls_pk.c, lib/opencdk/armor.c, lib/opencdk/hash.c,
	lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/pubkey.c,
	lib/opencdk/stream.c, lib/openpgp/privkey.c, lib/x509/common.c,
	lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509_write.c,
	libextra/fipsmd5.c, libextra/gl/md5.c, src/certtool-cfg.c,
	src/certtool.c, src/cli.c, src/serv.c: Indent.

2008-10-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, lib/gnutls_global.c, m4/libtasn1.m4: Detect
	libtasn1 via AC_LIB_HAVE_LINKFLAGS.

2008-10-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-10-07  Ludovic Courtès <ludo@gnu.org>

	* tests/Makefile.am: More test compilation fixes with minitasn1.  * tests/Makefile.am (AM_CPPFLAGS)[ENABLE_MINITASN1]: Add minitasn1   directory.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2008-10-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-10-07  Ludovic Courtès <ludo@gnu.org>

	* tests/pkcs12-decode/Makefile.am: Fix compilation of
	`pkcs12-decode' test when using minitasn1.  * tests/pkcs12-decode/Makefile.am (AM_CPPFLAGS)[ENABLE_MINITASN1]:
	  Add `minitasn1' include directory.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2008-10-06  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2008-10-06  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openssl.c: Get issuer dn in X509_get_issuer_name,
	correct last patch.

2008-10-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add 2.6.0 entries.

2008-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-10-05  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openssl.c: Fix out-of-bounds access.  Similar to
	debian #499945 lynx-cur problem.  libextra/gnutls_openssl.c: fix
	X509_get_issuer_name to return issuer name of given certificate and
	not try to get the subject dn of the issuer certificate wich may or
	may not exist. (Checked how openssl does this, too.) This fixes a
	accessing an array outside its bounds.  Debian bug #499945 is
	instructive about the problem. While lynx-cur credits Thomas Dickey
	for the bug, the code and implications are essentially the same for
	the gnutls openssl-compat libary.  Tiny patch from Thomas Viehmann
	<tv@beamnet.de>.

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-common.h,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: reduced warnings in compilation of certtool.

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/output.c: use union to avoid wrong type issues.

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/output.c: corrected print order.

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, doc/certtool.cfg, includes/gnutls/x509.h,
	lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/x509/common.c,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/x509.c,
	lib/x509/x509_int.h, lib/x509/x509_write.c, src/certtool-cfg.c,
	src/certtool-cfg.h, src/certtool.c: Added function to copy
	extensions from a CRL to a certificate.  Reduced many warnings (and
	added more by defining gnutls_log as printf like function --gcc
	only)

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* configure.in: Disable certain warnings that do not work with my
	compiler.

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, includes/gnutls/x509.h, lib/x509/crq.c,
	lib/x509/extensions.c, lib/x509/output.c, src/certtool.c: Added
	gnutls_x509_crq_set_key_purpose_oid and
	gnutls_x509_crq_get_key_purpose_oid.

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS: documentation added functions

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS: updated

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/crq.c, lib/x509/extensions.c, lib/x509/x509_int.h: set
	global maximum size for certificate requests' extensions size.

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/Makefile.am: added missing file

2008-10-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/crq.c,
	lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
	lib/x509/x509.c, lib/x509/x509_int.h, src/certtool-cfg.c,
	src/certtool-cfg.h, src/certtool-common.h, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added initial
	support for certificate requests handling of X.509 extensions.
	Added support to certtool to handle these extensions (add/read)

2008-10-03  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, doc/certtool.cfg, includes/gnutls/x509.h, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/extensions.c, lib/x509/output.c,
	lib/x509/x509_int.h, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: Added functions to handle and set CRL extensions.

2008-10-01  Simon Josefsson <simon@josefsson.org>

	* po/nl.po.in, po/vi.po.in: Sync with TP.

2008-10-01  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-09-29  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit c357933a30801a82e484bed8fbc4bd5b2b34d5e0 Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Mon Sep 29 15:08:02
	2008 +0300

2008-09-29  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-09-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.9.

2008-09-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-09-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Document ABI change.

2008-09-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_constate.c: Re-add comment about too long function, it
	is one of the most complex in gnutls.

2008-09-29  Simon Josefsson <simon@josefsson.org>

	* configure.in: Need AC_CONFIG_MACRO_DIR for modern libtool.

2008-09-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* includes/gnutls/crypto.h, lib/gnutls_pk.c, lib/opencdk/pubkey.c,
	lib/pk-libgcrypt.c, lib/x509/privkey.c, lib/x509/x509_int.h: changed
	crypto API to reduce probability of memory leaks during usage of
	pk_params.

2008-09-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit 699aa57dacc6446e92c123e93bba1f894067893e Author: Nikos
	Mavrogiannopoulos <nmav@turtle.(none)> Date:   Sun Sep 28 03:34:59
	2008 +0300

2008-09-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS: Revert "fixed" This reverts commit 14647811d21d3eda2d5bd82557329bcf7778f31b.

2008-09-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS: fixed

2008-09-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_algorithms.c, lib/gnutls_constate.c, lib/gnutls_int.h: 
	avoid using malloc for small buffers.

2008-09-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_mpi.c: optimized in order to avoid calling malloc for
	small buffers.

2008-09-27  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_constate.c, lib/gnutls_mpi.c: Revert "Revert C99 uses.
	Fixes gnutls_mpi.c mem leak, but not others." This reverts commit bdfa289133b15ad7d92eb3151ce86cca4c879426.

2008-09-25  Simon Josefsson <simon@josefsson.org>

	* tests/pathlen/Makefile.am, tests/pathlen/pathlen: Use EXEEXT in
	self-test scripts.

2008-09-25  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/key-id/Makefile.am, tests/key-id/key-id,
	tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
	tests/rsa-md5-collision/Makefile.am,
	tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/Makefile.am,
	tests/sha2/sha2, tests/userid/Makefile.am, tests/userid/userid: Use
	EXEEXT in self-test scripts.

2008-09-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-25  Simon Josefsson <simon@josefsson.org>

	* lgl/vasnprintf.c: Update gnulib files.

2008-09-25  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2008-09-25  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_constate.c, lib/gnutls_mpi.c: Revert C99 uses.  Fixes
	gnutls_mpi.c mem leak, but not others.

2008-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-09-23  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/x509.c: Corrected buffer overrun in crt_list_import.
	Reported and patch by Jonathan Manktelow.

2008-09-23  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* README: corrected libgcrypt site.

2008-09-23  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/privkey.c: corrected embarrasing bug.

2008-09-23  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/auth_cert.c, lib/gnutls_constate.c, lib/gnutls_mpi.c,
	lib/pk-libgcrypt.c, lib/x509/common.c, lib/x509/dn.c: Corrected
	several memory leaks reported by Sam. In some cases switched to C99
	to avoid having complex code.

2008-09-23  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/extras.c: Doc fix.

2008-09-23  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl_write.c, lib/x509/x509_write.c: Doc fix.

2008-09-23  Simon Josefsson <simon@josefsson.org>

	* configure.in, doc/reference/Makefile.am: Use automake warnings.

2008-09-23  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Typo.

2008-09-23  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix mingw32 rules.

2008-09-23  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, doc/Makefile.am, doc/texinfo.css: Use a stylesheet for
	texinfo HTML manual.

2008-09-21  Nikos Mavrogiannopoulos <nmav@turtle.(none)>

	* lib/x509/privkey.c: fixed memory leak in reencoding of RSA and DSA
	private keys. Reported and studied by Sam Varshavchik

2008-09-21  Nikos Mavrogiannopoulos <nmav@turtle.(none)>

	* lib/x509/x509_write.c: documented the way set_subject_alt_name()
	can set value.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.8.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* po/fr.po.in, po/pl.po.in, po/sv.po.in: Sync with TP.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Use srcdir for -Igl/.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Don't use CFLAGS with distcheck, causes errors in
	./configure tests.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix warnings.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am, src/certtool.c, src/serv.c: Use internal md5 if
	libgcrypt is in FIPS mode.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Initialize libgnutls-extra too.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h: Add prototype for
	gnutls_register_md5_handler.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* libextra/fipsmd5.c: Add Since: tag.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_write.c: Doc fixes.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Need -I for aclocal.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/wchar.m4, lgl/tests/test-wchar.c,
	lgl/wchar.in.h: Add.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* configure.in, libextra/Makefile.am, src/Makefile.am, src/cli.c: 
	Fix libextra build.  Make gnutls-cli work in libgcrypt FIPS mode.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Fix typo.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix markup.

2008-09-21  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Add -I for hmac.h, md5.h.

2008-09-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/certtool.c: deinitialize structures after use.

2008-09-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_pk.c: Corrected memory leak. Reported by Sam
	Varshavchik.

2008-09-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* includes/gnutls/x509.h: added missing headers.

2008-09-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_pk.c, lib/x509/privkey.c: Corrected several bugs in DSA
	DER key importing. Reported and debugged by Sam Varshavchik.

2008-09-20  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
	lib/opencdk/keydb.c, lib/opencdk/stream.c: added gnutls_assert() to
	assist debugging.

2008-09-20  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/openpgp/privkey.c: properly report the error line.

2008-09-20  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, doc/gnutls.texi, lib/x509/extensions.c, lib/x509/output.c,
	lib/x509/x509_int.h, lib/x509/x509_write.c, src/certtool-cfg.c,
	src/certtool-cfg.h, src/certtool.c: output.c: Can properly print IP
	addresses in certificates.  x509_write.c: added
	gnutls_x509_crt_set_subject_alt_name added that can add multiple
	subject alternative names.  certtool: use the new function to be
	able to add several names.

2008-09-19  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2008-09-19  Simon Josefsson <simon@josefsson.org>

	* NEWS, libextra/Makefile.am, libextra/fipsmd5.c: Add
	gnutls_register_md5_handler.

2008-09-19  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4, gl/strdup.c,
	lgl/vasnprintf.c: Update gnulib files.

2008-09-19  Simon Josefsson <simon@josefsson.org>

	* configure.in, libextra/gl/Makefile.am, libextra/gl/hmac-md5.c,
	libextra/gl/hmac.h, libextra/gl/m4/gnulib-cache.m4,
	libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4,
	libextra/gl/m4/gnulib-tool.m4, libextra/gl/m4/hmac-md5.m4,
	libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
	libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h: Add
	md5 and hmac from gnulib to libextra/gl/.

2008-09-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-19  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_hash_int.c: Make _gnutls_hash_copy work with registered
	hashes.

2008-09-19  Simon Josefsson <simon@josefsson.org>

	* THANKS, lib/gnutls_compress.c, lib/gnutls_compress.h,
	libextra/gnutls_extra.c: Make LZO compression support build.  Tiny
	patch from Arfrever Frehtes Taifersar Arahesis
	<arfrever.fta@gmail.com>.

2008-09-17  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/Makefile.am, lib/defines.h,
	lib/gnutls_errors.h, lib/gnutls_int.h: Merge defines.h into
	gnutls_int.h.

2008-09-17  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffer.h: Remove, unused.

2008-09-17  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c, lib/gnutls_x509.c: Fix overflows in gnutls_calloc
	calls.

2008-09-17  Simon Josefsson <simon@josefsson.org>

	* libextra/openssl_compat.c: Fix last commit.

2008-09-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/auth_cert.c, lib/gnutls_cert.c,
	lib/gnutls_session_pack.c, libextra/openssl_compat.c: Fix overflows
	in gnutls_calloc calls.

2008-09-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/gnutls_mem.c: libgnutls: Check for overflows in
	gnutls_calloc and gnutls_secure_calloc.  Reported by Werner Koch
	<wk@gnupg.org>.

2008-09-17  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-09-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, lib/auth_srp.c, lib/gnutls_int.h, lib/gnutls_srp.c: 
	libgnutls: New function to set minimum acceptable SRP bits.  The
	function is gnutls_srp_set_prime_bits.  Tiny patch by Kevin Quick
	<quick@sparq.org> in
	<https://savannah.gnu.org/support/index.php?106454>.

2008-09-17  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/gnutls-cli.1: Fix markup, tiny patch from Sam
	Varshavchik <mrsam@courier-mta.com>.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/auth_cert.c, lib/auth_rsa.c, lib/ext_cert_type.c,
	lib/ext_max_record.c, lib/ext_oprfi.c, lib/ext_server_name.c,
	lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
	lib/gnutls_constate.c, lib/gnutls_extensions.c,
	lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_kx.c,
	lib/gnutls_pk.c, lib/gnutls_record.c, lib/gnutls_session_pack.c,
	lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
	lib/gnutls_x509.c, lib/mac-libgcrypt.c, lib/minitasn1/structure.c,
	lib/opencdk/armor.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c,
	lib/x509/common.c, lib/x509/crq.c, lib/x509/pkcs12.c,
	lib/x509/privkey.c, libextra/gnutls_ia.c, src/printlist.c,
	src/serv.c, tests/finished.c, tests/openssl.c, tests/pgps2kgnu.c,
	tests/pkcs12-decode/pkcs12_s2k.c, tests/simple.c: Indent.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.7.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Fix warning about trailing comma.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix math markup.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* src/printlist.c: Fix.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/gnutls.texi, src/printlist.c: Fix.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Document crypto.h stuff.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Add list of new symbols in 2.6.x.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/crypto.h: Indent.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Don't use extern on functions, for
	consistency.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention new functions.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am, includes/gnutls/gnutls.h.in,
	lib/gnutls_algorithms.c, src/printlist.c: Add interfaces to get PK
	and PK-sign algorithms. Use them.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Credit.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Don't run pgps2kgnu self test when openpgp is
	disable.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Merge in 2.4.2 news entries.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/main.c, lib/opencdk/opencdk.h: Remove cdk_strerror,
	unused and uses non-thread safe strerror.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* tests/openpgpself.c, tests/x509dn.c, tests/x509self.c: Fix
	warnings.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* tests/crypto_rng.c: Fix warnings.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* tests/parse_ca.c: Fix warning.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Split release target.

2008-09-16  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/eoverflow.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/strerror.m4, gl/strerror.c,
	gl/tests/gnulib.mk, gl/tests/test-EOVERFLOW.c,
	gl/tests/test-strerror.c, lgl/Makefile.am, lgl/errno.in.h,
	lgl/m4/eoverflow.m4, lgl/m4/errno_h.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/stdio_h.m4, lgl/stdio.in.h, lgl/sys_socket.in.h,
	lgl/tests/Makefile.am, lgl/tests/test-EOVERFLOW.c,
	lgl/tests/test-errno.c, lgl/tests/test-memchr.c: Update gnulib
	files.

2008-09-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-15  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/setcredcrash.c: Self-test regression of
	gnutls_credentials_set.

2008-09-15  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_auth.c: removed unnesessary and dangerous free from
	credentials_set().

2008-09-14  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/auth_cert.c: added some pedantic error checking.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* src/certtool-gaa.c, src/cli-gaa.c, src/crypt-gaa.c,
	src/psk-gaa.c, src/serv-gaa.c, src/tls_test-gaa.c: Regenerate using
	patched gaa.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Test release with -Werror to avoid regressions.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* libextra/openssl_compat.c: Remove unused code.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* lib/mac-libgcrypt.c: Fix warning.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/new-packet.c: Fix warning.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/opencdk.h: (CDK_KEY_USG_ENCR, CDK_KEY_USG_SIGN): Protect | op.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* lib/cipher-libgcrypt.c: Fix warnings.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* lib/mac-libgcrypt.c: Fix warnings.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* lib/mpi-libgcrypt.c: Fix warnings.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add initialization section.  Update thread
	initialization discussion.

2008-09-09  Simon Josefsson <simon@josefsson.org>

	* tests/openssl.c: Need to initialize gnutls to avoid crash.

2008-09-08  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Drop redundant.

2008-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-09-08  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove foo.def after testing --output-def.

2008-09-08  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.6.

2008-09-08  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath, gl/m4/include_next.m4,
	lgl/m4/include_next.m4: Update gnulib files.

2008-09-03  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
	doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
	doc/examples/ex-client1.c, doc/examples/ex-client2.c,
	doc/examples/ex-crq.c, doc/examples/ex-cxx.cpp,
	doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
	doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
	doc/examples/ex-session-info.c, doc/examples/ex-verify.c,
	doc/examples/ex-x509-info.c, doc/examples/tcp.c, lib/defines.h,
	lib/gnutls_asn1_tab.c, lib/openpgp/openpgp_int.h,
	lib/pkix_asn1_tab.c, src/errcodes.c, tests/anonself.c,
	tests/certificate_set_x509_crl.c, tests/dhepskself.c,
	tests/finished.c, tests/hostname-check/hostname-check.c,
	tests/mini.c, tests/moredn.c, tests/netconf-psk.c,
	tests/openpgpself.c, tests/oprfi.c, tests/pgps2kgnu.c,
	tests/pskself.c, tests/resume.c, tests/tlsia.c, tests/x509dn.c,
	tests/x509self.c, tests/x509signself.c: Use #ifdef for checking
	HAVE_CONFIG_H for consistency.

2008-09-02  Simon Josefsson <simon@josefsson.org>

	* po/POTFILES.in: Mark gnutls_alert for translation.

2008-09-02  Simon Josefsson <simon@josefsson.org>

	* po/ms.po.in: Sync with TP.

2008-09-02  Simon Josefsson <simon@josefsson.org>

	* lgl/vasnprintf.c: Update gnulib files.

2008-09-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-02  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2008-09-02  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cipher_int.c: Don't return from a void function.
	Reported by Dave Uhring <duhring@charter.net>.

2008-09-01  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* tests/Makefile.am, tests/pgps2kgnu.c: added pgps2kgnu test for GNU
	extensions to OpenPGP String-to-Key (S2K) conventions.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* src/tls_test.c: Use gnulib for --version.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* src/crypt.c: Use gnulib more.  Remove code.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* src/crypt.c, src/psk.c: Use gnulib for --version.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/serv-gaa.c, src/serv-gaa.h: 
	Generated.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi, doc/manpages/certtool.1,
	doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1: Drop
	--copyright from documentation.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/cli.gaa, src/common.c, src/serv.c, src/serv.gaa: Drop
	--copyright.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Use gnulib for --version.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Use gnulib for --version.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Only print libgnutls version in --version if it is
	different.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/Makefile.am, lib/gnutls_int.h,
	lib/gnutls_str.h: Remove gnutls_buffer.h, move definitions to
	gnutls_str.h.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_alert.c: Translate error messages.  Cleanup code.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_compress.c, lib/gnutls_compress.h: Remove unused stuff.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* tests/simple.c: Test sign algos.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Print pk and sign algos.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Typo.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add
	gnutls_sign_list and gnutls_sign_get_id.  Suggested by Sam
	Varshavchik <mrsam@courier-mta.com>.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.h, lib/gnutls_compress.h: Move declarations.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/Makefile.am,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
	lib/gnutls_int.h: Merge gnutls_compress_int.? with
	gnutls_compress.?.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/Makefile.am, lib/auth_anon.c,
	lib/auth_cert.c, lib/auth_dh_common.c, lib/auth_dhe.c,
	lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk_passwd.c,
	lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
	lib/auth_srp_passwd.c, lib/auth_srp_rsa.c, lib/ext_server_name.c,
	lib/ext_srp.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_cert.c,
	lib/gnutls_handshake.c, lib/gnutls_record.c,
	lib/gnutls_session_pack.c, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
	libextra/ext_inner_application.c: Move definitions in
	gnutls_auth_int.h to gnutls_auth.h and update callers.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_compress.c: Move compression functions to
	gnutls_compress.c to make gnutls_algorithms.c more readable.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Fix warning.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Doc fix.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* tests/simple.c: Add more tests.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Fix typo.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add
	gnutls_pk_list and gnutls_pk_get_id.  Suggested by Sam Varshavchik
	<mrsam@courier-mta.com>.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* gl/arpa_inet.in.h, gl/gnulib.mk, gl/m4/include_next.m4,
	gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/netinet_in.in.h,
	gl/stdarg.in.h, lgl/Makefile.am, lgl/float.in.h,
	lgl/m4/include_next.m4, lgl/m4/lib-link.m4, lgl/m4/lib-prefix.m4,
	lgl/stdint.in.h, lgl/stdio.in.h, lgl/stdlib.in.h, lgl/string.in.h,
	lgl/strings.in.h, lgl/sys_socket.in.h, lgl/sys_stat.in.h,
	lgl/time.in.h, lgl/unistd.in.h, lgl/wchar.in.h: Update gnulib files.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am, lib/openpgp/Makefile.am: Fixes.

2008-09-01  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix license and libgnutls-extra stuff.

2008-08-31  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit 765c079be0195f0f7fbefccf8b6a8910015042a6 Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Sun Aug 31 13:33:52
	2008 +0300

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/openpgp/Makefile.am, lib/{ =>
	openpgp}/gnutls_openpgp.c: Move gnutls_openpgp.c to lib/openpgp/.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Add Since: tag for gtk-doc.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Fix release target.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.5.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* .clcopying: Update copyright years.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, cfg.mk: Split up release targets.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/minitasn1/element.c, lib/minitasn1/libtasn1.h,
	lib/minitasn1/structure.c: Use libtasn1 1.5.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_str.c: Include stdarg.h for va_start etc.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_anon_cred.c: Fix dummy cred.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump libtool version because of new API.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-tlsia.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, lib/gnutls_anon_cred.c,
	lib/gnutls_buffers.c, lib/opencdk/keydb.c,
	libextra/openssl_compat.c, libextra/openssl_compat.h,
	src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
	src/crypt.c, src/prime.c, src/printlist.c, src/serv.c, src/tests.c,
	src/tls_test.c: Fix warnings.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix description of --enable-developer-mode.  Right
	now all it does is to enable compiler warnings.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/auth_cert.c, lib/auth_srp_passwd.h,
	lib/auth_srp_sb64.c, lib/gnutls_constate.c, lib/gnutls_global.c,
	lib/gnutls_helper.c, lib/gnutls_int.h, lib/gnutls_srp.c,
	lib/gnutls_supplemental.c, lib/gnutls_x509.c, lib/mac-libgcrypt.c,
	lib/mpi-libgcrypt.c, lib/opencdk/armor.c, lib/opencdk/hash.c,
	lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.h,
	lib/opencdk/opencdk.h, lib/opencdk/stream.c, lib/openpgp/extras.c,
	lib/pk-libgcrypt.c, libextra/gnutls_ia.c: Fix warnings.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Translate unknown error code message.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Don't translate symbol names.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Fix warning about defining variable inside
	functions.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_errors.c,
	src/errcodes.c: Add gnutls_strerror_name.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.c: Re-add, but mark static.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, gl/getdelim.c, gl/m4/getdelim.m4, maint.mk: Update
	gnulib files.

2008-08-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/opencdk/Makefile.am, lib/x509/Makefile.am: Fix libtasn1
	include paths.

2008-08-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/opencdk/read-packet.c: avoid using gcrypt function.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/auth_rsa.c, lib/debug.c, lib/gnutls_cert.c,
	lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_v2_compat.c: Fix warnings.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Simplify logic.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/dn.c: Remove dead code.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/Makefile.am: Don't include missing -I's.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* configure.in: Drop warning.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Drop removed libextra directories from -I's.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* configure.in: Enable all kind of warnings.  If you remove some,
	add a comment on why.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/pgp.c, lib/x509/pbkdf2-sha1.c: Fix warnings.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* configure.in: Tweak warnings.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h, lib/x509/common.c, lib/x509/common.h,
	lib/x509/dn.c: Fix warnings.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c, lib/x509/common.h: Fix warnings.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/auth_srp.c, lib/rnd-libgcrypt.c: Fix warnings.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_num.h: Protect against double inclusion.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/crypto.h: Protect against double inclusions.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/byteswap.in.h, lgl/m4/byteswap.m4,
	lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
	lgl/tests/Makefile.am, lgl/tests/test-byteswap.c, lib/gnutls_num.c,
	lib/gnutls_num.h: Use byteswap from gnulib.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/auth_srp.h, lib/gnutls_global.c: Fix warnings.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_auth_int.h: Protect against double inclusion.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.h: Protect against double inclusion.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.h, lib/gnutls_record.h, lib/gnutls_state.h: Fix
	warnings.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.h, lib/gnutls_pk.h, lib/gnutls_x509.h,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/verify.c: Fix
	warnings.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add warning.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* configure.in: Check whether warning flags are supported before
	using them.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am, lib/gnutls_x509.c, lib/x509/output.c: 
	Make disable-extra-pki work better.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix --disable-extra-pki flag.

2008-08-28  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/gnutls_x509.c, lib/gnutls_x509.h, tests/Makefile.am,
	tests/set_pkcs7_cred.c: Remove code to import PKCS#7 certificate
	chains.  The code hasn't worked since GnuTLS v0.9.0.  Reported by
	Christian Grothoff <christian@grothoff.org>.

2008-08-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Cast datasize to long to match %ld printf
	format.

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* tests/set_pkcs7_cred.c: Fix.

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* tests/set_pkcs7_cred.c: Use utils infrastructure.

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/set_pkcs7_cred.c: Add set_pkcs7_cred self
	test.

2008-08-26  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* : commit 06ee30f6e553d4739ca50ab84492179da64cfc3e Author: Daniel
	Kahn Gillmor <dkg@fifthhorseman.net> Date:   Tue Aug 26 11:00:27
	2008 -0400

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c, libextra/gnutls_extra.c: Fix gnulib calls.

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-26  Simon Josefsson <simon@josefsson.org>

	* gl/m4/autobuild.m4, lgl/Makefile.am, lgl/m4/gnulib-comp.m4,
	lgl/m4/string_h.m4, lgl/m4/strverscmp.m4, lgl/m4/threadlib.m4,
	lgl/string.in.h, lgl/strverscmp.h, lgl/tests/Makefile.am,
	lgl/tests/test-strverscmp.c: Update gnulib files.

2008-08-25  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_pk.c, lib/pk-libgcrypt.c, lib/x509/privkey.c: corrected
	private key generation

2008-08-25  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit 976565830d853f981ecd749bdb15dd02133ed93b Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Mon Aug 25 19:50:07
	2008 +0300

2008-08-25  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/output.c: removed code that incorrectly printed IP
	addresses.

2008-08-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-23  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/fr.po.in, po/nl.po.in: Sync with TP.

2008-08-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-19  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-08-19  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/opencdk/opencdk.h, lib/opencdk/read-packet.c: patch by Daniel
	Kahn Gillmor, to enable parsing (but not decrypting) of locked
	secret keys (including the "gnu-dummy" S2K option).

2008-08-19  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-08-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.4.

2008-08-18  Simon Josefsson <simon@josefsson.org>

	* gl/m4/autobuild.m4, lgl/m4/lock.m4: Update gnulib files.

2008-08-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-08-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-18  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Fix secure memory initialization of
	libgcrypt.  Reported by Joe Orton <joe@manyfish.co.uk> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2992>.

2008-08-16  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Reference NIST SP 800-57.

2008-08-16  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc5246.txt: Add.

2008-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Re-add lost entry.

2008-08-14  Simon Josefsson <simon@josefsson.org>

	* lib/crypto.c, lib/gnutls_extensions.c, lib/gnutls_state.c,
	lib/x509/crq.c: Doc fixes.

2008-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-08-14  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.3.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h, includes/gnutls/openssl.h,
	includes/gnutls/pkcs12.h, includes/gnutls/x509.h: Bump copyright in
	installed header files.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Drop final comma in enum.  Reported
	in <https://savannah.gnu.org/support/?106453>.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutlsxx.cpp: Don't call SRP functions if SRP is disabled.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h, includes/gnutls/gnutls.h.in,
	lib/auth_rsa.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_session_pack.c,
	lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
	libextra/gnutls_ia.c: Fix namespace problem with TLS_MASTER_SIZE and
	TLS_RANDOM_SIZE.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* gl/c-ctype.c, gl/c-ctype.h, gl/gnulib.mk, gl/inet_pton.c,
	gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4, gl/tests/gnulib.mk,
	gl/tests/test-c-ctype.c: Update gnulib files.

2008-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_state.c, tests/Makefile.am,
	tests/finished.c: Add API to set callback to extract TLS Finished
	messages.

2008-08-08  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-08-05  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile: Update gnulib files.

2008-08-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-08-04  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, build-aux/gnupload: Update gnulib files.

2008-08-03  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* includes/gnutls/x509.h, lib/x509/crq.c: added
	gnutls_x509_crq_set_key_rsa_raw() which will set a raw key to a
	certificate request.

2008-08-02  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit 767fb210de7dcde20ac05e1f3ca78375279f5603 Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Sat Aug 2 11:55:56
	2008 +0300

2008-07-22  Simon Josefsson <simon@josefsson.org>

	* lib/auth_psk_passwd.c, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/x509/pkcs12.c,
	lib/x509/privkey_pkcs8.c, src/crypt.c: Make it compile.

2008-07-22  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Drop doxygen.

2008-07-22  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, gl/m4/gnulib-comp.m4, lgl/m4/gnulib-comp.m4,
	lgl/vasnprintf.c: Update gnulib files.

2008-07-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2008-07-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, doc/Makefile.am, doc/doxygen/Doxyfile.in,
	doc/doxygen/Doxyfile.orig: Add doxygen scripts.

2008-07-10  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Cleanup struct name, for doxygen documentation.

2008-07-09  Simon Josefsson <simon@josefsson.org>

	* lib/random.h: Add license.

2008-07-09  Simon Josefsson <simon@josefsson.org>

	* lib/auth_rsa.c, lib/auth_srp_passwd.c, lib/gnutls_pk.c,
	lib/random.c, lib/random.h, lib/x509/privkey_pkcs8.c, src/psk.c: 
	Minor randomness API cleanups.

2008-07-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/dsa.c: Remove unused code.

2008-07-08  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-07-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.2.

2008-07-08  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix @include of algorithms.texi.

2008-07-08  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix typos.

2008-07-08  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, src/Makefile.am: Generate algorithms.texi the
	same way as error_codes.texi for consistency.  Fixes 'make
	distcheck' due to srcdir != objdir breakage.

2008-07-08  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump libtool library version because we added
	interfaces.

2008-07-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/Makefile.am, lib/ext_inner_application.h,
	lib/gnutls_extensions.c, libextra/Makefile.am, {lib =>
	libextra}/ext_inner_application.c,
	libextra/ext_inner_application.h, libextra/gnutls_extra.c: Move
	TLS/IA features to libgnutls-extra.

2008-07-08  Simon Josefsson <simon@josefsson.org>

	* tests/tlsia.c: Initialize extra library.

2008-07-08  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-07-07  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/printlist.c: added missing file.

2008-07-06  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* doc/Makefile.am, doc/gnutls.texi: automatically generate the
	appendix with supported algorithms and ciphersuites.

2008-07-06  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/Makefile.am: automatically generate the appendix with
	supported algorithms and ciphersuites.

2008-07-06  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_priority.c: document a way to get the available
	algorithms and protocols.

2008-07-05  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/x509/common.c: Corrected memory leak in read_octet. Based on
	patch by Colin Leroy (colin@colino.net)

2008-07-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-07-03  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h: Add APIs to register TLS
	extension handlers.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am, lib/x509/Makefile.am: Use AM_CPPFLAGS.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/Makefile.am: lib/opencdk/Makefile.am (INCLUDES):
	Rename to `AM_CPPFLAGS'.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, cfg.mk: Guile problem fixed.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_dh_primes.c: Fix typo that swapped prime/generator in
	gnutls_dh_params_generate2.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.1.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* cfg.mk, doc/examples/ex-cert-select.c,
	doc/examples/ex-client-psk.c, doc/examples/ex-client-tlsia.c,
	doc/examples/ex-client1.c, doc/examples/ex-client2.c,
	doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c,
	guile/src/core.c, guile/src/errors.c, guile/src/extra.c,
	lib/auth_cert.c, lib/auth_dh_common.c, lib/auth_dhe.c,
	lib/auth_psk.c, lib/auth_psk_passwd.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp_passwd.c,
	lib/auth_srp_rsa.c, lib/cipher-libgcrypt.c, lib/crypto.c,
	lib/debug.c, lib/ext_cert_type.c, lib/ext_max_record.c,
	lib/ext_oprfi.c, lib/ext_server_name.c, lib/ext_srp.c,
	lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
	lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_db.c,
	lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_kx.c,
	lib/gnutls_mpi.c, lib/gnutls_openpgp.c, lib/gnutls_pk.c,
	lib/gnutls_priority.c, lib/gnutls_psk.c, lib/gnutls_psk_netconf.c,
	lib/gnutls_record.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
	lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_supplemental.c,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
	lib/mac-libgcrypt.c, lib/minitasn1/structure.c,
	lib/mpi-libgcrypt.c, lib/opencdk/armor.c, lib/opencdk/dummy.c,
	lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
	lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/misc.c,
	lib/opencdk/new-packet.c, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/verify.c, lib/opencdk/write-packet.c,
	lib/openpgp/compat.c, lib/openpgp/extras.c, lib/openpgp/output.c,
	lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
	lib/pk-libgcrypt.c, lib/random.c, lib/rnd-libgcrypt.c,
	lib/x509/common.c, lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/dsa.c, lib/x509/extensions.c, lib/x509/mpi.c,
	lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
	lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_write.c,
	libextra/gnutls_openssl.c, src/certtool-cfg.c, src/certtool.c,
	src/cli.c, src/common.c, src/crypt.c, src/psk.c, src/select.c,
	src/serv.c, src/tests.c, src/tls_test.c,
	tests/certificate_set_x509_crl.c, tests/crypto_rng.c,
	tests/dhepskself.c, tests/dn.c, tests/gc.c,
	tests/hostname-check/hostname-check.c, tests/mini.c,
	tests/moredn.c, tests/mpi.c, tests/openpgp/keyring.c,
	tests/openpgpself.c, tests/oprfi.c, tests/parse_ca.c,
	tests/pkcs12-decode/pkcs12_s2k.c, tests/x509dn.c, tests/x509self.c,
	tests/x509signself.c: Indent code.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.5.0.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs12-decode/Makefile.am: The -I.. needs to point to
	srcdir.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/Makefile.am: Need -I to builddir for gnutls.h.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore more.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Dist pbkdf2-sha1.h.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* po/pl.po.in, po/vi.po.in: Sync with TP.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, cfg.mk: Disable building guile for now, to be able to
	do a release.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Sort functions.

2008-07-02  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Don't use @acronym for C++, as it breaks old
	texinfo/tetex installations.  Further, C++ isn't an acronym anyway
	as far as I know.

2008-07-01  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/tests/Makefile.am, gl/tests/gnulib.mk,
	gl/tests/test-EOVERFLOW.c, gl/tests/test-arpa_inet.c,
	gl/tests/test-getaddrinfo.c, gl/tests/test-getdelim.c,
	gl/tests/test-getline.c, gl/tests/test-netinet_in.c,
	gl/tests/test-strerror.c, lgl/Makefile.am, lgl/m4/gnulib-cache.m4,
	lgl/m4/gnulib-comp.m4, lgl/tests/Makefile.am, lgl/tests/dummy.c,
	lgl/tests/intprops.h, lgl/tests/test-EOVERFLOW.c,
	lgl/tests/test-alloca-opt.c, lgl/tests/test-c-ctype.c,
	lgl/tests/test-fseeko.c, lgl/tests/test-fseeko.sh,
	lgl/tests/test-func.c, lgl/tests/test-lseek.c,
	lgl/tests/test-lseek.sh, lgl/tests/test-memchr.c,
	lgl/tests/test-memcmp.c, lgl/tests/test-read-file.c,
	lgl/tests/test-snprintf.c, lgl/tests/test-stdbool.c,
	lgl/tests/test-stdint.c, lgl/tests/test-stdio.c,
	lgl/tests/test-stdlib.c, lgl/tests/test-string.c,
	lgl/tests/test-strings.c, lgl/tests/test-sys_socket.c,
	lgl/tests/test-sys_stat.c, lgl/tests/test-time.c,
	lgl/tests/test-unistd.c, lgl/tests/test-vasnprintf.c,
	lgl/tests/test-vasprintf.c, lgl/tests/test-wchar.c,
	lgl/tests/verify.h: Add gnulib self-tests.

2008-07-01  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/gnulib-cache.m4: Put gnulib tests in a separate directory.

2008-07-01  Simon Josefsson <simon@josefsson.org>

	* m4/gc_random.m4: Remove unused code.

2008-07-01  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/arcfour.c, lgl/arcfour.h, lgl/arctwo.c,
	lgl/arctwo.h, lgl/des.c, lgl/des.h, lgl/gc-gnulib.c,
	lgl/gc-libgcrypt.c, lgl/gc-pbkdf2-sha1.c, lgl/gc.h, lgl/hmac-md5.c,
	lgl/hmac-sha1.c, lgl/hmac.h, lgl/m4/arcfour.m4, lgl/m4/arctwo.m4,
	lgl/m4/des.m4, lgl/m4/gc-arcfour.m4, lgl/m4/gc-arctwo.m4,
	lgl/m4/gc-camellia.m4, lgl/m4/gc-des.m4, lgl/m4/gc-hmac-md5.m4,
	lgl/m4/gc-hmac-sha1.m4, lgl/m4/gc-md2.m4, lgl/m4/gc-md4.m4,
	lgl/m4/gc-md5.m4, lgl/m4/gc-pbkdf2-sha1.m4, lgl/m4/gc-random.m4,
	lgl/m4/gc-rijndael.m4, lgl/m4/gc-sha1.m4, lgl/m4/gc.m4,
	lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4, lgl/m4/hmac-md5.m4,
	lgl/m4/hmac-sha1.m4, lgl/m4/md2.m4, lgl/m4/md4.m4, lgl/m4/md5.m4,
	lgl/m4/memxor.m4, lgl/m4/rijndael.m4, lgl/m4/sha1.m4, lgl/md2.c,
	lgl/md2.h, lgl/md4.c, lgl/md4.h, lgl/md5.c, lgl/md5.h,
	lgl/memxor.c, lgl/memxor.h, lgl/rijndael-alg-fst.c,
	lgl/rijndael-alg-fst.h, lgl/rijndael-api-fst.c,
	lgl/rijndael-api-fst.h, lgl/sha1.c, lgl/sha1.h: Drop gnulib gc
	modules.

2008-07-01  Simon Josefsson <simon@josefsson.org>

	* configure.in, lgl/m4/gnulib-cache.m4: Drop gc.

2008-07-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/x509/privkey_pkcs8.c: Drop gc.h.

2008-06-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: (_gnutls_handshake_hash_buffers_clear): Make sure deinitialized MAC
	hashes are initialized.  Report and tiny patch from Tomas Mraz
	<tmraz@redhat.com>.

2008-06-30  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2008-06-30  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/crypt.c: this fixes a problem in srptool, where the passwords
	never match (--verify check) on some architectures (patch by
	Matthias Koenig <mkoenig@suse.de>)

2008-06-30  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* includes/gnutls/openssl.h, libextra/gnutls_openssl.c: corrected
	openssl.

2008-06-30  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* includes/gnutls/openssl.h, libextra/gnutls_openssl.c: use native
	gnutls functions.

2008-06-30  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: added
	_gnutls_hash_fast()

2008-06-30  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit fded9a7d1e6d58f951fc7e8f4db80d3e23f5ea1f Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Mon Jun 30 20:15:19
	2008 +0300

2008-06-30  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/crypt.c, src/psk.c: avoid using gc_ functions for random data.

2008-06-30  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
	lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c,
	lib/x509/pbkdf2-sha1.h, lib/x509/privkey_pkcs8.c, tests/gc.c: added
	_gnutls_pkcs5_pbkdf2_sha1() based on gc_pkcs5_pbkdf2_sha1()

2008-06-30  Simon Josefsson <simon@josefsson.org>

	* : Remove executable.

2008-06-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk_netconf.c: Remove debug code.

2008-06-30  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-06-30  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-cache.m4, gl/m4/gnulib-tool.m4,
	lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-tool.m4: Update gnulib files.

2008-06-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-29  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_state.c: added check before reallocation of parameters
	to avoid memory leaks on rehandshake.

2008-06-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS: document the rewrite of opencdk crypto backend.

2008-06-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, doc/gnutls.texi, includes/gnutls/crypto.h,
	includes/gnutls/gnutls.h.in, lib/Makefile.am, lib/auth_anon.c,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/auth_dhe_psk.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/auth_srp.c, lib/cipher-libgcrypt.c, lib/crypto.c, lib/crypto.h,
	lib/debug.c, lib/debug.h, lib/gnutls_algorithms.c,
	lib/gnutls_cert.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_datum.h, lib/gnutls_dh.c,
	lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_global.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_openpgp.c,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
	lib/gnutls_psk_netconf.c, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_supplemental.c, lib/gnutls_x509.h,
	lib/mac-libgcrypt.c, lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am,
	lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/dummy.c,
	lib/opencdk/filters.h, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
	lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c,
	lib/opencdk/main.h, lib/opencdk/misc.c, lib/opencdk/new-packet.c,
	lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h,
	lib/opencdk/verify.c, lib/opencdk/write-packet.c,
	lib/openpgp/extras.c, lib/openpgp/openpgp_int.h,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
	lib/pk-libgcrypt.c, lib/random.c, lib/random.h,
	lib/rnd-libgcrypt.c, lib/x509/Makefile.am, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crl.c, lib/x509/mpi.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h, src/psk-gaa.c,
	tests/Makefile.am, tests/ca.pem, tests/crypto_rng.c, tests/mpi.c,
	tests/netconf-psk.c, tests/openpgp/keyring.c,
	tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12_s2k.c: 
	Initial merge attempt with gnutls_with_ext_mpi

2008-06-25  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_dh_primes.c: do not add trailing zero on the size
	count.

2008-06-23  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile: Update gnulib files.

2008-06-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-23  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Fix build failures related to opencdk.h.
	Reported by Roman Bogorodskiy <novel@FreeBSD.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>.

2008-06-19  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix typo.

2008-06-19  Simon Josefsson <simon@josefsson.org>

	* configure.in: Disable C++ library if psk, srp, anon etc have been
	disabled.  The libgnutlsxx.cpp file calls several functions that may
	have been removed.

2008-06-19  Simon Josefsson <simon@josefsson.org>

	* configure.in, doc/examples/Makefile.am: Make
	--disable-psk-authentication work.

2008-06-19  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/lock.m4: Update gnulib files.

2008-06-19  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-cxx.cpp: Use cstring instead of string.h.
	Reported by Daniel Black <dragonheart@gentoo.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2922>.

2008-06-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* src/cli.c, src/psk.c: Fix warning regarding undeclared getpass
	replacement.  Reported by Massimo Gaspari <massimo.gaspari@alice.it>
	in <http://permalink.gmane.org/gmane.network.gnutls.general/1281>.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix warning.  Reported by Massimo Gaspari
	<massimo.gaspari@alice.it> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1281>.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.h: Add prototype for _gnutls_session_is_psk.
	Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1281>.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, NEWS, configure.in: Bump versions.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add v2.4.0 release notes.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix release target.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.4.0.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-06-18  Simon Josefsson <simon@josefsson.org>

	* AUTHORS, NEWS, includes/gnutls/openpgp.h, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c: libgnutls [OpenPGP]: New APIs to retrieve
	fingerprint from OpenPGP subkeys.  Contributed by Daniel Kahn
	Gillmor <dkg-debian.org@fifthhorseman.net>.

2008-06-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-06-16  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/pgp.c: Fix typo in documentation.  Tiny patch from
	Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.

2008-06-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-06-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.15.

2008-06-15  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/openpgp-certs/Makefile.am: Disable
	openpgp-certs properly.

2008-06-15  Simon Josefsson <simon@josefsson.org>

	* doc/gendocs_template, lgl/Makefile.am, lgl/m4/stdio_h.m4,
	lgl/stdio.in.h: Update gnulib files.

2008-06-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/Makefile.am: Disable openpgp-certs self-test.

2008-06-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-06-11  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-06-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.14.

2008-06-10  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/memmem.m4: Update gnulib files.

2008-06-10  Simon Josefsson <simon@josefsson.org>

	* tests/openpgp-certs/testcerts: Use port 5557.

2008-06-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Unrelease it.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* tests/openpgp-certs/testcerts: Fix.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* tests/openpgp-certs/testcerts: Deal with objdir != srcdir builds.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* tests/openpgp-certs/Makefile.am: Dist *.gpg's.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix release target.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* configure.in: Reorder.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* configure.in: Drop AC_CANONICAL_TARGET, unused.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/gnulib.mk, gl/m4/autobuild.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, m4/autobuild.m4: Import
	autobuild from gnulib.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.14.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-06-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Doc fix.

2008-06-08  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2008-06-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/x509.c: gnutls_x509_crt_get_extension_oid: Doc fix.
	Reported by Sam Varshavchik <mrsam@courier-mta.com>.

2008-06-08  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/opencdk/sig-check.c: added check for empty UID list.

2008-06-08  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* configure.in, tests/Makefile.am, tests/openpgp-certs/Makefile.am,
	tests/openpgp-certs/ca-public.gpg,
	tests/openpgp-certs/ca-secret.gpg,
	tests/openpgp-certs/srv-public-127.0.0.1-signed.gpg,
	tests/openpgp-certs/srv-public-all-signed.gpg,
	tests/openpgp-certs/srv-public-localhost-signed.gpg,
	tests/openpgp-certs/srv-public.gpg,
	tests/openpgp-certs/srv-secret.gpg, tests/openpgp-certs/testcerts: 
	Added OpenPGP certificate verification test.

2008-06-08  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, lib/opencdk/keydb.c, lib/opencdk/main.h,
	lib/opencdk/sig-check.c: Changed OpenPGP verification behaviour. An
	OpenPGP certificate is now only considered verified if all the user
	IDs are verified.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/examples/ex-cxx.cpp: Make it find strlen.  Problem
	reported by Rainer Gerhards <rgerhards@gmail.com> and suggested fix
	by "John Brooks" <aspecialj@gmail.com>.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS: Sync with TP.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS: Sync with TP.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.13.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-serv-export.c: Fix memory leak.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* tests/resume.c: Fix memory leak.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile: Update gnulib files.

2008-06-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/anonself.c, tests/dhepskself.c, tests/mini.c,
	tests/openpgpself.c, tests/oprfi.c, tests/x509dn.c,
	tests/x509self.c, tests/x509signself.c: tests/: Reduce amount of
	debugging output.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/set_pkcs12_cred.c: Make it run without PKCS12FILE for
	typical scenarios.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/resume.c: Fix memory leak.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/tlsia.c: Fix memory leak.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/x509dn.c: Fix memory leaks.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/pskself.c: Fix most memory leaks.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/dhepskself.c: Fix memory leaks.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/x509signself.c: Fix memory leaks.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/anonself.c: Fix memory leaks.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/x509self.c: Revert last commit, fix memory leak the right
	way.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/openpgpself.c: Fix memory leak.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/x509self.c: Fix memory leaks.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-x509-info.c: Fix printing of serial number.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/libgcrypt.supp: Drop non-generic stuff.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/gc.c: Fix memory leak.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/certder.c: Fix memory leaks.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/moredn.c: Fix memory leak.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Dist libgcrypt.supp.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/libgcrypt.supp: Add.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/mini.c: Fix warnings.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/Makefile.am, tests/mini.c: Add mini self-test, to
	avoid having to fork to test TLS handshakes.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* po/ms.po.in: Sync with TP.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Reorder.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add psktool to @direntry.  Alphasort @direntry.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* README: Drop experimental stuff.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* tests/openpgpself.c: The test now works.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* lgl/stdio-impl.h: Update gnulib files.

2008-06-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-06-04  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/openpgp/pgp.c, lib/openpgp/privkey.c: safer copying of keyid
	type.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.12.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-netconf-tls-02.txt: Add.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: We reverted the ABI bump.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk_netconf.c: Doc fix.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk.c: Doc fix.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, src/psk-gaa.c: Generated.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump ABI version due to added symbols.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* : commit aa2c7264a52b993aca39c613e5fe1aed7511c972 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Wed Jun 4 08:11:34 2008
	+0200

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-session-info.c: Update example with more PSK
	printing.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.4.netconf.2.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Document PSK stuff.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Allow --pskusername to be specified to avoid query in
	PSK callback.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* src/serv-gaa.c, src/serv-gaa.h: Generated.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/cli.c: gnutls-cli: Implement PSK callback.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/serv.c, src/serv.gaa: Add gnutls-serv --pskhint.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* lib/auth_psk.c: Generate server key exchange (psk identity hint).
	Invoke client callback.

2008-06-04  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in, lib/auth_psk.h, lib/gnutls_psk.c: Add
	gnutls_psk_set_server_credentials_hint.

2008-06-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_psk.c, src/common.c: 
	Add gnutls_psk_client_get_hint function.  Use it.

2008-06-03  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_session_pack.c: Pack/unpack psk identity hint too.

2008-06-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/psk-gaa.c, src/psk-gaa.h, src/psk.c, src/psk.gaa: 
	psktool: Support --netconf-hint.

2008-06-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-06-02  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/openpgp/openpgp_int.h: safer use of KEYID_IMPORT().

2008-06-02  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/auth_cert.c: Corrected usage of DECR_LEN()

2008-06-01  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* tests/openpgpself.c: reduced logging level

2008-05-27  Simon Josefsson <simon@josefsson.org>

	* m4/libgcrypt.m4: Update to latest version.

2008-05-27  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.vers, libextra/libgnutls-extra.vers: Add emacs mode
	markers.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* configure.in: Revert "Revert ABI version, make libgnutls-extra use
	another ABI version." This reverts commit 1a0f4dbf5a79ac61c7d10257221d851a4a12d814.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Revert "Use libtool EXTRA_ version symbols." This reverts commit 4e6bc87a35ed471022019265f7b5628e480f7e38.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention ABI bump.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Use libtool EXTRA_ version symbols.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* configure.in: Revert ABI version, make libgnutls-extra use another
	ABI version.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump ABI version.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c: Doc fix.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Merge 2.2.x branch NEWS entries.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl_write.c: (gnutls_x509_crl_set_version): Fix on platform where 'char' can be
	unsigned.  Based on report from Laurence Withers <l@lwithers.me.uk>,
	see:

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2825>.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/memcmp.m4, lgl/stdbool.in.h, lgl/vasnprintf.c: Update
	gnulib files.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/openssl.h, libextra/gnutls_openssl.c: 
	libgnutls-openssl: added RAND_pseudo_bytes API.  Tiny patch from
	Robert Millan <rmh@aybabtu.com>.

2008-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-05-24  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/opencdk/sig-check.c: added error check.

2008-05-24  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/openpgp/output.c: Print Never when a certificate never
	expires.

2008-05-24  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/openpgp/pgp.c: Corrected bug gnutls_openpgp_crt_get_name()
	which returned the same value for index==0 or 1.

2008-05-20  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.11.

2008-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-20  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/memcmp.m4, maint.mk: Update gnulib files.

2008-05-20  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Fix ex-cxx name.  Fix LDADD's.

2008-05-20  Simon Josefsson <simon@josefsson.org>

	* po/nl.po.in, po/pl.po.in, po/sv.po.in, po/vi.po.in: Sync with TP.

2008-05-20  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Restore umask after opening file.  Suggested by
	Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.

2008-05-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, src/certtool.c, src/crypt.c, src/psk.c: Use
	umask unconditionally.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cipher.c: Fix broken debug check for GNUTLS-SA-2008-1.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Don't pass all C flags when building C++ library.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.10.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-05  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_str.c, tests/hostname-check/hostname-check.c: added
	wide wildcard hostname matching. Patch by Jean-Philippe Garcia
	Ballester.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Disable ftp.gnutls.org for now.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* lgl/vasnprintf.c: Update gnulib files.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-19  Simon Josefsson <simon@josefsson.org>

	* lib/ext_server_name.c, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c: Fix GNUTLS-SA-2008-1 security
	vulnerabilities.  See
	http://www.gnu.org/software/gnutls/security.html for updates.

2008-05-18  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS: Use umask to restrict permissions to owner before creating a
	file.

2008-05-18  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: Use umask to restrict the newly created file's
	permissions if operating on a private key.  This effectively fixes
	the issue reported at
	<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169> and the
	followups.

2008-05-17  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, doc/examples/Makefile.am, doc/examples/ex-cxx.cpp,
	doc/gnutls.texi, includes/gnutls/gnutlsxx.h, lib/gnutlsxx.cpp: 
	Updated the C++ API with patch from Eduardo Villanueva Che.
	Suggested by Benjamin Herr.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.9.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove obsolete comment.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Typo.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Don't check for present headers, hard code checks
	for silly src/cfg/.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* configure.in, lgl/Makefile.am, lgl/m4/gnulib-cache.m4,
	lgl/m4/gnulib-comp.m4: Replace strings.h check with gnulib module.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/strcase.m4, lgl/m4/strings_h.m4, lgl/strcasecmp.c,
	lgl/strings.in.h, lgl/strncasecmp.c: Replace strings.h check with
	gnulib module.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, src/certtool.c: certtool: When writing private keys
	to files, change permissions of file.  Now the file which the
	private key is saved to is chmod'ed 0600.  Reported by martin f
	krafft <madduck@debian.org> see
	<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: certtool: Encrypting a private key now require a
	confirmed password.  Before, './certtool -k -8' would merely ask for
	a password once.  Reported by Daniel 'NebuchadnezzaR' Dehennin
	<nebuchadnezzar@asgardr.info> see
	<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update
	gnulib files.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Remove --enable-profile-mode.

2008-05-16  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/memmem.m4, lgl/str-two-way.h: Update gnulib files.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* lib/auth_psk.c, lib/gnutls_kx.c, lib/gnutls_state.c: Allow for
	server key exchange message to be optional for PSK ciphers.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.4.netconf.1.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* lib/auth_psk.c, lib/auth_psk.h: Parse psk_identity_hint field.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix so that PSK authentication works.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/gnutls.texi: Document gnutls-cli PSK fix.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix so that PSK authentication works.

2008-05-15  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
	lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4: Update gnulib files.

2008-05-11  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-new-mac-07.txt: Add.

2008-05-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-07  Simon Josefsson <simon@josefsson.org>

	* guile/tests/Makefile.am: Don't run guile openpgp self tests if
	openpgp is disabled.

2008-05-07  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Don't run openpgpself if openpgp stuff wasn't
	built.

2008-05-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/examples/ex-session-info.c, guile/src/core.c,
	guile/tests/Makefile.am: libgnutls: Compile if SRP is disabled.
	Report and tiny patches from <jared.jennings.ctr@eglin.af.mil>, see
	<https://savannah.gnu.org/support/index.php?106342>.

2008-05-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Fix warning.

2008-05-06  Simon Josefsson <simon@josefsson.org>

	* NEWS, gl/getaddrinfo.h: Update gnulib files.

2008-05-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-05-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-05-06  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/output.c: More translation markups.

2008-05-06  Simon Josefsson <simon@josefsson.org>

	* po/POTFILES.in: Add translations from openpgp output functions
	too.

2008-05-06  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Translation fixes, tiny patch from Benno
	Schulenberg <bensberg@justemail.net>.

2008-05-05  Simon Josefsson <simon@josefsson.org>

	* gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
	lgl/override/lib/gc-libgcrypt.c.diff: Update gnulib files.

2008-05-02  Simon Josefsson <simon@josefsson.org>

	* : commit 382e242d6ab440749f44f53020a928c09a4c4765 Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Thu May 1 11:06:19
	2008 +0300

2008-04-30  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-02.txt: Add.

2008-04-30  Simon Josefsson <simon@josefsson.org>

	* gl/arpa_inet.in.h, gl/getaddrinfo.c, gl/gnulib.mk,
	gl/m4/arpa_inet_h.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4: Update
	gnulib files.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-new-mac-06.txt,
	doc/protocol/draft-rescorla-tls-extended-random-00.txt: Add.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* configure.in: Call AM_CONDITIONAL at top-level.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Dist maint.mk.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.8.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/arpa_inet_h.m4, lgl/Makefile.am,
	lgl/m4/stdlib_h.m4, lgl/m4/string_h.m4, lgl/stdlib.in.h,
	lgl/string.in.h: Update gnulib files.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/vi.po.in: Sync with TP.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Clarify area of change.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Doc fix.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_buffers.c,
	lib/gnutls_errors.c, lib/gnutls_handshake.c, lib/gnutls_int.h: 
	Increase max handshake packet size.  Add new error code for
	situation.  Thanks to Marc Haber <mh+debian-bugs@zugschlus.de> and
	"Marc F.  Clemente" <marc@mclemente.net> for reporting and providing
	test servers.

2008-04-29  Simon Josefsson <simon@josefsson.org>

	* : commit 08e4c95c3659544c39b93539d62209d4c296d5b1 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Tue Apr 29 00:13:26 2008
	+0200

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Avoid another duplicate call to socket_bye() which can
	cause a crash.

2008-04-28  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, src/cli.c, src/common.c, src/common.h, src/serv.c,
	src/tests.c: gnutls-cli will exit once a certificate that doesn't
	have the correct name is found.

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml, lib/gnutls_cert.c,
	lib/gnutls_openpgp.c, lib/gnutls_str.c, lib/gnutls_x509.c,
	lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/x509/dn.c: Doc markup
	for newly added APIs.

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs7.c, lib/x509/x509.c: Doc fixes (silence gtk-doc
	warnings).

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl_write.c, lib/x509/x509_write.c: Doc fixes (silence
	gtk-doc warnings).

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_write.c: Doc fixes (silence gtk-doc
	warnings).

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c, lib/x509/dn.c, lib/x509/output.c,
	lib/x509/privkey.c: Doc fixes (silence gtk-doc warnings).

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* : commit 02393bd4ef0c2ee7864c356f70623f3950f372f0 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Mon Apr 28 18:14:14 2008
	+0200

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, gl/arpa_inet.in.h, gl/gnulib.mk,
	gl/inet_ntop.c, gl/inet_ntop.h, gl/inet_pton.c, gl/inet_pton.h,
	gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
	lgl/Makefile.am, lgl/fseeko.c, lgl/intprops.h,
	lgl/m4/gnulib-comp.m4, lgl/m4/sys_socket_h.m4, lgl/memchr.c,
	lgl/stdio-impl.h, lgl/sys_socket.in.h: Update gnulib files.

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix typo.

2008-04-28  Simon Josefsson <simon@josefsson.org>

	* configure.in, includes/gnutls/crypto.h: Hide crypto.h definitions
	by default.

2008-04-26  Nikos Mavrogiannopoulos <nmav@turtle.(none)>

	* tests/Makefile.am, tests/crypto_rng.c: added crypto rng
	registration test.

2008-04-26  Nikos Mavrogiannopoulos <nmav@turtle.(none)>

	* lib/crypto.c: add warning that these functions have to be called
	before gnutls_global_init().

2008-04-26  Nikos Mavrogiannopoulos <nmav@turtle.(none)>

	* lib/crypto.c, lib/random.c: faster seek into the list.

2008-04-25  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/gnutls_psk_netconf.c, tests/netconf-psk.c: Change PSK
	key derivation algorithm.

2008-04-25  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-04-25  Nikos Mavrogiannopoulos <nmav@turtle.(none)>

	* lib/crypto.c, lib/crypto.h, lib/gnutls_global.c: Added
	deregisteration function to free buffers allocated for registering
	algorithms.

2008-04-25  Nikos Mavrogiannopoulos <nmav@turtle.(none)>

	* lib/crypto.c: corrected segmentation fault on registering ciphers.

2008-04-25  Nikos Mavrogiannopoulos <nmav@turtle.(none)>

	* doc/manpages/certtool.1, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.gaa: added --outraw --inraw options.

2008-04-23  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, lgl/sys_socket.in.h: Update gnulib files.

2008-04-23  Simon Josefsson <simon@josefsson.org>

	* configure.in: Revert libgcrypt vs vasprintf workaround, now that
	1.4.1rc1 is released.

2008-04-22  Simon Josefsson <simon@josefsson.org>

	* gl/arpa_inet.in.h: Update gnulib files.

2008-04-22  Simon Josefsson <simon@josefsson.org>

	* gl/arpa_inet.in.h, gl/gnulib.mk, gl/m4/arpa_inet_h.m4,
	gl/m4/gnulib-comp.m4, lgl/sys_socket.in.h: Update gnulib files.

2008-04-22  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-04-22  Simon Josefsson <simon@josefsson.org>

	* : commit 34e3d59b2e276b8a45924f11f6916399fa14f5be Author: Simon
	Josefsson <simon@josefsson.org> Date:   Tue Apr 22 09:56:03 2008
	+0200

2008-04-21  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit 1b6c0f521f7e6e3d48b74fbb568a53547c5ff8ec Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Mon Apr 21 21:53:55
	2008 +0300

2008-04-21  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-04-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.7.

2008-04-21  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Don't clean Guile documentations on make clean.

2008-04-21  Simon Josefsson <simon@josefsson.org>

	* src/cli.c, src/psk-gaa.c, src/psk.gaa, src/serv.c, src/tests.c: 
	Fix warnings.

2008-04-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-04-21  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/reference/Makefile.am, lib/minitasn1/Makefile.am,
	lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/mem.h: Update to libtasn1
	1.4.

2008-04-19  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS: opencdk now properly sets the key usage bits into openpgp
	keys.

2008-04-19  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/opencdk/keydb.c, lib/opencdk/read-packet.c: save key usage
	while reading public keys.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Don't crash on TLS handshake failures.  Reported by
	"Marc F. Clemente" <marc@mclemente.net> in Debian BTS #466477.  This
	is related to the 5e5f086e124d8d90829fc8e22f34044161da5f80 fix, this
	part is necessary too.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/certtool.c: certtool: with --generate-request and newly
	generated keys, print the key.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* configure.in: Explain libgcrypt around gnulib.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: Don't
	document opencdk API.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* configure.in: Typo fix.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Link to -lws2_32 if needed.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* configure.in: Define WINVER to get modern features.  Test for
	ws2_32.  Add conditional.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Use ASCII-only isprint function to get
	consistent outputs.  Reported by Massimo Gaspari
	<massimo.gaspari@alice.it> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1184>.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/c-ctype.c, lgl/c-ctype.h, lgl/dummy.c,
	lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4: Add c-ctype module,
	for lib/x509/output.c.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/extensions.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/netinet_in_h.m4, gl/m4/strerror.m4,
	lgl/Makefile.am, {gl => lgl}/fseeko.c, {gl => lgl}/lseek.c,
	lgl/m4/extensions.m4, {gl => lgl}/m4/fseeko.m4,
	lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4, {gl =>
	lgl}/m4/lseek.m4, lgl/m4/memmem.m4, lgl/m4/stdint.m4,
	lgl/m4/stdio_h.m4, lgl/m4/sys_socket_h.m4: Move fseeko to lgl/ from
	gl/ for opencdk.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* configure.in: Link to libgcrypt when running gnulib checks, to get
	their vasprintf on MinGW.

2008-04-18  Simon Josefsson <simon@josefsson.org>

	* configure.in: Don't check for vasprintf, already checked for by
	gnulib.

2008-04-17  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/openpgp/pgp.c: corrected typo.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* .cvscopying => .clcopying, .cvsusers, Makefile.am, src/pkcs1.asn: 
	Fix some obsolete stuff.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: (gnutls_x509_crt_get_key_usage): Doc fix.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.6.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Link errcodes with gnulib.  Possibly fixes
	rpl_strerror problem when linking on HPUX, see:

	<http://hpux.cs.utah.edu/hppd/cgi-bin/wwwtar?/hpux/Gnu/gnutls-2.3.4/gnutls-2.3.4-src-11.11.tar.gz+gnutls-2.3.4/HPUX.Install+text>.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* : commit 01a64fe6798a4ba82df9accf67c7c8f657abd9f5 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Thu Apr 17 14:27:03 2008
	+0200

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/kbnode.c: Doc fix (gtk-doc warning).

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/openssl.h: Fix gtk-doc warning about duplicate RSA
	namespace.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c: Fix warning.

2008-04-17  Ludovic Courtès <ludo@gnu.org>

	* : commit 2b4f4e3fd2b0df0b77b283928154b5f3e9139fe8 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Thu Apr 17 14:15:49 2008
	+0200

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Fix --source-dir to only cover lib/,
	libextra/ and includes/.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Simplify cdk handling.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Discuss OpenCDK better.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* README: No need for external opencdk.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/Makefile.am, lib/opencdk/misc.c: Remove code to
	link with external opencdk.  It seems we now don't have resources to
	maintain the LGPL opencdk code externally, since making it use
	GnuTLS's crypto code will be complicated.  See discussion in:

	http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2672/focus=2711

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* configure.in: No need for alloca checks.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
	lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_mem.h,
	lib/gnutls_mpi.c, lib/gnutls_pk.c, lib/x509/crl.c, lib/x509/mpi.c,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/x509.c: Remove
	all uses of gnutls_alloca/gnutls_afree.  Use normal gnutls_malloc
	instead.  One reason is increased portability to Windows, the other
	is that several of the uses may be unsafe because the size of data
	allocated could be large.  Reported by Massimo Gaspari
	<massimo.gaspari@alice.it> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1170>.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c: Don't use alloca, the certificate list can be
	larger than stack size.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/output.c: Don't use %e specifier with strftime, it
	doesn't work under Windows.  Reported by Massimo Gaspari
	<massimo.gaspari@alice.it> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1170>.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c: Re-generate using
	modern libtasn1.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Fix typo.

2008-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/pathlen/pathlen: Run diff without parameters, to
	improve portability.  Based on HPUX recommendations in

	<http://hpux.cs.utah.edu/hppd/cgi-bin/wwwtar?/hpux/Gnu/gnutls-2.3.4/gnutls-2.3.4-src-11.11.tar.gz+gnutls-2.3.4/HPUX.Install+text>.

2008-04-16  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Reorder libgnu.la last.  Possibly fix
	rpl_fseeko problem reported in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1166>.

2008-04-15  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Update bibliography.

2008-04-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: Doc fix (silence texinfo warning).

2008-04-15  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/pgp.c: Improve error messages.  See
	<http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/26>.

2008-04-15  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rsa-aes-gcm-03.txt: Add.

2008-04-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/crq.c, src/certtool.c: Make gnutls_x509_crq_sign2
	set certificate request version if not set.

2008-04-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, lib/x509/crq.c: Improve documentation for
	gnutls_x509_crq_sign2.  Based on report from "John Brooks"
	<aspecialj@gmail.com> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1154>.

2008-04-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-04-14  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-rescorla-tls-suiteb-02.txt: Add.

2008-04-14  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-new-mac-05.txt: Add.

2008-04-14  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.5.

2008-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* src/cli.c, src/tls_test.c: Rely on sys/socket.h for SHUT_*.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/sys_socket_h.m4, lgl/sys_socket.in.h: Update gnulib files.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/gc-libgcrypt.c, lgl/m4/gnulib-cache.m4: 
	Update gnulib files.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/gnulib-cache.m4, lgl/override/lib/gc-libgcrypt.c.diff: 
	Quick fix for SHA-224 and old libgcrypt's.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* lib/random.h: Fix warnings.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* cfg.mk: Typo.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* po/Makevars: We don't need --no-location any more, git stores
	*.po.in's.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, cfg.mk: Translation fixes.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* po/{de.po => de.po.in}, po/{ms.po => ms.po.in}, po/{nl.po =>
	nl.po.in}, po/{pl.po => pl.po.in}, po/{sv.po => sv.po.in}: Improve
	translation handling to avoid git conflicts.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, build-aux/gnupload, gl/fseeko.c, gl/getdelim.c,
	gl/m4/eoverflow.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
	gl/m4/include_next.m4, lgl/gc-gnulib.c, lgl/m4/gc-random.m4,
	lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/include_next.m4, lgl/m4/stdint.m4, lgl/m4/vasnprintf.m4,
	lgl/snprintf.c, lgl/vasnprintf.c, lgl/vasprintf.c, lgl/wchar.in.h: 
	Update gnulib files.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Cosmetic.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Whitespace fix.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Improve APIMANS/SRPMANS, to make it
	easier to understand changes.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix test.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Don't bother checking for --output-def if shared
	libraries are disabled.  Based on report from Massimo Gaspari
	<massimo.gaspari@alice.it> in
	<http://permalink.gmane.org/gmane.network.gnutls.general/1145>.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, doc/gnutls.texi: Document how to generate CRLs.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.4.netconf.0.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix release target.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-psk.c: Typo.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk_netconf.c: Typo.

2008-04-13  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Typo.

2008-04-13  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* includes/gnutls/openpgp.h: changed api.

2008-04-12  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-serv-psk.c: Doc fix.

2008-04-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-12  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-psk.c, doc/examples/ex-serv-psk.c: Add, PSK
	self test.

2008-04-12  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk_netconf.c: Typo.

2008-04-12  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Add ex-serv-psk.

2008-04-12  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/cli.c: get_auth_subkey has one more parameter.

2008-04-12  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/opencdk/pubkey.c: return the size of the required buffer to
	hold the data

2008-04-12  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/openpgp/output.c: Deallocate memory from parameters only when
	function run was successful.

2008-04-12  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_openpgp.c, lib/openpgp/pgp.c: Added a flag in
	get_auth_subkey() to work for all use cases

2008-04-10  Nikos <nmav@crystal.(none)>

	* lib/openpgp/pgp.c: do not return any subkey if an authentication
	subkey is not found

2008-04-10  Nikos <nmav@crystal.(none)>

	* lib/openpgp/extras.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c: 
	corrected bug in openpgp import when data is of size zero. Reported
	by Daniel Kahn

2008-04-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk_netconf.c: Fix mem leak on errors.

2008-04-08  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-04-08  Simon Josefsson <simon@josefsson.org>

	* tests/netconf-psk.c: Fix bugs.

2008-04-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk_netconf.c: Fix bugs.

2008-04-08  Simon Josefsson <simon@josefsson.org>

	* tests/netconf-psk.c: Starting pointer for NETCONF-PSK support.

2008-04-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/Makefile.am,
	lib/gnutls_psk_netconf.c, tests/Makefile.am: Starting pointer for
	NETCONF-PSK support.

2008-04-04  Nikos <nmav@crystal.(none)>

	* lib/openpgp/pgp.c, lib/openpgp/privkey.c: Fail at import stage if
	a non proper certificate is loaded.

2008-04-04  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-nir-tls-eap-03.txt: Add.

2008-04-04  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-netconf-tls-01.txt: Add.

2008-04-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-04-03  Simon Josefsson <simon@josefsson.org>

	* lib/auth_psk_passwd.c: (_gnutls_psk_pwd_find_entry): Call fclose after fopen.  Tiny patch
	from Laurence Withers <l@lwithers.me.uk>, see

	<http://lists.gnu.org/archive/html/gnutls-devel/2008-04/msg00002.html>.

2008-04-03  Simon Josefsson <simon@josefsson.org>

	* : commit 117152d4c91e1c01055eedada1412ec763e5196b Author: Simon
	Josefsson <simon@josefsson.org> Date:   Thu Apr 3 09:40:01 2008
	+0200

2008-04-02  Nikos <nmav@crystal.(none)>

	* NEWS: documented the openpgp updates.

2008-04-02  Nikos <nmav@crystal.(none)>

	* doc/manpages/certtool.1: added the openpgp functionality to the
	manpage.

2008-04-02  Nikos <nmav@crystal.(none)>

	* lib/openpgp/privkey.c: Corrected exporting the DSA secret key
	parameters.

2008-04-02  Nikos <nmav@crystal.(none)>

	* lib/openpgp/openpgp_int.h, lib/openpgp/pgp.c,
	lib/openpgp/privkey.c: Add proper ARMOR header in private keys.

2008-04-02  Nikos <nmav@crystal.(none)>

	* lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c: 
	Consistent printing of revoked status.  Consistent printing of key
	algorithm.

2008-04-02  Nikos <nmav@crystal.(none)>

	* lib/gnutls_errors.c: Added revoked UID error string.

2008-04-02  Nikos <nmav@crystal.(none)>

	* lib/openpgp/output.c, lib/openpgp/privkey.c: Print revoked names.

2008-04-02  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecdhe-psk-01.txt: Add.

2008-03-30  Simon Josefsson <simon@josefsson.org>

	* lib/crypto.h: Fix warnings.

2008-03-30  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/gc-libgcrypt.c, lgl/gc.h,
	lgl/m4/stdlib_h.m4, lgl/stdlib.in.h: Update gnulib files.

2008-03-29  Nikos <nmav@crystal.(none)>

	* NEWS: Documented the --priority option to gnutls-cli and
	gnutls-serv.

2008-03-29  Nikos <nmav@crystal.(none)>

	* doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1: documented
	the --priority option.

2008-03-29  Nikos <nmav@crystal.(none)>

	* NEWS: corrected the news entry.

2008-03-29  Nikos <nmav@crystal.(none)>

	* lib/auth_cert.c: Reverted to gnutls 2.2 behaviour of allowing an
	empty key (for PKCS #11).  Reported by Joe Orton.

2008-03-29  Nikos <nmav@crystal.(none)>

	* NEWS: gnutls_crypto_rnd_register: ADDED

2008-03-29  Nikos <nmav@crystal.(none)>

	* : commit 0b37eef0f6b6626d5e4b5936bbc6f012416ef61a Author: Nikos
	<nmav@crystal.(none)> Date:   Sat Mar 29 12:01:27 2008 +0200

2008-03-29  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-00.txt,
	doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-01.txt: Add.

2008-03-28  Simon Josefsson <simon@josefsson.org>

	* lgl/gc-libgcrypt.c, lgl/gc.h: Update gnulib files.

2008-03-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Entries added at wrong place, move them.

2008-03-28  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in: Avoid defining SHA-224 MAC
	since it isn't specified in TLS 1.2.

2008-03-28  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in: Add SHA-224 enum types.

2008-03-28  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk: Update gnulib files.

2008-03-27  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4346-bis-10.txt: Add.

2008-03-25  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, build-aux/GNUmakefile, maint-cfg.mk => cfg.mk,
	gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/lib-link.m4, lgl/Makefile.am, lgl/m4/gnulib-cache.m4,
	lgl/m4/gnulib-comp.m4, lgl/m4/lib-link.m4, build-aux/maint.mk =>
	maint.mk: Update gnulib files.

2008-03-20  Ludovic Courtès <ludo@gnu.org>

	* configure.in, guile/src/Makefile.am: Check whether
	`-fgnu89-inline' is supported before using it.  * configure.in: Check for `-fgnu89-inline', define Automake
	  conditional `HAVE_GCC_GNU89_INLINE_OPTION'.  * guile/src/Makefile.am (AM_CFLAGS): Only use `-fgnu89-inline' when   `HAVE_GCC_GNU89_INLINE_OPTION' is true.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_extra.c: Fix LZO build failure.

2008-03-19  Ludovic Courtès <ludo@gnu.org>

	* guile/src/Makefile.am: guile: Compile with `-fgnu89-inline'.  * guile/src/Makefile.am (AM_CFLAGS): Add `-fgnu89-inline' when   `HAVE_GCC' is true.  This works around the fact that GnuTLS is   compiled with `-std=c99', while Guile and GMP expect GNU inline   semantics, which defer from C99 inline semantics.

2008-03-19  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: guile: Don't declare `inline' functions that use
	`alloca ()'.  * guile/src/core.c (set_certificate_file): Remove `inline' keyword.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* includes/Makefile.am: Dist gnutls/crypto.h.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.4.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-resume.c, lib/crypto.c,
	lib/gnutls_compress_int.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_openpgp.c, lib/openpgp/extras.c,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
	libextra/gnutls_extra.c, libextra/gnutls_ia.c, src/certtool.c,
	src/serv.c: Fix gcc warnings.

2008-03-19  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Fix warning.

2008-03-16  Nikos <nmav@crystal.(none)>

	* lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: fixes for all tests to
	succeed.

2008-03-16  Nikos <nmav@crystal.(none)>

	* includes/gnutls/crypto.h: updated

2008-03-16  Nikos <nmav@crystal.(none)>

	* lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_constate.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_sig.c,
	lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/x509/pkcs12.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c: several fixes
	in the cipher (register) interface and added hash.

2008-03-16  Nikos <nmav@crystal.(none)>

	* NEWS, includes/gnutls/crypto.h, includes/gnutls/gnutls.h.in,
	lib/Makefile.am, lib/crypto.c, lib/crypto.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_constate.c, lib/gnutls_errors.c, lib/gnutls_int.h,
	lib/gnutls_state.c: Added functionality to override (register) a
	cipher. Initial functionality for MAC and digest algorithms.

2008-03-11  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/gnutls_openpgp.h: Remove things already in
	includes/gnutls/openpgp.h.

2008-03-11  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_openpgp.c, lib/opencdk/Makefile.am,
	lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
	lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
	lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/main.h,
	lib/opencdk/misc.c, lib/opencdk/new-packet.c,
	lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
	lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
	lib/opencdk/sig-check.c, lib/opencdk/stream.c,
	lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/verify.c,
	lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
	lib/openpgp/compat.c, lib/openpgp/extras.c, lib/openpgp/pgp.c,
	lib/openpgp/pgpverify.c, lib/openpgp/privkey.c: Clean up license
	headers for OpenPGP code.  According to Nikos they are now licensed
	under the LGPL, see:

	http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2658/focus=2659

2008-03-11  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Typo.

2008-03-11  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/include_next.m4,
	gl/m4/stdarg.m4, gl/stdarg.in.h, lgl/Makefile.am,
	lgl/m4/absolute-header.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/include_next.m4: Update gnulib files.

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, gl/m4/fseeko.m4: Update gnulib files.

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Finish renaming of export
	x509/openpgp functions.  In particular,
	gnutls_certificate_get_x509_cas, gnutls_certificate_get_x509_crls,
	and gnutls_certificate_get_openpgp_keyring.

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Revert
	a3e4759117cee5d756475215437a440dc12fcc6c because it breaks libtool
	v2.2.  ../libtool: line 4398: cd: ../../lib/.libs: No such file or
	directory libtool: link: cannot determine absolute directory name of
	`../../lib/.libs'

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.3.

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-03-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/reference/Makefile.am, libextra/Makefile.am,
	libextra/gnutls_extra.c, libextra/gnutls_extra.h: Remove
	gnutls_extra.h, not needed anymore.  Fixes build failure in libextra
	that looked for opencdk.h (via auth_cert.h).  Reported by Roman
	Bogorodskiy <novel@FreeBSD.org>.

2008-03-08  Nikos <nmav@crystal.(none)>

	* : commit cf8fb4bca34ec865959f1544e395b5566f2449ac Author: Nikos
	<nmav@crystal.(none)> Date:   Sat Mar 8 02:06:25 2008 +0200

2008-03-07  Ludovic Courtès <ludo@gnu.org>

	* guile/src/Makefile.am: guile: Propagate Guile's CPPFLAGS to
	`guile-snarf'.

2008-03-07  Ludovic Courtès <ludo@gnu.org>

	* guile/src/make-enum-header.scm, guile/src/utils.h: guile: Include
	<config.h>, not "config.h".

2008-03-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-03-07  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Add index.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/x509_b64.c: Doc fixes.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_alert.c: Doc fix.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_str.c: Fix
	gnutls_hex2bin prototype.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix warnings.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* src/select.c: Avoid confusing gtk-doc.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/kbnode.c: Doc fixes.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/opencdk/stream.c, lib/opencdk/verify.c: Doc fixes.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/privkey.c: Doc fixes.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/pgp.c, lib/openpgp/privkey.c: Doc fixes.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c, lib/gnutls_state.c: Doc fixes.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_alert.c, lib/gnutls_algorithms.c, lib/gnutls_record.c,
	lib/gnutls_state.c: Doc fixes.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_ui.c: Doc fix.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_db.c: Doc fix.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_session.c: Doc fix.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Doc fix.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_srp.c: Doc fix.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_auth.c, lib/gnutls_openpgp.c, lib/gnutls_srp.c,
	libextra/gnutls_ia.c: Doc fixes.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* m4/pkg.m4: Added, needed by new gtk-doc.m4.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Update gtk-doc Makefile.am to latest
	examples.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* doc/reference/tmpl/gnutls-unused.sgml, gtk-doc.make: Update
	gtk-doc makefile, this version allows us to get rid of tmpl/.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* m4/gtk-doc.m4: Update gtk-doc.m4.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_global.c,
	lib/gnutls_psk.c, lib/gnutls_record.c, lib/gnutls_srp.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c: Doc fix,
	remove verbose 'This function ...' Improves looks in 'apropos'
	output.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_anon_cred.c, lib/gnutls_db.c, lib/gnutls_dh_primes.c,
	lib/gnutls_handshake.c, lib/gnutls_openpgp.c, lib/gnutls_psk.c,
	lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/x509_b64.c: Doc fix, remove verbose 'This function will' stuff.
	Improves man page look in 'apropos'.

2008-03-06  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/func.m4, lgl/m4/gnulib-cache.m4,
	lgl/m4/gnulib-comp.m4: Use func module, to get __func__.

2008-03-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-03-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/common.c: Print DH parameters of session.

2008-03-05  Simon Josefsson <simon@josefsson.org>

	* gl/getaddrinfo.c, gl/getdelim.c, lgl/alloca.in.h,
	lgl/gc-gnulib.c, lgl/xsize.h: Update gnulib files.

2008-02-28  Simon Josefsson <simon@josefsson.org>

	* guile/src/utils.c: Use __func__ instead of __FUNCTION__.  Reported
	by Tim Mooney, see <https://savannah.gnu.org/support/?106267>.  A
	gnulib module to make sure __func__ is available would be nice.

2008-02-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-02-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_write.c: Doc fix.

2008-02-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/gnutls_x509.c: Optimize adding many trusted
	certificates.  See

	<http://blog.josefsson.org/2008/02/27/real-world-performance-tuning-with-callgrind/>.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_write.c: Doc fixes.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix release target.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.2.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* tests/openpgpself.c: Force success.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/Makefile.am, lib/gnutls_db.c,
	lib/gnutls_session.h: Remove empty gnutls_session.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_int.h: align comments

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_int.h: Pull in gnutls/pkcs12.h instead of
	duplicating stuff.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
	lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
	lib/x509/x509_int.h: Move lib/x509/pkcs12.h stuff to x509_int.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/gnutls_cert.c,
	lib/gnutls_dh_primes.c, lib/gnutls_pk.c, lib/gnutls_x509.c,
	lib/x509/Makefile.am, lib/x509/common.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/extensions.c, lib/x509/mpi.c,
	lib/x509/mpi.h, lib/x509/pkcs12.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c: Move
	mpi.h stuff to x509_int.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/openpgp/pgp.c, lib/x509/Makefile.am, lib/x509/rfc2818.h,
	lib/x509/rfc2818_hostname.c: Move rfc2818.h hostname comparison to
	gnutls_str.h and update callers.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* libextra/openssl_compat.c: gnutls_int includes config.h, no need
	to do it twice.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* libextra/openssl_compat.c: Need gnutls_int.h for mpi_t and stuff
	(now in lib/x509/x509_int.h).

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/x509/Makefile.am,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/extensions.c,
	lib/x509/extensions.h, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h,
	lib/x509/x509_write.c: Move extensions.h stuff to x509_int.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/gnutls_rsa_export.c,
	lib/gnutls_x509.c, lib/x509/Makefile.am, lib/x509/pkcs12_bag.c,
	lib/x509/privkey.h, lib/x509/privkey_pkcs8.c, lib/x509/x509.c,
	lib/x509/x509_int.h: Move privkey.h stuff to x509_int.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/gnutls_x509.c,
	lib/openpgp/pgpverify.c, lib/x509/Makefile.am, lib/x509/privkey.c,
	lib/x509/sign.c, lib/x509/verify.c, lib/x509/verify.h,
	lib/x509/x509.c, lib/x509/x509_int.h: Move verify.h stuff to
	x509_int.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/gnutls_x509.c,
	lib/x509/Makefile.am, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
	lib/x509/x509_int.h: Move pkcs7.h stuff to x509_int.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/x509/Makefile.am, lib/x509/dsa.c,
	lib/x509/dsa.h, lib/x509/privkey.c, lib/x509/x509_int.h: Move dsa.h
	stuff to x509_int.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/x509/Makefile.am, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/dn.h,
	lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
	lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509_int.h, lib/x509/x509_write.c,
	libextra/openssl_compat.c: Move dn.h stuff to x509_int.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/x509/Makefile.am,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/privkey.c,
	lib/x509/sign.c, lib/x509/sign.h, lib/x509/x509_int.h,
	lib/x509/x509_write.c: Move sign.h stuff to x509_int.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/privkey.c: No need for rfc2818.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_int.h: Doc fixes.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_int.h: Remove stuff already in
	includes/gnutls/x509.h.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* .gitignore: [no log message]

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, build-aux/gnupload, gl/gnulib.mk,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Use gnupload.

2008-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4366-bis-02.txt: Add.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, lib/x509/Makefile.am,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/crq.h,
	lib/x509/x509_int.h, lib/x509/x509_write.c: Merge crq.h into
	x509_int.h, avoid one trivial header file.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Rename x509.h to x509_int.h.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_rsa_export.c, lib/gnutls_x509.c, lib/x509/crl.c,
	lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/mpi.h,
	lib/x509/output.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/verify.h, lib/x509/x509.c, lib/x509/{x509.h => x509_int.h}: 
	Rename lib/x509/x509.h to x509_int.h.  Fixes name-space collision
	that confuses GTK-DOC with includes/gnutls/x509.h.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.h, lib/openpgp/Makefile.am, lib/openpgp/compat.c,
	lib/openpgp/extras.c, lib/openpgp/{openpgp.h => openpgp_int.h},
	lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c: 
	Rename lib/openpgp/openpgp.h to openpgp_int.h.  Fixes name-space
	collision that confuses GTK-DOC with includes/gnutls/openpgp.h.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Change DOC_SOURCE_DIR, needed for
	GTK-DOC to have comments for variables.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Remove unused defines.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* tests/moredn.c: Added, lost part of Joe's original
	gnutls_x509_dn_export patch.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/time_r.m4, lgl/m4/unistd_h.m4,
	lgl/unistd.in.h: Update gnulib files.

2008-02-25  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-badra-tls-password-ext-01.txt: Add.

2008-02-24  Nikos <nmav@crystal.(none)>

	* NEWS, doc/manpages/Makefile.am, includes/gnutls/x509.h,
	lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c,
	tests/Makefile.am: Added gnutls_x509_dn_export(). Patch by Joe
	Orton.

2008-02-21  Nikos <nmav@crystal.(none)>

	* lib/gnutls_cert.c: _export_ -> _get_

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* tests/openpgpself.c: Don't use credentials from files (causes
	problems with srcdir!=builddir).

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump version.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.1.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fixes.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/compat.h, includes/gnutls/gnutls.h.in,
	lib/x509/output.c, src/certtool.c, src/serv.c: Use better names in
	gnutls_certificate_print_formats_t.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention new APIs.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/openpgp.h: Drop gnutls_openpgp_crt_get_id (handled
	by compat.h).

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Credit.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/compat.h, lib/openpgp/pgp.c: Cleanup
	gnutls_openpgp_crt_get_id vs gnutls_openpgp_crt_get_key_id.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Typo.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in, includes/gnutls/openpgp.h: Make it
	build.

2008-02-21  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-extractor-01.txt,
	doc/protocol/draft-mavrogiannopoulos-rfc5081bis-00.txt: Add.

2008-02-20  Nikos <nmav@crystal.(none)>

	* NEWS: removed function

2008-02-20  Nikos <nmav@crystal.(none)>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_cert.c: Added
	gnutls_certificate_export_x509_cas and other functions to export
	elements from the certificate credentials structure.

2008-02-19  Nikos <nmav@crystal.(none)>

	* lib/auth_cert.h, lib/openpgp/openpgp.h: changes to compile with
	ENABLE_OPENPGP undef.

2008-02-19  Nikos <nmav@crystal.(none)>

	* lib/openpgp/pgp.c: do not return more than the available names.

2008-02-19  Nikos <nmav@crystal.(none)>

	* lib/openpgp/output.c: corrected bug that prevented printing the
	names.

2008-02-19  Nikos <nmav@crystal.(none)>

	* tests/openpgp_test.c, tests/openpgpself.c: some updates

2008-02-19  Nikos <nmav@crystal.(none)>

	* tests/Makefile.am, tests/openpgpself.c: added self test for
	openpgp connection

2008-02-19  Nikos <nmav@crystal.(none)>

	* NEWS, includes/gnutls/x509.h, lib/x509/dn.c, lib/x509/x509.c,
	tests/Makefile.am, tests/x509dn.c: Added
	gnutls_x509_dn_import/init/deinit() to access raw DER DN. Patch by
	Joe Orton.

2008-02-19  Nikos <nmav@crystal.(none)>

	* lib/auth_cert.c, lib/gnutls_cert.c, lib/gnutls_openpgp.c,
	lib/openpgp/gnutls_openpgp.h: better usage of gnutls_openpgp_keyid_t

2008-02-19  Nikos <nmav@crystal.(none)>

	* lib/auth_cert.c, lib/gnutls_openpgp.c, lib/openpgp/extras.c,
	lib/openpgp/output.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c: copyright 2008

2008-02-18  Nikos <nmav@crystal.(none)>

	* doc/examples/ex-serv-pgp.c, includes/gnutls/gnutls.h.in,
	includes/gnutls/openpgp.h, lib/auth_cert.c, lib/gnutls_cert.c,
	lib/gnutls_openpgp.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp.h,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c, src/certtool.c, src/cli-gaa.c, src/cli.c,
	src/serv-gaa.c, tests/openpgp/keyring.c: pgp_keyid_t is now
	compatible with the 2.2 key id.

2008-02-18  Nikos <nmav@crystal.(none)>

	* : commit 8784572575208f8755087125b168bb0a8832cee4 Author: Nikos
	<nmav@crystal.(none)> Date:   Mon Feb 18 17:58:24 2008 +0200

2008-02-18  Simon Josefsson <simon@josefsson.org>

	* README: Don't mention SSL/TLS versions here.  Some minor other
	fixes.

2008-02-18  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/openpgp.h: For compatibility.

2008-02-18  Simon Josefsson <simon@josefsson.org>

	* lib/openpgp/openpgp.h: Remove all external APIs already declared
	in includes/gnutls/openpgp.h.

2008-02-18  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/compat.h, lib/openpgp/pgp.c: Re-add
	gnutls_openpgp_crt_get_id to avoid breaking ABI.

2008-02-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention gnutls_openpgp_keyid_t.

2008-02-18  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/vasnprintf.m4, lgl/vasnprintf.c: Update gnulib files.

2008-02-17  Nikos <nmav@crystal.(none)>

	* lib/x509/x509.c: corrected string handling in parse_general_name.
	Thanks to Andreas Metzler for pointing out.

2008-02-17  Nikos <nmav@crystal.(none)>

	* NEWS, lib/gnutls_int.h, lib/gnutls_ui.c, lib/gnutls_x509.c: 
	Increased the default certificate verification chain limits and
	allowed for checks without limitation.

2008-02-17  Nikos <nmav@crystal.(none)>

	* lib/gnutls_priority.c: corrected previous fix in priorities
	handling.

2008-02-17  Nikos <nmav@crystal.(none)>

	* NEWS, lib/auth_dh_common.c, lib/gnutls_auth.c,
	lib/gnutls_session.c, lib/gnutls_session_pack.c: Corrected memory
	leaks in session resuming and DHE ciphersuites. Reported by Daniel
	Stenberg.

2008-02-15  Nikos <nmav@crystal.(none)>

	* NEWS: documented the gnutls_x509_crt_get_subject_alt_name fix.

2008-02-15  Nikos <nmav@crystal.(none)>

	* lib/x509/x509.c: null terminate only printable strings.

2008-02-14  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-des-idea-00.txt: Add.

2008-02-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-02-12  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-new-mac-04.txt: Add.

2008-02-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/auth_srp_sb64.c: Doc fixes, to clarify that srp_base64 !=
	base64.  Based on discussion in

	<http://thread.gmane.org/gmane.network.gnutls.general/1039/focus=1042>.

2008-02-10  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-new-mac-03.txt,
	doc/protocol/draft-ietf-tls-rfc4346-bis-09.txt,
	doc/protocol/draft-ietf-tls-rsa-aes-gcm-02.txt: Add.

2008-02-07  Nikos <nmav@crystal.(none)>

	* : commit 5178625a7e120fdf7b859f52848aa9cc69574268 Author: Nikos
	<nmav@crystal.(none)> Date:   Thu Feb 7 18:15:26 2008 +0200

2008-02-06  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, Makefile.am, maint-cfg.mk: Brace expansion is not
	POSIX portable.

2008-02-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-02-04  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: When --debug is given, also print libgcrypt RNG
	information.

2008-02-04  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/gnutls.texi: Add 'On Record Padding' section.

2008-02-04  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Re-order indices so they are last in the PDF.

2008-02-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Merge in 2.2.1 release notes.

2008-02-03  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c: Make it compile.

2008-02-03  Simon Josefsson <simon@josefsson.org>

	* lib/defines.h: Drop SIZEOF_UNSIGNED_LONG_INT, it's done in
	configure.in now.

2008-02-03  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/md4.m4, lgl/m4/md5.m4, lgl/m4/sha1.m4,
	lgl/m4/unistd_h.m4, lgl/md2.c, lgl/md2.h, lgl/md4.c, lgl/md4.h,
	lgl/md5.c, lgl/md5.h, lgl/sha1.c, lgl/sha1.h, lgl/unistd.in.h: 
	Update gnulib files.

2008-02-01  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/structure.c: Update libtasn1 to 1.3.

2008-01-31  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/unistd_h.m4, lgl/unistd.in.h,
	lgl/vasnprintf.c: Update gnulib files.

2008-01-27  Nikos <nmav@crystal.(none)>

	* src/certtool.c: some updates

2008-01-27  Nikos <nmav@crystal.(none)>

	* includes/gnutls/openpgp.h: new definitions

2008-01-26  Nikos <nmav@crystal.(none)>

	* : commit 2d73da902a2a983cf146d32e7528f8d5d3efc287 Author: Nikos
	<nmav@crystal.(none)> Date:   Sat Jan 26 23:08:18 2008 +0200

2008-01-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc5077.txt: Add.

2008-01-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4346-bis-08.txt: Add.

2008-01-25  Nikos <nmav@crystal.(none)>

	* lib/gnutls_openpgp.c, lib/openpgp/extras.c: updates in openpgp
	keyring handling.

2008-01-25  Nikos <nmav@crystal.(none)>

	* lib/opencdk/Makefile.am, lib/opencdk/keydb.c,
	lib/opencdk/keydb.h, lib/opencdk/opencdk.h: Modified the search to
	include a state.

2008-01-25  Nikos <nmav@crystal.(none)>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: print keyrings

2008-01-23  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Simplify output.

2008-01-23  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Fix paths.

2008-01-19  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version so we are higher than gnutls 2.2.x but
	remain compatible.  This will avoid shared library name conflicts
	with 2.2.x, and also that any 2.3.x libraries will always be
	prefered over 2.2.x.

2008-01-19  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, gl/error.h, lgl/Makefile.am,
	lgl/gc-libgcrypt.c, lgl/m4/gnulib-comp.m4, lgl/m4/string_h.m4,
	lgl/memmem.c, lgl/stdio.in.h, lgl/str-two-way.h, lgl/string.in.h,
	lgl/vasnprintf.h: Update gnulib files.

2008-01-17  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Update Ludovic's e-mail.

2008-01-17  Simon Josefsson <simon@josefsson.org>

	* guile/tests/openpgp-auth.scm: Also test dhe-rsa.

2008-01-15  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/Makefile.am, libextra/openpgp/compat.c,
	libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
	libextra/openpgp/openpgp.h, libextra/openpgp/pgp.c,
	libextra/openpgp/pgpverify.c, libextra/openpgp/privkey.c: Remove
	openpgp files moved to lib/openpgp/.

2008-01-15  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix pgp-api.texi move.

2008-01-14  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc2440.txt: Fix chmod.

2008-01-14  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4366-bis-01.txt: Add.

2008-01-14  Nikos <nmav@crystal.(none)>

	* : commit c6093b9df165dfbfbce8922e2192eedba5303f08 Author: Nikos
	<nmav@crystal.(none)> Date:   Mon Jan 14 21:08:18 2008 +0200

2008-01-14  Nikos <nmav@crystal.(none)>

	* NEWS: documented more changes.

2008-01-14  Nikos <nmav@crystal.(none)>

	* tests/openpgp/keyring.c: changes for the new api

2008-01-14  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/alloca.m4, lgl/m4/gnulib-cache.m4,
	lgl/m4/gnulib-comp.m4, lgl/m4/memmem.m4, lgl/string.in.h: Use
	gnulib's memmem-simple instead.

2008-01-14  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove libextra/minilozo/Makefile.

2008-01-14  Nikos <nmav@crystal.(none)>

	* includes/gnutls/openpgp.h, lib/openpgp/privkey.c, src/certtool.c: 
	openpgp_privkey_export() has parameters to export encrypted secret
	keys. Added for future compatibility.

2008-01-13  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rsa-aes-gcm-01.txt: Add.

2008-01-13  Nikos <nmav@crystal.(none)>

	* lib/gnutls_openpgp.c: use the first valid subkey if an
	authentication subkey is not found.

2008-01-13  Nikos <nmav@crystal.(none)>

	* NEWS, includes/gnutls/compat.h, includes/gnutls/openpgp.h,
	lib/openpgp/openpgp.h, lib/openpgp/output.c, lib/openpgp/pgp.c,
	lib/openpgp/pgpverify.c, lib/openpgp/privkey.c, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Additions to
	make certtool print information on openpgp keys.

2008-01-13  Nikos <nmav@crystal.(none)>

	* NEWS: documented changes.

2008-01-13  Nikos <nmav@crystal.(none)>

	* README, configure.in, includes/gnutls/gnutls.h.in,
	includes/gnutls/openpgp.h, lib/Makefile.am, lib/auth_cert.c,
	lib/auth_cert.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_errors.c, lib/gnutls_extra_hooks.c,
	lib/gnutls_extra_hooks.h, {libextra => lib}/gnutls_openpgp.c,
	lib/gnutls_state.c, {libextra => lib}/opencdk/Makefile.am,
	{libextra => lib}/opencdk/README, {libextra =>
	lib}/opencdk/armor.c, {libextra => lib}/opencdk/context.h,
	{libextra => lib}/opencdk/dummy.c, {libextra =>
	lib}/opencdk/filters.h, lib/opencdk/hash.c, {libextra =>
	lib}/opencdk/kbnode.c, {libextra => lib}/opencdk/keydb.c, {libextra
	=> lib}/opencdk/literal.c, {libextra => lib}/opencdk/main.c,
	{libextra => lib}/opencdk/main.h, lib/opencdk/misc.c, {libextra =>
	lib}/opencdk/new-packet.c, {libextra => lib}/opencdk/opencdk.h,
	{libextra => lib}/opencdk/packet.h, {libextra =>
	lib}/opencdk/pubkey.c, {libextra => lib}/opencdk/read-packet.c,
	{libextra => lib}/opencdk/seskey.c, {libextra =>
	lib}/opencdk/sig-check.c, {libextra => lib}/opencdk/stream.c,
	{libextra => lib}/opencdk/stream.h, {libextra =>
	lib}/opencdk/types.h, {libextra => lib}/opencdk/verify.c, {libextra
	=> lib}/opencdk/write-packet.c, lib/openpgp/Makefile.am,
	lib/openpgp/compat.c, lib/openpgp/extras.c,
	lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp.h,
	lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
	lib/openpgp/privkey.c, libextra/Makefile.am,
	libextra/gnutls_extra.c, libextra/opencdk/cipher.c,
	libextra/opencdk/compress.c, libextra/opencdk/misc.c,
	src/Makefile.am, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa, src/cli.c, src/serv.c,
	src/tls_test.c: merged the openpgp branch to head\!

2008-01-12  Nikos <nmav@crystal.(none)>

	* libextra/Makefile.am: Added fix by Alon to avoid linking against
	/usr/lib/libgnutls.so.

2008-01-09  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, maint-cfg.mk: Re-add config.rpath hack, since gnulib
	updated config.rpath.

2008-01-09  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath, lgl/Makefile.am, lgl/dummy.c,
	lgl/m4/eealloc.m4, lgl/m4/gnulib-comp.m4, lgl/m4/malloca.m4,
	lgl/malloca.c, lgl/malloca.h, lgl/malloca.valgrind, lgl/memmem.c,
	lgl/printf-parse.c: Update gnulib files.

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.3.0.

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS: Sync with TP.

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS: Sync with TP.

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* configure.in: Further LZO fixes.

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Cleanup after LZO removal.

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, doc/gnutls.texi, libextra/Makefile.am,
	libextra/minilzo/Makefile.am, libextra/minilzo/README.LZO,
	libextra/minilzo/lzoconf.h, libextra/minilzo/lzodefs.h,
	libextra/minilzo/minilzo.c, libextra/minilzo/minilzo.h,
	libextra/minilzo/testmini.c: Remove LZO compression support.

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Call git-push (git-push --tags doesn't push
	changes..).

2008-01-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, gl/progname.c, lgl/m4/memmem.m4, lgl/memmem.c: Update gnulib
	files.

2008-01-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-01-07  Simon Josefsson <simon@josefsson.org>

	* lib/ext_server_name.c: Handle more than one server name field
	correctly.  Tiny patch from mark.phillips@virgin.net.

2008-01-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Drop -D_REENTRANT -D_THREAD_SAFE, not needed as far
	as I can tell.

2008-01-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2008-01-04  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/ms.po: Sync with TP.

2008-01-04  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS: Sync with TP.

2008-01-02  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Bump copyright years.

2008-01-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Remove dupe entry.

2008-01-02  Simon Josefsson <simon@josefsson.org>

	* gl/fseeko.c, gl/m4/gnulib-comp.m4, gl/progname.c,
	gl/version-etc.c, lgl/Makefile.am, lgl/float.in.h,
	lgl/m4/float_h.m4, lgl/m4/gnulib-comp.m4, lgl/m4/memmem.m4,
	lgl/m4/stdlib_h.m4, lgl/m4/string_h.m4, lgl/m4/unistd_h.m4,
	lgl/memmem.c, lgl/stdint.in.h, lgl/stdlib.in.h, lgl/string.in.h,
	lgl/unistd.in.h: Update gnulib files.

2008-01-02  Simon Josefsson <simon@josefsson.org>

	* lgl/dummy.c, lgl/m4/eealloc.m4, lgl/m4/malloca.m4,
	lgl/m4/memchr.m4, lgl/m4/memcmp.m4, lgl/malloca.c, lgl/malloca.h,
	lgl/malloca.valgrind, lgl/memchr.c, lgl/memcmp.c: Update gnulib
	files.

2008-01-02  Simon Josefsson <simon@josefsson.org>

	* gl/.gitignore, lgl/.gitignore: Remove .gitignore's from gnulib.

2007-12-21  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-new-mac-02.txt,
	doc/protocol/draft-ietf-tls-extractor-00.txt: Add.

2007-12-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Doc fixes.

2007-12-17  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-hajjeh-tls-sign-04.txt: Add.

2007-12-15  Nikos <nmav@crystal.(none)>

	* lib/gnutls_state.c: Fix for certificate selection in servers with
	certificate callbacks.

2007-12-16  Nikos <nmav@crystal.(none)>

	* : 1	2	lib/gnutls_state.c

2007-12-10  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/libtasn1.h: Bump versions.

2007-12-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Merge in old NEWS entries.

2007-12-14  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/nl.po, po/pl.po, po/sv.po: Sync with TP.

2007-12-13  Simon Josefsson <simon@josefsson.org>

	* .cvscopying: Add 2007.

2007-12-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-12-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: If the server has a callback, the search for a
	valid certificate will fail.  Patch from Nikos.

2007-12-13  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-hajjeh-tls-identity-protection-02.txt: Add.

2007-12-12  Ludovic Courts <ludo@gnu.org>

	* : commit a37e52e18a625138cb0e3441023e2ac9fbb62552 Author: Ludovic
	Courtès <ludo@gnu.org> Date:   Tue Dec 11 18:23:15 2007 +0100

2007-12-11  Ludovic Courtès <ludo@gnu.org>

	* guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
	guile/tests/openpgp-keys.scm: Update Guile OpenPGP test cases to use
	the new names.  * guile/tests/*.scm: Substitute `certificate' to `public-key' in
	  tests using the OpenPGP API.

2007-12-11  Ludovic Courtès <ludo@gnu.org>

	* doc/guile.texi: Update OpenPGP names in Guile examples.  * doc/guile.texi (Guile Examples): Substitute `certificate' to   `public-key' in OpenPGP examples.

2007-12-11  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls.scm, guile/modules/gnutls/extra.scm,
	guile/pre-inst-guile.in, guile/src/Makefile.am: Bump Guile glue
	libraries version number.  * guile/modules/gnutls.scm: Load `libguile-gnutls-v-1'.  * guile/modules/gnutls/extra.scm: Load `libguile-gnutls-extra-v-1'.  * guile/pre-inst-guile.in: Load `v-1' libraries.  * guile/src/Makefile.am (lib_LTLIBRARIES): Bump libraries from `v-0'
	  to `v-1'.  Update all variables.

2007-12-11  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/smobs.scm,
	guile/modules/gnutls/extra.scm, guile/src/extra.c: Substitute
	`certificate' to `public-key' in `(gnutls extra)'.  * guile/modules/gnutls/build/enums.scm (%openpgp-key-format-enum):   Rename to...    (%openpgp-certificate-format-enum): This.    (%gnutls-extra-enums): Update.  * guile/modules/gnutls/build/smobs.scm (%openpgp-public-key-smob):   Rename to...    (%openpgp-certificate-smob): This.    (%gnutls-extra-smobs): Update.  * guile/modules/gnutls/extra.scm: Substitute all `certificate' in
	  all `public-key' names.  Add backward-compatible bindings.  * guile/src/extra.c: Substitute `certificate' to `public-key'.

2007-12-11  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, maint-cfg.mk: Remove config.rpath hack.

2007-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-12-10  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Make --verify-chain support larger inputs than
	64kb.

2007-12-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: Re-order gettext invocation to avoid autoconf
	warnings.

2007-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-12-10  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.1.8.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: GPLv3 typo.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Doc fix.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, maint-cfg.mk: Gettext 0.17 to solve -L
	problem.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* configure.in: GPLv3.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* gl/version-etc.c: Revert local gnulib override regarding GPLv3.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/credentials/Makefile.am,
	doc/extract-guile-c-doc.scm, doc/guile.texi, gl/Makefile.am,
	guile/modules/gnutls/extra.scm,
	guile/modules/system/documentation/c-snarf.scm,
	guile/modules/system/documentation/output.scm,
	guile/pre-inst-guile.in, guile/src/extra.c,
	guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
	guile/tests/openpgp-keys.scm, includes/Makefile.am: More GPLv3
	fixes.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* gl/override/lib/version-etc.c.diff: More GPLv3 fixes.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* doc/gpl-3.0.texi: Use GPLv3 in manual.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi, doc/gpl-2.0.texi, gl/gnulib.mk,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Use GPLv3 in manual.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, doc/examples/Makefile.am, doc/manpages/Makefile.am,
	includes/gnutls/extra.h, includes/gnutls/openssl.h,
	libextra/Makefile.am, libextra/gnutls_extra.h,
	libextra/libgnutls-extra.vers, libextra/openpgp/Makefile.am,
	libextra/openssl_compat.h, maint-cfg.mk: GPLv3 fixes.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am, src/common.c, src/list.h, src/serv.c: Use GPLv3
	in src/.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/anonself.c, tests/certder.c,
	tests/certificate_set_x509_crl.c, tests/dhepskself.c, tests/dn.c,
	tests/gc.c, tests/hostname-check/Makefile.am,
	tests/hostname-check/hostname-check.c, tests/key-id/Makefile.am,
	tests/key-id/key-id, tests/nist-pkits/pkits,
	tests/nist-pkits/pkits_crl, tests/nist-pkits/pkits_crt,
	tests/nist-pkits/pkits_pkcs12, tests/nist-pkits/pkits_smime,
	tests/openpgp/Makefile.am, tests/openpgp/keyring.c,
	tests/openssl.c, tests/oprfi.c, tests/parse_ca.c,
	tests/pathlen/Makefile.am, tests/pathlen/pathlen,
	tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
	tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
	tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
	tests/pskself.c, tests/resume.c,
	tests/rsa-md5-collision/Makefile.am,
	tests/rsa-md5-collision/rsa-md5-collision, tests/set_pkcs12_cred.c,
	tests/sha2/Makefile.am, tests/sha2/sha2, tests/simple.c,
	tests/tlsia.c, tests/userid/Makefile.am, tests/userid/userid,
	tests/utils.c, tests/utils.h, tests/x509paths/chain,
	tests/x509self.c, tests/x509signself.c: Use GPLv3 for self-tests.

2007-12-09  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath, build-aux/gendocs.sh, doc/fdl.texi,
	doc/gendocs_template, gl/fseeko.c, gl/gai_strerror.c,
	gl/getaddrinfo.c, gl/getaddrinfo.h, gl/getdelim.c, gl/getline.c,
	gl/getpass.c, gl/getpass.h, gl/inet_ntop.c, gl/inet_ntop.h,
	gl/lseek.c, gl/m4/getdelim.m4, gl/m4/getline.m4,
	gl/m4/gnulib-comp.m4, gl/m4/lib-link.m4, gl/m4/strerror.m4,
	gl/netinet_in.in.h, gl/strdup.c, gl/strerror.c, gl/version-etc.c,
	lgl/Makefile.am, lgl/m4/gettext.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/iconv.m4, lgl/m4/intdiv0.m4, lgl/m4/intl.m4,
	lgl/m4/intlmacosx.m4, lgl/m4/intmax_t.m4, lgl/m4/lib-link.m4,
	lgl/m4/lock.m4, lgl/m4/longlong.m4, lgl/m4/po.m4,
	lgl/m4/printf-posix.m4, lgl/m4/stdio_h.m4, lgl/m4/stdlib_h.m4,
	lgl/m4/string_h.m4, lgl/m4/uintmax_t.m4, lgl/m4/ulonglong.m4,
	lgl/m4/unistd_h.m4, lgl/m4/vasnprintf.m4, lgl/m4/wint_t.m4,
	lgl/printf-parse.c, lgl/realloc.c, lgl/stdlib.in.h,
	lgl/string.in.h, lgl/unistd.in.h, lgl/vasnprintf.c: Update gnulib.

2007-12-09  Nikos <nmav@crystal.(none)>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_v2_compat.c: user_hello_func is call always. Even when
	resuming a session.

2007-12-09  Nikos <nmav@crystal.(none)>

	* src/common.c: print session ID

2007-12-07  System User <nmav@crystal.(none)>

	* NEWS: license update

2007-12-07  System User <nmav@crystal.(none)>

	* COPYING, libextra/gnutls_extra.c, libextra/gnutls_ia.c,
	libextra/gnutls_openpgp.c, libextra/gnutls_openssl.c,
	libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
	libextra/openpgp/privkey.c, libextra/openssl_compat.c,
	src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
	src/crypt.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
	src/tls_test.c: GPL parts under GPLv3

2007-12-06  System User <nmav@crystal.(none)>

	* lib/gnutls_record.c: It seems we were ahead of our time.

2007-12-06  System User <nmav@crystal.(none)>

	* NEWS, lib/gnutls_record.c: Revert "We now ignore received packets
	with unknown content types" This reverts commit 4a19fd59da474b3de977a925fd91578db7e3d4a1.

2007-12-06  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Doc fix.es

2007-12-06  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Typo fix.  Tiny patch from Daniel Kahn Gillmor
	<dkg-debian.org@fifthhorseman.net>.

2007-12-04  Nikos <nmav@crystal.(none)>

	* : commit bd3b0f49c966277e91f57c64cfcc720cbebb4a73 Author: Nikos
	<nmav@crystal.(none)> Date:   Tue Dec 4 22:05:25 2007 +0200

2007-12-04  Simon Josefsson <simon@josefsson.org>

	* maint-cfg.mk: Overwrite autopoint files with gnulib files.

2007-12-03  Nikos <nmav@crystal.(none)>

	* : commit dac01d7279eb28e7c5909d53bf346206f10319b5 Author: Nikos
	<nmav@crystal.(none)> Date:   Mon Dec 3 20:05:32 2007 +0200

2007-12-03  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2007-12-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-12-03  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2007-12-03  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump to indicate added ABI.

2007-12-03  Simon Josefsson <simon@josefsson.org>

	* maint-cfg.mk: Copy, don't remove...  to fix Makefile.in hard-coded
	links to m4 filenames.

2007-12-03  Simon Josefsson <simon@josefsson.org>

	* maint-cfg.mk: Remove gettext havelib files.

2007-12-03  Simon Josefsson <simon@josefsson.org>

	* lib/x509/privkey_pkcs8.c: Indent.

2007-12-03  Nikos <nmav@crystal.(none)>

	* : 3	0	NEWS

2007-12-02  Nikos <nmav@crystal.(none)>

	* NEWS, includes/gnutls/x509.h, lib/x509/x509.c: added
	gnutls_x509_crt_get_subject_alt_name2 to overcome some limitations
	of the original function.

2007-12-02  Nikos <nmav@crystal.(none)>

	* : 1	1	lib/x509/x509.c

2007-12-01  Simon Josefsson <simon@josefsson.org>

	* : commit b6e4b1ff3f7ef8a8d26f2e89c0bc50d2fc9d23f4 Author: Nikos
	<nmav@crystal.(none)> Date:   Sat Dec 1 08:25:34 2007 +0200

2007-11-30  Nikos <nmav@crystal.(none)>

	* configure.in, lib/x509/dsa.c, src/certtool.c: Depend on libgcrypt
	1.2.4 again (lose DSA2 functionality).

2007-11-30  Nikos <nmav@crystal.(none)>

	* lib/gnutls_priority.c: Added SECURE256 and SECURE128 level.

2007-11-29  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-11-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.1.7.

2007-11-28  Nikos <nmav@crystal.(none)>

	* : 2	2	lib/gnutls_priority.c

2007-11-28  Nikos <nmav@crystal.(none)>

	* lib/auth_srp_passwd.c: more assertions.

2007-11-28  Nikos <nmav@crystal.(none)>

	* lib/auth_srp.c: more assertions

2007-11-28  Nikos <nmav@crystal.(none)>

	* lib/auth_srp.c: added assertion.

2007-11-28  Nikos <nmav@crystal.(none)>

	* src/serv.c: fix in priority_set

2007-11-28  Nikos <nmav@crystal.(none)>

	* includes/gnutls/gnutlsxx.h: updated the gnutlsxx interface

2007-11-28  Nikos <nmav@crystal.(none)>

	* includes/gnutls/gnutls.h.in, lib/gnutls_priority.c: more updates
	for priority functions.

2007-11-28  Nikos <nmav@crystal.(none)>

	* doc/examples/ex-cert-select.c, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
	doc/examples/ex-client1.c, doc/examples/ex-client2.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, lib/gnutls_priority.c, lib/gnutlsxx.cpp,
	src/cli.c, src/serv.c: Return the string position in case of an
	error in the priority functions.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Typo.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Give example for %COMPAT.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Rename HIGH to SECURE.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Re-add aes-256 so we don't fail to
	negotiate it in case end only supports it.  Doc fixes.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Doc fixes.  Fix warnings.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Re-indent.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* po/ms.po: Sync with TP.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-11-28  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h, includes/gnutls/gnutls.h.in,
	lib/gnutls_priority.c: Re-add gnutls_set_default_priority and
	gnutls_set_default_export_priority.

2007-11-27  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4346-bis-07.txt: Add.

2007-11-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc5054.txt: Add.

2007-11-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-rescorla-tls-extractor-01.txt: Add.

2007-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 1	1	lib/gnutls_priority.c

2007-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: corrected bug in the new read_mpis

2007-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/pkcs12.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.c: 
	export_int was simplified are no artificial limits are imposed any
	more

2007-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: variables for the time functions are not more
	rational.

2007-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/mpi.c: in RSA certificate parameters
	no artificial limits are imposed any more

2007-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c: corrected documentation

2007-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/privkey.c,
	lib/x509/privkey.h, lib/x509/privkey_pkcs8.c: added support for PKCS
	#8 decoding of DSA keys.

2007-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/mpi.c, lib/x509/privkey_pkcs8.c: added ability to write
	DSA private keys.

2007-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select.c, doc/examples/ex-serv1.c: examples
	now compile

2007-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 3	3	doc/examples/ex-cert-select.c

2007-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-cert-select.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
	doc/examples/ex-client2.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
	doc/gnutls.texi, includes/gnutls/compat.h,
	includes/gnutls/gnutls.h.in, includes/gnutls/gnutlsxx.h,
	lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutlsxx.cpp,
	src/cli.c, src/common.c, src/serv.c: new era of priority functions.

2007-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_cert_type.c, lib/gnutls_algorithms.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_record.c, lib/gnutls_state.c: 
	cleanup the priority functionality

2007-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: links to rfc 5054 (srp)

2007-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/compat.h: updated the priority compatibility
	functions

2007-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/gnutls.texi, includes/gnutls/gnutls.h.in,
	lib/gnutls_priority.c, lib/gnutls_state.h: added
	gnutls_check_priority() to check syntax of priority strings.

2007-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_v2_compat.c: Renegotiate the protocol version after the
	user_hello_func has been called

2007-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select.c, doc/examples/ex-client-srp.c,
	includes/gnutls/gnutlsxx.h, lib/gnutls_priority.c, lib/gnutlsxx.cpp: 
	fixes for the new gnutls_set_priority().

2007-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: The gnutls_*_convert_priority() functions were
	deprecated by the gnutls_set_priority()

2007-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_priority.c: The gnutls_*_convert_priority()
	functions were deprecated by the gnutls_set_priority()

2007-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
	doc/examples/ex-client1.c, doc/examples/ex-client2.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, doc/gnutls.texi, includes/gnutls/compat.h,
	includes/gnutls/gnutls.h.in, includes/gnutls/gnutlsxx.h,
	lib/gnutls_algorithms.h, lib/gnutls_priority.c, lib/gnutlsxx.cpp,
	src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: added
	gnutls_set_priority() to replace gnutls_set_default_priority2().

2007-11-16  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/keydb.c, libextra/opencdk/seskey.c: Re-apply
	opencdk fixes that were lost in 0.6.6 upgrade.

2007-11-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, libextra/opencdk/cipher.c, libextra/opencdk/keydb.c,
	libextra/opencdk/opencdk.h, libextra/opencdk/seskey.c,
	libextra/opencdk/stream.c: Use OpenCDK 0.6.6.

2007-11-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-11-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.1.6.

2007-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-11-15  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h: Revert rename of
	GNUTLS_E_UNKNOWN_HASH_ALGORITHM.  Instead we add a new
	GNUTLS_E_UNKNOWN_ALGORITHM.

2007-11-15  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Revert rename of
	GNUTLS_E_UNKNOWN_HASH_ALGORITHM.  Instead we add a new
	GNUTLS_E_UNKNOWN_ALGORITHM.

2007-11-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Revert rename of
	GNUTLS_E_UNKNOWN_HASH_ALGORITHM.  Instead we add a new
	GNUTLS_E_UNKNOWN_ALGORITHM.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/seskey.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/keydb.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_record.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_anon_cred.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Doc fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Doc fixes.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h, includes/gnutls/extra.h: Move compat
	stuff to compat.h.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* guile/src/extra.c: Use new APIs.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* guile/modules/gnutls/build/enums.scm: Typo.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/smobs.scm: Update API.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* guile/modules/gnutls/build/enums.scm: Add unknown-algorithm (new
	name of unknown-hash-algorithm).

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* guile/modules/gnutls/build/enums.scm: Remove openpgp trustdb
	error.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h, includes/gnutls/gnutls.h.in: Move compat
	mappings to compat.h.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* src/cli.c, src/common.c: Use new API.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-serv-export.c, lib/auth_cert.h,
	libextra/gnutls_openpgp.c: Use new API.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openpgp.c: Don't use trustdb error code.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutlsxx.h, lib/gnutlsxx.cpp: Use new API in C++
	library.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Use new API.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h, includes/gnutls/gnutls.h.in,
	includes/gnutls/openpgp.h: Move compat mappings to compat.h.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h: Fix.

2007-11-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h: Remove trustdb error code, since we
	removed all functions.

2007-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_compress.c,
	lib/gnutls_compress_int.c: some updates in the compression code

2007-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cipher.c, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_record.c: Corrected bug in
	decompression of expanded compression data.

2007-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: When decompressed data are more than the
	record max size warn using GNUTLS_E_DECOMPRESSION_FAILED.

2007-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 1	1	src/certtool.gaa

2007-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/gnutls.h.in, lib/gnutls_cert.c, src/tls_test.c: 
	Applied documentation and prototype fixes reported by Evan Martin
	<martine@danga.com>.

2007-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: updated the links to openpgp draft

2007-11-05  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Add warnings about messages used by Emacs tls.el.

2007-11-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-11-03  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc5081.txt: Add.

2007-11-01  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-11-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.1.5.

2007-11-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-11-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-11-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-11-01  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump ABI to 25.

2007-11-01  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4346-bis-06.txt: Add.

2007-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/crypt-gaa.c: certtool now prints defaults.

2007-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c: The pkcs3 parameters are now corrected
	exported (without sign).

2007-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crypt.gaa: parameters -> group parameters

2007-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, Makefile.am, NEWS, README, THANKS,
	build-aux/config.rpath, configure.in, doc/Makefile.am,
	doc/gnutls.texi, includes/gnutls/extra.h,
	includes/gnutls/openpgp.h, includes/gnutls/pkcs12.h,
	includes/gnutls/x509.h, lib/Makefile.am, lib/auth_anon.c,
	lib/auth_anon.h, lib/auth_cert.c, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
	lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
	lib/auth_srp_sb64.c, lib/debug.c, lib/debug.h, lib/defines.h,
	lib/ext_cert_type.c, lib/ext_cert_type.h, lib/ext_max_record.c,
	lib/ext_max_record.h, lib/ext_server_name.c, lib/ext_server_name.h,
	lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_auth_int.h, lib/gnutls_buffer.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_compress_int.c,
	lib/gnutls_compress_int.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
	lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
	lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session.c,
	lib/gnutls_session.h, lib/gnutls_session_pack.c,
	lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/io_debug.h,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/crq.h,
	lib/x509/dn.c, lib/x509/dn.h, lib/x509/dsa.c, lib/x509/dsa.h,
	lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/mpi.c,
	lib/x509/mpi.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
	lib/x509/privkey.c, lib/x509/privkey.h, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818.h, lib/x509/sign.c, lib/x509/sign.h,
	lib/x509/verify.c, lib/x509/verify.h, lib/x509/x509.c,
	lib/x509/x509.h, lib/x509/x509_write.c, lib/x509_b64.c,
	lib/x509_b64.h, libextra/Makefile.am, libextra/gnutls_extra.c,
	libextra/gnutls_extra.h, libextra/openpgp/Makefile.am,
	libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
	libextra/openpgp/privkey.c, libextra/openssl_compat.c,
	libextra/openssl_compat.h, src/certtool.c, src/cli.c, src/common.c,
	src/crypt.c, src/prime.c, src/serv.c, src/tests.c, src/tls_test.c: 
	Changed my name to my "official" name.

2007-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/compat.h, includes/gnutls/gnutls.h.in: Moved some
	old defines to compat.c.

2007-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutlsxx.vers, libextra/libgnutls-extra.vers: Updated the
	ld version.

2007-10-29  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Fix gnutls_set_default_priority and
	gnutls_set_default_export priority.  The old functions returned an
	error code, need to fake it.

2007-10-29  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Reorder release target, to do disconnected ops first,
	and to avoid losing tags.

2007-10-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-10-29  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
	lgl/stdint.in.h: Update gnulib files.

2007-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: Used the original libtool library version.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.1.4.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h: Add for backwards compatibility.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix typo.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath, gl/m4/gnulib-common.m4, gl/strerror.c,
	lgl/m4/gnulib-common.m4, lgl/m4/ulonglong.m4, lgl/stdbool.in.h,
	lgl/stdint.in.h: Update gnulib files.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-10-27  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/cipher.c, libextra/opencdk/keydb.c,
	libextra/opencdk/new-packet.c, libextra/opencdk/opencdk.h,
	libextra/opencdk/seskey.c: Sync with OpenCDK 0.6.5.

2007-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: quick-random option was removed since it is now
	the default.

2007-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 1	2	lib/gnutls_algorithms.c

2007-10-26  Ludovic Courtès <ludo@gnu.org>

	* doc/README.CODING_STYLE: Add doc about maintenance of the Guile
	bindings.

2007-10-25  Simon Josefsson <simon@josefsson.org>

	* : commit d3ebcb4c39cd2e7650694e08faad5a7ca57c662e Author: Simon
	Josefsson <simon@josefsson.org> Date:   Thu Oct 25 21:51:38 2007
	+0200

2007-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: added some text for the debugging functions.

2007-10-25  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Typo.

2007-10-25  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Reorder and simplify.

2007-10-25  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: Doc fix.

2007-10-25  Simon Josefsson <simon@josefsson.org>

	* : commit 867ffe404fbc7e16a543d2314bca85d613a902ef Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Wed Oct 24 23:48:27 2007
	+0300

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 2	2	doc/examples/ex-serv-pgp.c

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-tlsia.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, includes/gnutls/gnutls.h.in,
	lib/gnutls_priority.c: Introduced GNUTLS_PRIORITIES_SECURITY_NORMAL
	and GNUTLS_PRIORITIES_SECURITY_HIGH

2007-10-24  Simon Josefsson <simon@josefsson.org>

	* : commit 74200139866f14efc4cbabeec8c6698982327296 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Wed Oct 24 18:33:00 2007
	+0300

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_v2_compat.c: The user handshake callback function is
	now called on SSLv2 hello messages.

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-client-resume.c,
	doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
	doc/examples/ex-client1.c, doc/examples/ex-client2.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, includes/gnutls/gnutls.h.in,
	lib/gnutls_priority.c, src/cli.c, src/serv.c: Added
	gnutls_set_default_priority2() and deprecated
	gnutls_set_default_priority().

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 4	0	doc/manpages/certtool.1

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: added news entry for --disable-quick-random

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.gaa,
	src/cli.c, src/serv.c: /dev/urandom is used now by default for key
	generation. The option --disable-quick-random was introduced.

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-serv-export.c, doc/examples/ex-serv1.c: updated
	some examples.

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: The library version is now 14 instead of 24. (14 is
	greater than our current 13).

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/ex-serv1.c, includes/gnutls/gnutls.h.in,
	lib/gnutls_state.c, src/serv.c, src/tests.c, src/tests.h: Introduced
	gnutls_session_enable_compatibility_mode() to allow enabling all
	supported compatibility options (like disabling padding). Some other
	bug fixes in tls-test.c.

2007-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-client-srp.c, doc/gnutls.texi: Added some
	documentation for the new convert functions.

2007-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: renamed zlib to deflate

2007-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/libgnutls.vers: Updata gnutls.vers
	since we changed our interfaces and some other fixes.

2007-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 2	2	lib/gnutls_algorithms.c

2007-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
	doc/examples/ex-client2.c, doc/examples/ex-crq.c,
	doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
	doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
	doc/examples/tcp.c: Added copyright notices to examples

2007-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/gnutls.h.in: corrected the prototypes

2007-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: replaced UNKNOWN_HASH_ALGORITHM WITH
	UNKNOWN_ALGORITHM

2007-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/gnutls.h.in: corrected typo.

2007-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 1	1	lib/gnutls_record.c

2007-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_priority.c: Updated
	the priority functions to be more compatible to our interface and
	avoid parsing on every session generation. The current approach
	stores parsed data to our integer format.CG:

	-----------------------------------------------------------------------

2007-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_int.h,
	lib/gnutls_record.c: Added gnutls_record_disable_padding() to allow
	servers talk to buggy clients that complain if TLS 1.0 padding is
	used.

2007-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_errors.c,
	lib/gnutls_priority.c, lib/gnutls_record.c: Added new priority
	functions that accept text instead of integers.

2007-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* build-aux/config.rpath, lib/gnutls_buffers.c, lib/gnutls_record.c: 
	Removed some ancient non-used functions.

2007-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 628c62e935effc1c276fa6e4ae653f8488e017be Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Mon Oct 22 14:03:08 2007
	+0300

2007-10-22  Simon Josefsson <simon@josefsson.org>

	* po/de.po, po/ms.po, po/pl.po, po/sv.po: Sync with TP.

2007-10-22  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/gc-camellia.m4: Add.

2007-10-22  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/gc-libgcrypt.c, lgl/gc.h,
	lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4: Update gnulib files.

2007-10-22  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath, build-aux/maint.mk, gl/error.c,
	gl/error.h, gl/fseeko.c, gl/gnulib.mk, gl/inet_pton.c,
	gl/inet_pton.h, gl/intprops.h, gl/m4/extensions.m4,
	gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
	gl/m4/gnulib-comp.m4, gl/m4/socklen.m4, gl/m4/strerror.m4,
	gl/{netinet_in_.h => netinet_in.in.h}, gl/progname.c,
	gl/progname.h, gl/readline.c, gl/readline.h, gl/strerror.c,
	gl/version-etc-fsf.c, gl/version-etc.c, gl/version-etc.h,
	lgl/Makefile.am, lgl/{alloca_.h => alloca.in.h}, lgl/dummy.c,
	lgl/{float_.h => float.in.h}, lgl/gc-gnulib.c, lgl/gc-libgcrypt.c,
	lgl/gc.h, lgl/m4/extensions.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/lock.m4, lgl/m4/longlong.m4, lgl/m4/memmem.m4,
	lgl/m4/socklen.m4, lgl/m4/stdint.m4, lgl/m4/stdio_h.m4,
	lgl/m4/string_h.m4, lgl/m4/strverscmp.m4, lgl/m4/ulonglong.m4,
	lgl/m4/vasprintf.m4, lgl/printf-parse.c, lgl/realloc.c,
	lgl/{stdbool_.h => stdbool.in.h}, lgl/{stdint_.h => stdint.in.h},
	lgl/{stdio_.h => stdio.in.h}, lgl/{stdlib_.h => stdlib.in.h},
	lgl/{string_.h => string.in.h}, lgl/{sys_socket_.h =>
	sys_socket.in.h}, lgl/{sys_stat_.h => sys_stat.in.h}, lgl/{time_.h
	=> time.in.h}, lgl/{unistd_.h => unistd.in.h}, lgl/vasnprintf.c,
	lgl/{wchar_.h => wchar.in.h}: Update gnulib files.

2007-10-22  Simon Josefsson <simon@josefsson.org>

	* : commit 07837c92f65f09b58c0ec55e3f49382ce0d71ba5 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Fri Oct 19 22:05:28 2007
	+0300

2007-10-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/gnutls.texi, includes/gnutls/gnutls.h.in,
	includes/gnutls/openpgp.h, lib/auth_cert.c, lib/gnutls_cert.c,
	lib/gnutls_extra_hooks.c, lib/gnutls_extra_hooks.h,
	lib/gnutls_state.c, libextra/gnutls_extra.c,
	libextra/gnutls_openpgp.c, libextra/openpgp/compat.c,
	libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
	libextra/openpgp/openpgp.h, libextra/openpgp/pgp.c,
	libextra/openpgp/pgpverify.c, libextra/openpgp/privkey.c,
	src/common.c: Occurences of gnutls_openpgp_key were renamed to
	gnutls_openpgp_cert, leaving an API compatibility layer.

2007-10-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/gnutls.h.in, includes/gnutls/openpgp.h,
	lib/auth_cert.c, lib/gnutls_extra_hooks.c,
	lib/gnutls_extra_hooks.h, libextra/gnutls_extra.c,
	libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
	libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/openpgp.h, libextra/openpgp/pgp.c,
	libextra/openpgp/pgpverify.c: Renamed gnutls_openpgp_key_t to
	gnutls_openpgp_cert_t

2007-10-17  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-10-17  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Revert mistake removal.

2007-10-17  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am, po/de.po, po/ms.po, po/pl.po, po/sv.po,
	src/cli-gaa.c, src/cli-gaa.h, src/cli.gaa, src/serv-gaa.c,
	src/serv-gaa.h, src/serv.gaa: Generated.

2007-10-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.1.3.

2007-10-17  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump ABI version.

2007-10-17  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.c, lib/gnutls_int.h,
	lib/gnutls_supplemental.c: Remove tls-authz.

2007-10-17  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Remove tls-authz.

2007-10-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, doc/examples/Makefile.am,
	doc/examples/ex-client-authz.c, doc/examples/ex-serv-authz.c,
	doc/reference/Makefile.am, includes/gnutls/gnutls.h.in,
	lib/Makefile.am, lib/ext_authz.c, lib/ext_authz.h, src/cli.c,
	src/cli.gaa, src/serv.c, src/serv.gaa: Remove TLS-authz.

2007-10-15  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2007-10-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Reenabled the 256 bit algorithms in the
	default priorities.

2007-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/auth_cert.h, lib/gnutls_cert.c,
	lib/gnutls_errors.c, lib/gnutls_extra_hooks.c,
	lib/gnutls_extra_hooks.h, libextra/gnutls_extra.c,
	libextra/gnutls_openpgp.c, libextra/opencdk/main.h,
	libextra/opencdk/sig-check.c, libextra/openpgp/compat.c,
	libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/pgpverify.c: **
	Corrected bugs in the openpgp certificate verification functions
	using a keyring.  Now it correctly verifies openpgp certificates.  ** Removed the ancient pgpkeyserver support (which was not used
	anywhere)

2007-10-14  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2007-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.1.2.

2007-10-14  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-nir-tls-eap-02.txt: Add.

2007-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Wrap.

2007-10-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention enum's.

2007-10-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h, includes/gnutls/gnutls.h.in: Move
	deprecated SRP alerts to compat.h.

2007-10-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h: Add compatibility mapping for
	GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED.

2007-10-14  Simon Josefsson <simon@josefsson.org>

	* configure.in: Encode in shared library that we aren't backwards
	compatible.

2007-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: removed
	references to trustdb

2007-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/gnutls.texi, includes/gnutls/compat.h,
	includes/gnutls/extra.h, includes/gnutls/gnutls.h.in,
	includes/gnutls/openpgp.h, libextra/gnutls_openpgp.c,
	libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/openpgp.h, libextra/openpgp/pgpverify.c: Removed
	all the trustdb related code. It wasn't used and trustdbs are not
	specified anywhere except pgp. Now we use the standard key rings.

2007-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: more text

2007-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_priority.c: The 256 bit ciphers are not enabled
	in the default priorities.

2007-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_algorithms.c, lib/gnutls_pk.c,
	lib/x509/dsa.c, lib/x509/sign.c, src/certtool-gaa.c,
	src/certtool.c, src/certtool.gaa: Added support for DSA2 (key sizes
	for more than 1024 bits on DSA) via libgcrypt 1.3.0.

2007-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: Updated documentation.

2007-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 1	0	NEWS

2007-10-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention certtool --quick-random.

2007-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/gnutls.h.in: Added defines for the deprecated SRP
	alert numbers.

2007-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/extensions.c: added an assertion.

2007-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_kx.c: Corrected an error in a parenthesis.

2007-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 72b99e94b1ecb51a2182645797e6153baeb60fc4 Author: Nikos
	Mavrogiannopoulos <nmav@gnutls.org> Date:   Tue Oct 9 11:37:45 2007
	+0300

2007-10-08  Ludovic Courtès <ludo@gnu.org>

	* guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm: 
	Guile: Reflect SRP/PSK changes.  * guile/modules/gnutls.scm (alert-description/unknown-srp-username,   alert-description/missing-srp-username): Remove.    (alert-description/unknown-psk-identity): New.  * guile/modules/gnutls/build/enums.scm (%alert-description-enum):   Likewise.

2007-10-08  Ludovic Courtès <ludo@gnu.org>

	* NEWS: Update `NEWS'.

2007-10-08  Ludovic Courtès <ludo@gnu.org>

	* configure.in: Fix configure-time Guile detection.  * configure.in: Substitute `GUILE_LDFLAGS' into `LIBS', not
	  `LDFLAGS'.  Patch by Nix <nix@esperi.org.uk>.

2007-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : 1	1	doc/Makefile.am

2007-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : commit 175526ddfe18f4c443fb31a676b8f1d50895b053 Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Mon Oct 8 12:57:03
	2007 +0300

2007-10-08  Simon Josefsson <simon@josefsson.org>

	* : commit 1f24725c9a0b09e7a42ee18f2bb4c0fbac581b8f Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Mon Oct 8 12:08:33
	2007 +0300

2007-10-07  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/auth_srp.c: corrected possible size issue

2007-10-07  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* NEWS, build-aux/config.rpath, doc/gnutls.texi,
	includes/gnutls/openpgp.h, includes/gnutls/x509.h,
	lib/x509/Makefile.am, lib/x509/xml.c, libextra/openpgp/Makefile.am,
	libextra/openpgp/xml.c, po/de.po, po/ms.po, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa,
	src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa, src/common.c: 
	Removed all the xml functions and stubs, as well as references in
	the documentation.

2007-10-06  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* lib/gnutls_alert.c: error_to_alert() now always return an alert
	number. This is to avoid sending illegal values when the return
	value is not checked (commonplace).

2007-10-06  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : 51	51	src/certtool-gaa.c 10	10	src/certtool-gaa.h

2007-10-06  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: Added the --quick-random option to certtool to
	improve generation time of private keys.  They delay is quite
	annoying especially when generating test keys.

2007-10-06  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2007-10-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-10-06  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* src/certtool.c: Corrected output in DER format and corrected
	output for smime_to_pkcs7 to output in outfile instead of stdout.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.1.1.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* configure.in: Rework Camellia configure messages and logic.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add fixes, for trac.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* configure.in: Typo.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add --disable-camellia.  Remove automake
	conditional, not used.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Bump version.

2007-09-24  Simon Josefsson <simon@josefsson.org>

	* configure.in, includes/gnutls/gnutls.h.in, lgl/gc-libgcrypt.c,
	lgl/gc.h, lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c,
	lib/gnutls_priority.c, libextra/gnutls_openssl.c,
	libextra/opencdk/opencdk.h, src/common.c, src/tests.c, src/tests.h,
	src/tls_test.c: Add patch to support Camellia, contributed by
	Yoshisato YANAGISAWA.  Fixes #1.  See

	http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2331

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.1.0.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* configure.in: Move CFLAGS setting further down, to make AC_PROG_CC
	add -g to it.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* src/cli-gaa.c, src/serv-gaa.c: Generated.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* src/serv.gaa: Set variables to NULL.  Fix oprfi variable.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* src/cli.gaa: Set variables to NULL.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* lib/ext_oprfi.c: Fix crash.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* lib/ext_oprfi.c: Fix crash.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Fix infloop.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Fix crash.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix crash.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: Support
	Opaque PRF Input in gnutls-cli and gnutls-serv.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention how to enable oprfi support.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Typo.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Document more.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* lib/ext_oprfi.c: Doc fix.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, doc/gnutls.texi, includes/gnutls/gnutls.h.in,
	lib/Makefile.am, lib/ext_oprfi.c, lib/ext_oprfi.h,
	lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	tests/Makefile.am, tests/oprfi.c: Support for Opaque PRF Input TLS
	extension.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add configure.in snippet to TLS ext section.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Typo.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Fix -I's.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix release target (git-tag no longer exit with
	failure for non-existing tags).

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.0.1.

2007-09-20  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Improve TLS ext section.

2007-09-19  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4346-bis-05.txt: Add.

2007-09-18  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Notes on adding a new TLS extension.

2007-09-17  Simon Josefsson <simon@josefsson.org>

	* : commit 344057de0fbf1cbc55dbd74cc23c78ebd2609cfc Author: Simon
	Josefsson <simon@josefsson.org> Date:   Mon Sep 17 11:13:39 2007
	+0200

2007-09-17  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit 6d3a3222640ce3b5e4daa67a4624a507445de334 Author: Simon
	Josefsson <simon@josefsson.org> Date:   Mon Sep 17 11:06:24 2007
	+0200

2007-09-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-09-17  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/credentials/Makefile.am,
	doc/credentials/ca.tmpl, doc/credentials/client.tmpl, {src =>
	doc/credentials}/gnutls-http-serv,
	doc/credentials/openpgp-server-key.txt,
	doc/credentials/openpgp-server.txt, {src =>
	doc/credentials}/openpgp/Makefile.am, {src =>
	doc/credentials}/openpgp/cli_pub.asc, {src =>
	doc/credentials}/openpgp/cli_ring.asc, {src =>
	doc/credentials}/openpgp/cli_sec.asc, {src =>
	doc/credentials}/openpgp/pub.asc, {src =>
	doc/credentials}/openpgp/sec.asc, {src =>
	doc/credentials}/params.pem, doc/credentials/proxy.tmpl,
	doc/credentials/psk-passwd.txt, doc/credentials/server.tmpl,
	doc/credentials/srp-passwd.txt, src/srp/tpasswd.conf =>
	doc/credentials/srp-tpasswd.conf, {src =>
	doc/credentials}/srp/Makefile.am, {src =>
	doc/credentials}/srp/tpasswd, doc/credentials/srp/tpasswd.conf,
	doc/credentials/x509-ca-key.pem, doc/credentials/x509-ca.pem,
	doc/credentials/x509-client-key.pem,
	doc/credentials/x509-client.pem, doc/credentials/x509-other-ca.pem,
	doc/credentials/x509-proxy-key.pem, doc/credentials/x509-proxy.pem,
	doc/credentials/x509-server-dsa.pem,
	doc/credentials/x509-server-key-dsa.pem,
	doc/credentials/x509-server-key.pem,
	doc/credentials/x509-server.pem, doc/credentials/x509-trust.pem,
	{src => doc/credentials}/x509/Makefile.am, {src =>
	doc/credentials}/x509/ca.pem, {src =>
	doc/credentials}/x509/cert-dsa.pem, {src =>
	doc/credentials}/x509/cert.pem, {src =>
	doc/credentials}/x509/clicert-dsa.pem, {src =>
	doc/credentials}/x509/clicert.pem, {src =>
	doc/credentials}/x509/clikey-dsa.pem, {src =>
	doc/credentials}/x509/clikey.pem, {src =>
	doc/credentials}/x509/key-dsa.pem, {src =>
	doc/credentials}/x509/key.pem, src/Makefile.am: Move test
	credentials from src/ to doc/credentials/.

2007-09-17  Nikos Mavrogiannopoulos <nmav@crystal.(none)>

	* : commit 9afa028dae6756ef463652e56543c89b04add024 Author: Nikos
	Mavrogiannopoulos <nmav@crystal.(none)> Date:   Mon Sep 17 11:47:12
	2007 +0300

2007-09-11  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/extensions.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/string_h.m4, gl/string_.h: Remove
	duplicate gnulib modules.

2007-09-11  Simon Josefsson <simon@josefsson.org>

	* gl/gettext.h, gl/gnulib.mk, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/sockpfaf.m4, gl/m4/stdbool.m4,
	gl/m4/stdio_h.m4, gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4,
	gl/stdbool_.h, gl/stdio_.h, gl/sys_socket_.h, gl/unistd_.h: Remove
	duplicate gnulib modules.

2007-09-11  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update
	gnulib files.

2007-09-11  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/absolute-header.m4: Update gnulib files.

2007-09-11  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/malloc.m4, lgl/m4/realloc.m4, lgl/m4/stdlib_h.m4,
	lgl/realloc.c, lgl/stdlib_.h: Add.

2007-09-04  Ludovic Courtès <ludo@gnu.org>

	* guile/src/core.c: Guile: Fix `x509-certificate-dn-oid' and related
	functions.  * guile/src/core.c (X509_CERTIFICATE_DN_OID_FUNCTION_BODY): Use   `scm_take_locale_stringn ()' instead of `scm_take_locale_string
	  ()'.  * NEWS: Update.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-09-04  Ludovic Courtès <ludo@gnu.org>

	* NEWS: Guile: Fix `x509-certificate-dn-oid' and related functions.  * guile/src/core.c (X509_CERTIFICATE_DN_OID_FUNCTION_BODY): Use   `scm_take_locale_stringn ()' instead of `scm_take_locale_string
	  ()'.  * NEWS: Update.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-09-10  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-comp.m4, lgl/Makefile.am,
	lgl/m4/gnulib-comp.m4, lgl/m4/time_h.m4: Update gnulib files.

2007-09-10  Simon Josefsson <simon@josefsson.org>

	* .cvsignore, build-aux/.cvsignore, doc/.cvsignore,
	doc/examples/.cvsignore, doc/manpages/.cvsignore,
	doc/reference/.cvsignore, doc/reference/tmpl/.cvsignore,
	doc/scripts/.cvsignore, gl/.cvsignore, includes/.cvsignore,
	includes/gnutls/.cvsignore, lgl/.cvsignore, lib/.cvsignore,
	lib/minitasn1/.cvsignore, lib/x509/.cvsignore, libextra/.cvsignore,
	libextra/minilzo/.cvsignore, libextra/opencdk/.cvsignore,
	libextra/openpgp/.cvsignore, m4/.cvsignore, po/.cvsignore,
	src/.cvsignore, src/cfg/.cvsignore, src/cfg/platon/.cvsignore,
	src/cfg/platon/str/.cvsignore, src/openpgp/.cvsignore,
	src/srp/.cvsignore, src/x509/.cvsignore, tests/.cvsignore,
	tests/hostname-check/.cvsignore, tests/key-id/.cvsignore,
	tests/nist-pkits/.cvsignore, tests/pathlen/.cvsignore,
	tests/pkcs1-padding/.cvsignore, tests/pkcs12-decode/.cvsignore,
	tests/pkcs8-decode/.cvsignore, tests/rsa-md5-collision/.cvsignore,
	tests/sha2/.cvsignore, tests/userid/.cvsignore,
	tests/x509paths/.cvsignore: Remove .cvsignore's.

2007-09-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-09-07  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2007-09-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/gnutls_algorithms.c, lib/gnutls_int.h: Use official IANA
	values for SRP.

2007-09-06  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: TLS/IA example uses anonymous ciphers.

2007-09-04  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-09-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 2.0.0.

2007-09-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-09-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add 1.6.x entries.

2007-09-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-09-03  Simon Josefsson <simon@josefsson.org>

	* configure.in: Use three-digit versions.

2007-09-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-09-01  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c: Use libtasn1
	v1.1.

2007-08-31  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: Use libtasn1
	v1.0.

2007-08-31  Simon Josefsson <simon@josefsson.org>

	* configure.in: Drop gnits mode.

2007-08-31  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Also don't build ex-serv-anon when
	anonymous ciphers are disabled.

2007-08-31  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Don't try to build ex-client1 if
	anonymous ciphers are disabled.

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.19.

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-session-info.c: Support GNUTLS_CRD_PSK and
	GNUTLS_CRD_IA.

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Handle GNUTLS_CRD_IA in print_info().

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Doc fix.

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Revert "Check that value is negative
	before using gnutls_error_is_fatal." This reverts commit 9949a4b0b6b62a0ff3c05fee4283928d1a53b675.

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Have gnutls_error_is_fatal return 0 on
	positive "errors".  Would fix bug reported by Andreas Metzler
	<ametzler@downhill.at.eu.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2293see also <http://bugs.debian.org/439640>.

2007-08-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Check that value is negative before using
	gnutls_error_is_fatal.  Fixes bug reported by Andreas Metzler
	<ametzler@downhill.at.eu.org> in

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2293>see also <http://bugs.debian.org/439640>.

2007-08-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-24  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/misc.c, libextra/opencdk/opencdk.h: Upgrade to
	OpenCDK 0.6.4.

2007-08-24  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-babu-serv-cert-trans-from-proxy-00.txt: Add.

2007-08-23  Simon Josefsson <simon@josefsson.org>

	* gl/readline.c: Upgrade gnulib files.

2007-08-23  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: No need for getline.h.

2007-08-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-23  Simon Josefsson <simon@josefsson.org>

	* gl/getdelim.c, gl/getdelim.h, gl/getline.c, gl/getline.h,
	gl/getpass.c, gl/gnulib.mk, gl/m4/getdelim.m4, gl/m4/getline.m4,
	gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4, gl/m4/unistd_h.m4,
	gl/stdio_.h, gl/unistd_.h, lgl/Makefile.am, lgl/m4/stdio_h.m4,
	lgl/stdio_.h: Upgrade gnulib files.

2007-08-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-23  Simon Josefsson <simon@josefsson.org>

	* {lgl => gl}/fseeko.c, {lgl => gl}/getpass.c, {lgl =>
	gl}/getpass.h, gl/gnulib.mk, {lgl => gl}/lseek.c, {lgl =>
	gl}/m4/fseeko.m4, {lgl => gl}/m4/getpass.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, {lgl => gl}/m4/lseek.m4, lgl/Makefile.am,
	lgl/getdelim.c, lgl/getdelim.h, lgl/getline.c, lgl/getline.h,
	lgl/m4/getdelim.m4, lgl/m4/getline.m4, lgl/m4/gnulib-cache.m4,
	lgl/m4/gnulib-comp.m4: Update gnulib files.

2007-08-20  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-08-20  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Don't build pgp example if pgp has been
	disabled.

2007-08-16  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-08-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.18.

2007-08-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2007-08-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-16  Simon Josefsson <simon@josefsson.org>

	* lib/auth_psk_passwd.c, lib/gnutls_psk.c, lib/gnutls_x509.c,
	libextra/gnutls_openpgp.c, libextra/openssl_compat.c: Fix pointer
	mix for different sized variables.  Tiny patch from

	<http://cvs.fedora.redhat.com/viewcvs/devel/gnutls/gnutls-1.6.3-incompat-pointers.patch?rev=1.1&view=auto>.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Typo.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Install images in info directory.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/{arch/certificate-user-use-case.eps =>
	gnutls-certificate-user-use-case.eps},
	doc/{arch/certificate-user-use-case.pdf =>
	gnutls-certificate-user-use-case.pdf},
	doc/{arch/client-server-use-case.eps =>
	gnutls-client-server-use-case.eps},
	doc/{arch/client-server-use-case.pdf =>
	gnutls-client-server-use-case.pdf}, doc/{arch/extensions_st.eps =>
	gnutls-extensions_st.eps}, doc/{arch/extensions_st.pdf =>
	gnutls-extensions_st.pdf}, doc/{arch/handshake-sequence.eps =>
	gnutls-handshake-sequence.eps}, doc/{arch/handshake-sequence.pdf =>
	gnutls-handshake-sequence.pdf}, doc/{arch/handshake-state.eps =>
	gnutls-handshake-state.eps}, doc/{arch/handshake-state.pdf =>
	gnutls-handshake-state.pdf}, doc/{arch/mod_auth_st.eps =>
	gnutls-mod_auth_st.eps}, doc/{arch/mod_auth_st.pdf =>
	gnutls-mod_auth_st.pdf}, doc/{arch/objects.eps =>
	gnutls-objects.eps}, doc/{arch/objects.pdf => gnutls-objects.pdf},
	doc/gnutls.texi: More image renaming.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/{internals.eps => gnutls-internals.eps},
	doc/{internals.pdf => gnutls-internals.pdf}, doc/{layers.eps =>
	gnutls-layers.eps}, doc/{layers.pdf => gnutls-layers.pdf},
	doc/{pgp1.eps => gnutls-pgp.eps}, doc/{pgp1.pdf => gnutls-pgp.pdf},
	doc/{x509-1.eps => gnutls-x509.eps}, doc/{x509-1.pdf =>
	gnutls-x509.pdf}, doc/gnutls.texi: Rename images to deal with
	texinfo brokenness.  See
	<http://thread.gmane.org/gmane.comp.tex.texinfo.bugs/3533>.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/my-bib-macros.texi: Remove my-bib-macros, not
	used.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* tests/x509self.c: Fix warning.  Tiny patch from Andreas Metzler
	<ametzler@downhill.at.eu.org>.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openpgp.c: Fix warning.  Tiny patch from Andreas
	Metzler <ametzler@downhill.at.eu.org>.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.17.

2007-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2007-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/openpgp.h, libextra/gnutls_openpgp.c: Add
	gnutls_openpgp_privkey_sign_hash.

2007-08-13  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-cert-select.c, includes/gnutls/gnutls.h.in,
	includes/gnutls/gnutlsxx.h, includes/gnutls/openpgp.h,
	includes/gnutls/pkcs12.h, lib/auth_dh_common.c, lib/auth_dhe_psk.c,
	lib/auth_psk.c, lib/auth_psk.h, lib/auth_psk_passwd.c,
	lib/auth_psk_passwd.h, lib/gnutls_psk.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/gnutlsxx.cpp,
	lib/x509/output.c, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
	src/prime.c, src/psk.c, src/serv.c, src/tests.c, src/tests.h,
	src/tls_test.c: Use *_t types consistently.

2007-08-12  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in, includes/gnutls/x509.h,
	lib/gnutls_cert.c, lib/gnutls_sig.c, lib/x509/privkey.c,
	tests/x509signself.c: Use const and pointers to gnutls_datum_t in
	sign callback.

2007-08-12  Simon Josefsson <simon@josefsson.org>

	* tests/x509signself.c: Fix warnings.

2007-08-11  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2007-08-11  Simon Josefsson <simon@josefsson.org>

	* configure.in: Set shared library version correctly.

2007-08-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in: New errors
	GNUTLS_E_APPLICATION_ERROR_MIN..GNUTLS_E_APPLICATION_ERROR_MAX.

2007-08-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_cert.c,
	lib/gnutls_sig.c: Add gnutls_sign_callback_get.          * includes/gnutls/gnutls.h.in (gnutls_sign_callback_get):
	        Add.          * lib/gnutls_cert.c (gnutls_sign_callback_set): Move here
	        from gnutls_sig.c.  Doc fix.          (gnutls_sign_callback_get): New function.          * lib/gnutls_sig.c (gnutls_sign_callback_set): Removed.

2007-08-10  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: (gnutls_error_is_fatal): Return default is 1 for unknown error
	codes.

2007-08-10  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2007-08-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, includes/gnutls/x509.h,
	lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa_export.c,
	lib/gnutls_int.h, lib/gnutls_sig.c, lib/gnutls_x509.c,
	lib/x509/privkey.c, tests/Makefile.am, tests/x509signself.c: 
	External signing callback interface.          * includes/gnutls/gnutls.h.in (gnutls_sign_func): New type.          (gnutls_sign_callback_set): New function.          * includes/gnutls/x509.h (gnutls_x509_privkey_sign_hash):
	        New function.          * lib/gnutls_x509.c (gnutls_certificate_set_x509_key_mem):
	        Handle NULL key.  Doc fix.          * lib/gnutls_sig.c (_gnutls_tls_sign_hdata): Pass session to         _gnutls_tls_sign.          (_gnutls_tls_sign_params): Likewise.          (_gnutls_tls_sign): Add new parameter 'session'.  Call sign         callback if appropriate.          (gnutls_sign_callback_set): New function.          * lib/gnutls_x509.c (read_key_mem): Support a NULL key.          * lib/gnutls_int.h (internals_st): Add sign_func,         sign_func_userdata.          * lib/auth_dhe.c (gen_dhe_server_kx): Use length of
	        certificate list to decide wheter to sign, not presence of
	        private key.  * lib/auth_cert.c (_gnutls_gen_cert_client_cert_vrfy): Likewise.          * lib/auth_rsa_export.c (gen_rsa_export_server_kx):
	        Likewise.          * lib/auth_cert.c(_gnutls_get_selected_cert): Don't require
	        that private key is present.          * lib/auth_rsa_export.c (gen_rsa_export_server_kx): Don't
	        check key size when key is not present, assume it is > 512
	bits.          * lib/x509/privkey.c (gnutls_x509_privkey_sign_hash): New         function.          * tests/Makefile.am: Add x509signself.

2007-08-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-10  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Build x509self.

2007-08-10  Simon Josefsson <simon@josefsson.org>

	* tests/x509self.c: New file.

2007-08-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Disable TLS 1.2 by default, at least until
	RFC is out and we've done simple interop of it.

2007-08-08  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add.

2007-08-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-08  Simon Josefsson <simon@josefsson.org>

	* po/pl.po, po/sv.po: Sync with TP.

2007-08-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-07-09  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls.texi, doc/signatures.texi: Capitalized subsection
	titles.  * doc/gnutls.texi: Capitalized subsection titles.  * doc/signatures.texi: Likewise.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-08-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-03  Ludovic Courtès <ludo@gnu.org>

	* doc/Makefile.am, guile/src/Makefile.am: Fixed CPPFLAGS for Guile
	code and documentation.  * doc/Makefile.am (SNARF_CPPFLAGS): Added   `{top_srcdir,top_builddir}/includes' and `top_builddir'.    (core.c.texi): Added `&&' between the `make' command and the   `$(GUILE_FOR_BUILD)' command.  Use `$(MAKE)' instead of `make'.    (extra.c.texi): Likewise.  * src/Makefile.am (AM_CPPFLAGS): Added   `{top_srcdir,top_builddir}/includes'.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-08-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-08-08  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-08-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.16.

2007-08-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-08-07  Simon Josefsson <simon@josefsson.org>

	* build-aux/GNUmakefile, build-aux/maint.mk, doc/fdl.texi,
	doc/gnutls.texi, doc/gpl-2.0.texi, doc/lgpl-2.1.texi, gl/error.c,
	gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/include_next.m4,
	gl/override/doc/gpl-2.0.texi.diff,
	gl/override/doc/lgpl-2.1.texi.diff, lgl/Makefile.am,
	lgl/m4/gnulib-cache.m4, lgl/m4/include_next.m4, lgl/m4/stdint.m4: 
	Update gnulib files.

2007-08-02  Ludovic Courtès <ludo@gnu.org>

	* NEWS: Updated `NEWS'.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-08-01  Ludovic Courtès <ludo@gnu.org>

	* lib/auth_cert.c: Fixed erroneous checks and sloppy return values
	in certificate selection.  * lib/auth_cert.c (_gnutls_get_selected_cert): Dereference   APR_CERT_LIST_LENGTH, APR_PKEY and APR_CERT_LIST when validating
	  their value.    (_gnutls_server_select_cert): When IDX < 0, set RET to   `GNUTLS_E_INSUFFICIENT_CREDENTIALS'.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-08-02  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-santesson-tls-gssapi-03.txt: Add.

2007-08-02  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add.

2007-07-14  Simon Josefsson <simon@josefsson.org>

	* lgl/stdint_.h, lgl/vasnprintf.c: Update gnulib files.

2007-07-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-07-14  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2007-07-14  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: On starttls EOF on stdin, clear EOF flag to make future
	reads work OK.  Needed for Mac OS X.  Report and tiny patch by Hal
	Eden <n.mavrogiannopoulos@gmail.com>.

2007-07-12  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, gl/override/lib/version-etc.c.diff,
	lgl/Makefile.am, lgl/m4/wchar.m4, lgl/wchar_.h: Update.

2007-07-09  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4346-bis-04.txt,
	doc/protocol/draft-santesson-tls-gssapi-02.txt: Add.

2007-07-09  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/gnutls.texi, doc/internals.texi: Avoid make
	errors regarding internals.texi.  See

	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2233>.

2007-07-09  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, guile/src/Makefile.am: Fix build failure in doc/
	when guile isn't installed built yet.

2007-07-08  Ludovic Courtès <ludo@gnu.org>

	* doc/gnutls.texi, doc/internals.texi: Manual: Capitalized section
	and chapter titles.  * doc/gnutls.texi: Capitalized section and chapter titles.    (Certificate to XML convertion functions): Fixed typo both in node   name and chapter title.  Updated menu.  * doc/internals.texi: Likewise.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-07-06  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-nir-tls-eap-01.txt: Add.

2007-07-02  Ludovic Courtès <ludo@gnu.org>

	* doc/guile.texi: Manual: Small Guile fixes.  * doc/guile.texi: Fixed typos, added cross-refs to the Guile manual.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-07-03  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4366-bis-00.txt: Add.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.15.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS: Revert.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS: Sync with TP.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* doc/{gpl.texi => gpl-2.0.texi}, doc/{lgpl.texi => lgpl-2.1.texi}: 
	Fix gnulib name changes.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* build-aux/config.rpath, build-aux/maint.mk, doc/Makefile.am,
	doc/gnutls.texi, gl/gnulib.mk, gl/m4/getaddrinfo.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/override/doc/{gpl.texi.diff => gpl-2.0.texi.diff},
	gl/override/doc/{lgpl.texi.diff => lgpl-2.1.texi.diff}: Update
	gnulib files.  Fix GPL renaming.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Typo.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Improve installation instructions.

2007-07-02  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add 'Obtaining and Installing'.  Suggested by
	ludo@gnu.org (Ludovic Courtès).

2007-06-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-29  Simon Josefsson <simon@josefsson.org>

	* doc/guile.texi: Add 'Guile Preparations' section.  Based on
	discussions with ludo@gnu.org (Ludovic Courtès).

2007-06-29  Simon Josefsson <simon@josefsson.org>

	* configure.in: Check for scm_from_locale_string instead of SCM_API.
	Patch from ludo@gnu.org (Ludovic Courtès).

2007-06-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-29  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am: Put $(GUILE_FLAGS) in LIBADD, not LDFLAGS.
	Reported by ludo@gnu.org (Ludovic Courtès).

2007-06-27  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2007-06-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-27  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/ms.po: Sync with TP.

2007-06-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-27  Simon Josefsson <simon@josefsson.org>

	* tests/key-id/key-id: Can't use /dev/null as template under
	mingw32, probably really a bug in cfg+.

2007-06-27  Simon Josefsson <simon@josefsson.org>

	* gl/m4/getaddrinfo.m4: Fix gai_strerror on mingw32.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Check that the guile header files is recent
	enough and that it works.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* configure.in: Move Guile setup stuff down under 'External
	libraries'.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, NEWS, configure.in: Fix installation path of Guile
	bindings.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.14.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* doc/gendocs_template, gl/gnulib.mk, gl/m4/absolute-header.m4,
	gl/m4/gnulib-comp.m4, gl/m4/include_next.m4, gl/m4/netinet_in_h.m4,
	gl/m4/string_h.m4, gl/m4/sys_socket_h.m4, gl/netinet_in_.h,
	gl/string_.h, gl/sys_socket_.h, lgl/Makefile.am, lgl/float_.h,
	lgl/m4/absolute-header.m4, lgl/m4/float_h.m4,
	lgl/m4/gnulib-comp.m4, lgl/m4/include_next.m4, lgl/m4/stdint.m4,
	lgl/m4/stdio_h.m4, lgl/m4/string_h.m4, lgl/m4/sys_socket_h.m4,
	lgl/m4/sys_stat_h.m4, lgl/m4/time_h.m4, lgl/m4/unistd_h.m4,
	lgl/m4/wchar.m4, lgl/printf-args.c, lgl/printf-parse.h,
	lgl/stdint_.h, lgl/stdio_.h, lgl/string_.h, lgl/sys_socket_.h,
	lgl/sys_stat_.h, lgl/time_.h, lgl/unistd_.h, lgl/wchar_.h: Update
	gnulib files.

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-17  Ludovic Courtes <ludo@chbouib.org>

	* configure.in: Make sure Guile is 1.8 or later.  * configure.in: Make sure Guile is 1.8 or later, using
	`GUILE_CHECK'.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-06-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-26  Ludovic Courtes <ludo@chbouib.org>

	* lib/gnutls_pk.c: Fixed memory leak in `_gnutls_dsa_verify ()'.  * lib/gnutls_pk.c (_gnutls_dsa_verify): Release `rs[0]' and `rs[1]'   when done.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-06-20  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-20  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2007-06-20  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Don't crash if TLS handshake fails.  Reported by Marc
	Haber <mh+debian-bugs@zugschlus.de> and Andreas Metzler
	<ametzler@downhill.at.eu.org> via Debian BTS #429183.

2007-06-20  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rsa-aes-gcm-00.txt: Add.

2007-06-15  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-srp-14.txt: Add.

2007-06-14  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Update PGP key.

2007-06-14  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Change Ludovic' description.

2007-06-14  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openpgp.c: Merge patch from Timo, applied to CVS.  (stream_to_datum): Call gnutls_assert() on error.

2007-06-13  Ludovic CourtÃ¨s <ludo@chbouib.org>

	* lib/auth_cert.c: Fix off-by-one in TLS 1.2 handshake.  * lib/auth_cert.c (_gnutls_gen_cert_server_cert_req): Before
	  invoking `gnutls_malloc ()', increment SIZE when using TLS 1.2 so
	  that the allocated buffer is large-enough to contain the list of
	  supported hashes.  Don't change SIZE later on.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-06-13  Ludovic CourtÃ¨s <ludo@chbouib.org>

	* libextra/gnutls_openpgp.c: Fix use of uninitialized variable in
	`gnutls_certificate_set_openpgp_key_mem ()' * libextra/gnutls_openpgp.c (stream_to_datum): Check whether INP is
	  NULL rather than checking BUF (which is not initialized yet).  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-06-13  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-06-13  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-salowey-tls-rfc4507bis-00.txt: Add.

2007-06-12  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2007-06-11  Ludovic Courtes <ludo@chbouib.org>

	* guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
	guile/tests/raw-to-c.scm: Small cleanups in `guile/tests'.  Signed-off-by: Simon Josefsson <simon@josefsson.org>

2007-06-12  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Clarify that guile.texi dependencies are
	dependencies of gnutls.texi too.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-nir-tls-eap-00.txt: Add.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* THANKS, configure.in: Need to use CFLAGS when checking for
	-Wno-pointer-sign.  Reported by "Kristofer T. Karas"
	<ktk@enterprise.bidmc.harvard.edu>.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.13.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix update-po target.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Fix copyright years.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls.types: Add, to work around problems if this
	file isn't present.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix release target.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* po/Makevars: Specify MSGFILTER, to fix make distcheck.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am: Need to put libguile-gnutls-v-0.la before
	gnulib_libs, to fix rpath issue.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* guile/src/Makefile.am: Use _LIBADD for libraries, not _LDFLAGS.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
	lgl/fseeko.c, lgl/m4/gettext.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/intlmacosx.m4, lgl/m4/string_h.m4, lgl/m4/vasnprintf.m4,
	lgl/printf-args.c, lgl/printf-args.h, lgl/printf-parse.c,
	lgl/printf-parse.h, lgl/string_.h, lgl/vasnprintf.c: Update gnulib
	files.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/armor.c, libextra/opencdk/cipher.c,
	libextra/opencdk/compress.c, libextra/opencdk/context.h,
	libextra/opencdk/filters.h, libextra/opencdk/kbnode.c,
	libextra/opencdk/keydb.c, libextra/opencdk/literal.c,
	libextra/opencdk/main.c, libextra/opencdk/main.h,
	libextra/opencdk/misc.c, libextra/opencdk/new-packet.c,
	libextra/opencdk/opencdk.h, libextra/opencdk/pubkey.c,
	libextra/opencdk/read-packet.c, libextra/opencdk/seskey.c,
	libextra/opencdk/sig-check.c, libextra/opencdk/stream.c,
	libextra/opencdk/stream.h, libextra/opencdk/verify.c: Update to
	OpenCDK 0.6.3.

2007-06-11  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-badra-ecdhe-tls-psk-00.txt,
	doc/protocol/draft-hajjeh-tls-identity-protection-01.txt,
	doc/protocol/draft-hajjeh-tls-sign-03.txt: Add.

2007-06-08  Ludovic Courtes <ludo@chbouib.org>

	* guile/src/Makefile.am: Fix Guile linking so that the right GnuTLS
	libs are used.  * guile/src/Makefile.am (GNUTLS_CORE_LIBS, GNUTLS_EXTRA_LIBS): New.    (GNULIB_LDFLAGS): Renamed to `GNULIB_LIBS'.  Explicitly pass the
	  `.la' path.    (libguile_gnutls_v_0_la_LDFLAGS): Pass `$(GUILE_LDFLAGS)' as the
	  last item so that RPATH is in the right order (i.e., all   `$(top_builddir)/...' appear first).    (libguile_gnutls_extra_v_0_la_LDFLAGS): Likewise.

2007-06-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-06-08  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Generated.

2007-06-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.12.

2007-06-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Fix warnings on amd64, from Nikos.

2007-06-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-06-08  Simon Josefsson <simon@josefsson.org>

	* : commit 42c591867afe192eae45c56f1e0f9e3b8867d2ad Author: Simon
	Josefsson <jas@mocca.josefsson.org> Date:   Fri Jun 8 13:45:59 2007
	+0200

2007-06-08  Simon Josefsson <jas@mocca.josefsson.org>

	* po/Makevars: Try to fix line number collisions.

2007-06-06  Ludovic Courtes <ludo@chbouib.org>

	* configure.in, guile/src/Makefile.am: Fixed the
	`-Wno-strict-prototypes' issue in Guile code.  * configure.in: Add all custom CFLAGS to `AM_CFLAGS' rather than   `CFLAGS', except for `-D_REENTRANT -D_THREAD_SAFE' which must be   present during feature tests.  Substitute `AM_CFLAGS'.  * src/Makefile.am (libguile_gnutls_v_0_la_CFLAGS): Added
	  `$(AM_CFLAGS)'.  (libguile_gnutls_extra_v_0_la_CFLAGS): Likewise.    (AM_CFLAGS): When GCC is used, add `-Wno-strict-prototypes'.

2007-06-06  Ludovic Courtes <ludo@chbouib.org>

	* configure.in: Cosmetic changes in `configure.in'.  * configure.in: Display a heading indicating that Guile stuff are
	  being detected.

2007-06-06  Ludovic Courtes <ludo@chbouib.org>

	* m4/guile.m4: Added `guile.m4', per Simon's request.

2007-06-06  Ludovic Courtes <ludo@chbouib.org>

	* configure.in: Don't look for Guile when `guile-snarf' is not
	found.  * configure.in: Don't invoke `GUILE_PROGS' and `GUILE_FLAGS' when   `guile-snarf' is not found.

2007-06-04  Simon Josefsson <jas@mocca.josefsson.org>

	* doc/protocol/draft-rescorla-tls-suiteb-01.txt: Add.

2007-06-04  Simon Josefsson <jas@mocca.josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-new-mac-01.txt: Add.

2007-06-01  Simon Josefsson <jas@mocca.josefsson.org>

	* doc/guile.texi: More @node fixes.

2007-06-01  Simon Josefsson <jas@mocca.josefsson.org>

	* doc/guile.texi: Avoid @node collisions with main manual.

2007-06-01  Simon Josefsson <jas@mocca.josefsson.org>

	* doc/Makefile.am: Need -I for config.h.

2007-06-01  Simon Josefsson <jas@mocca.josefsson.org>

	* Makefile.am: Need to build doc/ after guile/.

2007-06-01  Simon Josefsson <jas@mocca.josefsson.org>

	* NEWS: Add.

2007-06-01  Simon Josefsson <jas@mocca.josefsson.org>

	* guile/src/Makefile.am: Need -I for config.h.

2007-06-01  Ludovic Courtès <ludo@chbouib.org>

	* : commit f469cfce51318df3b629d9af210ce4b4e587fac0 Author: Ludovic
	Courtes <ludo@chbouib.org> Date:   Fri Jun 1 00:51:10 2007 +0200

2007-06-01  Ludovic Courtes <ludo@chbouib.org>

	* doc/extract-guile-c-doc.scm,
	guile/modules/system/documentation/c-snarf.scm: Tiny bug fixes in
	Guile's documentation extraction.  * doc/extract-guile-c-doc.scm (main): Use named arguments rather
	  than a single rest arg.    Fixed the order of arguments as passed to   `run-cpp-and-extract-snarfing' so that `ccache gcc -E' is really   passed as `("ccache" "gcc" "-E")' (in this order).  * guile/modules/system/documentation/c-snarf.scm   (run-cpp-and-extract-snarfing): Pass FILE as the last CPP
	  argument.

2007-05-31  Ludovic Courtes <ludo@chbouib.org>

	* Makefile.am, configure.in, guile/src/Makefile.am: Build cleanups
	following Simon's comments.  * Makefile.am (SUBDIRS): Add `guile' when `HAVE_GUILE'.  * configure.in: When `guile-snarf' is not found, set   `opt_guile_bindings' to `no' instead of bailing out.  * src/Makefile.am (GUILE_FOR_BUILD): Fixed `-L' parameter.

2007-05-31  Simon Josefsson <jas@mocca.josefsson.org>

	* doc/gnutls.texi: Revert unnecessary changes.

2007-05-31  Simon Josefsson <jas@mocca.josefsson.org>

	* : commit d51689f572e544759632fa2f9ca0209a843d4452 Author: Ludovic
	Courtès <ludo@chbouib.org> Date:   Thu May 31 00:28:19 2007 +0200

2007-05-31  Ludovic Courtès <ludo@chbouib.org>

	* doc/guile.texi: Minor doc fixes.

2007-05-31  Ludovic Courtès <ludo@chbouib.org>

	* doc/Makefile.am: Handle missing Guile when building the
	documentation.

2007-05-31  Ludovic Courtès <ludo@chbouib.org>

	* doc/Makefile.am, doc/extract-guile-c-doc.scm, doc/gnutls.texi,
	doc/guile.texi: Integrated documentation of Guile bindings.

2007-05-30  Ludovic Courtès <ludo@chbouib.org>

	* configure.in, guile/src/Makefile.am: Try to handle "function
	declaration isn't a prototype" warnings.

2007-05-30  Simon Josefsson <jas@mocca.josefsson.org>

	* gl/netinet_in_.h, gl/string_.h, gl/sys_socket_.h,
	lgl/Makefile.am, lgl/float_.h, lgl/fseeko.c, lgl/lseek.c,
	lgl/m4/iconv.m4, lgl/m4/lseek.m4, lgl/m4/stdio_h.m4, lgl/stdint_.h,
	lgl/stdio_.h, lgl/string_.h, lgl/sys_socket_.h, lgl/sys_stat_.h,
	lgl/time_.h, lgl/unistd_.h, lgl/wchar_.h: Update.

2007-05-30  Ludovic Courtès <ludo@chbouib.org>

	* Makefile.am, configure.in, guile/Makefile.am,
	guile/modules/Makefile.am, guile/modules/gnutls.scm,
	guile/modules/gnutls/build/enums.scm,
	guile/modules/gnutls/build/priorities.scm,
	guile/modules/gnutls/build/smobs.scm,
	guile/modules/gnutls/build/utils.scm,
	guile/modules/gnutls/extra.scm,
	guile/modules/system/documentation/README,
	guile/modules/system/documentation/c-snarf.scm,
	guile/modules/system/documentation/output.scm,
	guile/pre-inst-guile.in, guile/src/Makefile.am, guile/src/core.c,
	guile/src/errors.c, guile/src/errors.h, guile/src/extra.c,
	guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
	guile/src/make-session-priorities.scm,
	guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
	guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
	guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
	guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.asc,
	guile/tests/openpgp-keyring.scm, guile/tests/openpgp-keys.scm,
	guile/tests/openpgp-pub.asc, guile/tests/openpgp-sec.asc,
	guile/tests/pkcs-import-export.scm, guile/tests/raw-to-c.scm,
	guile/tests/rsa-parameters.pem,
	guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
	guile/tests/x509-auth.scm, guile/tests/x509-certificate.pem,
	guile/tests/x509-certificates.scm, guile/tests/x509-key.pem: Started
	Guile integration.  Documentation is still missing.  A bit rough on the edges, but
	`make' and `make check' do work.

2007-05-28  Simon Josefsson <jas@mocca.josefsson.org>

	* doc/Makefile.am: Make sure all images are distributed in all
	formats.  Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.

2007-05-27  Simon Josefsson <jas@mocca.josefsson.org>

	* lib/gnutls_x509.c: (parse_pem_ca_mem): Handle reads beyond first certificate properly.
	Reported by Dennis Vshivkov <walrus@amur.ru> in
	<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333050>.

2007-05-27  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/parse_ca.c: Add self-test.

2007-05-27  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2007-05-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-05-27  Simon Josefsson <jas@mocca.josefsson.org>

	* NEWS: [no log message]

2007-05-27  Simon Josefsson <jas@mocca.josefsson.org>

	* lib/gnutls_datum.c: (_gnutls_free_datum_m): Free even if size is 0.

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* NEWS: Add.

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* lib/x509/privkey_pkcs8.c: (decode_pkcs8_key): If ASN.1 decoding fails after decrypting an
	already properly decoded value, assume it is due to a bad password
	rather than ASN.1 error.  Reported by Nate Nielsen
	<nielsen-list@memberwebs.com>.  (From 1.6.x branch.)

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* lib/x509/privkey_pkcs8.c: (decode_private_key_info): Translate asn1 errors properly.  Reported
	by Nate Nielsen <nielsen-list@memberwebs.com>.

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* lib/auth_cert.c: Fix mem leak, reported by Andrey Nosenko
	<andrew.w.nosenko@gmail.com>.  (From 1.6.x branch.)

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* THANKS: Add (from 1.6.x).

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* ChangeLog: Generated.

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* NEWS: Version 1.7.11.

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* NEWS: Fix.

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* configure.in: Bump versions.

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* NEWS: Add.

2007-05-26  Simon Josefsson <jas@mocca.josefsson.org>

	* libextra/opencdk/Makefile.am: Add opencdk.h to sources.

2007-05-25  Simon Josefsson <jas@mocca.josefsson.org>

	* ChangeLog: Generated.

2007-05-25  Simon Josefsson <jas@mocca.josefsson.org>

	* NEWS: Version 1.7.10.

2007-05-25  Simon Josefsson <jas@mocca.josefsson.org>

	* Makefile.am: Use cg instead of cvs commands, for update-po target.

2007-05-25  Simon Josefsson <jas@mocca.josefsson.org>

	* NEWS: Add.

2007-05-25  Simon Josefsson <jas@mocca.josefsson.org>

	* Makefile.am: Change release target from cvs to git.

2007-05-25  Simon Josefsson <jas@mocca.josefsson.org>

	* lgl/lseek.c, lgl/m4/lseek.m4: Update.

2007-05-25  Simon Josefsson <jas@mocca.josefsson.org>

	* doc/gendocs_template, lgl/.cvsignore, lgl/Makefile.am,
	lgl/fseeko.c, lgl/m4/fseeko.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/unistd_h.m4, lgl/stdio_.h, lgl/unistd_.h: Update.

2007-05-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2007-05-24  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2007-05-24  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: Use new API.

2007-05-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-05-24  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/netinet_in_.h, gl/string_.h, gl/sys_socket_.h,
	lgl/.cvsignore, lgl/Makefile.am, lgl/float+.h, lgl/float_.h,
	lgl/fseeko.c, lgl/m4/float_h.m4, lgl/m4/fseeko.m4,
	lgl/m4/gnulib-comp.m4, lgl/m4/stdio_h.m4, lgl/m4/vasnprintf.m4,
	lgl/m4/vasprintf.m4, lgl/m4/wint_t.m4, lgl/stdint_.h, lgl/stdio_.h,
	lgl/string_.h, lgl/sys_socket_.h, lgl/sys_stat_.h, lgl/time_.h,
	lgl/unistd_.h, lgl/vasnprintf.c, lgl/wchar_.h: Update.

2007-05-24  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2007-05-24  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/x509.h, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509.h: Export gnutls_x509_crt_get_raw_dn,
	gnutls_x509_crt_get_raw_issuer_dn.

2007-05-23  Timo Schulz <twoaday@gnutls.org>

	* libextra/openpgp/xml.c: fix the key ID representation in the XML
	code.

2007-05-21  Timo Schulz <twoaday@gnutls.org>

	* libextra/openpgp/extras.c, libextra/openpgp/openpgp.h,
	libextra/openpgp/pgp.c, libextra/openpgp/xml.c: cleanups for the xml
	code: elgamal keys are not supported.  bug fix for the key import
	(base64) code, store the stream and close it in the deinit function.

2007-05-21  Timo Schulz <twoaday@gnutls.org>

	* src/openpgp/Makefile.am, src/openpgp/cli_ring.asc: Add client
	keyring in base64 format.  This is the same file as cli_ring.gpg but
	armored.

2007-05-21  Timo Schulz <twoaday@gnutls.org>

	* libextra/openpgp/extras.c: do not close the input stream in the
	import code when the base64 is used.

2007-05-14  Timo Schulz <twoaday@gnutls.org>

	* tests/openpgp/keyring.c: few more comments.

2007-05-14  Timo Schulz <twoaday@gnutls.org>

	* configure.in: add makefile for the openpgp test folder

2007-05-14  Timo Schulz <twoaday@gnutls.org>

	* libextra/openpgp/extras.c: patch to support raw keyrings.

2007-05-14  Timo Schulz <twoaday@gnutls.org>

	* tests/Makefile.am, tests/openpgp/Makefile.am,
	tests/openpgp/keyring.c: Add simple openpgp test.

2007-05-12  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2007-05-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.9.

2007-05-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-05-12  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Reorder to work around libtool bug.

2007-05-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-05-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-05-12  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/vasnprintf.m4, lgl/vasnprintf.c, libextra/opencdk/armor.c,
	libextra/opencdk/cipher.c, libextra/opencdk/compress.c,
	libextra/opencdk/context.h, libextra/opencdk/filters.h,
	libextra/opencdk/kbnode.c, libextra/opencdk/keydb.c,
	libextra/opencdk/literal.c, libextra/opencdk/main.c,
	libextra/opencdk/main.h, libextra/opencdk/misc.c,
	libextra/opencdk/opencdk.h, libextra/opencdk/pubkey.c,
	libextra/opencdk/read-packet.c, libextra/opencdk/sig-check.c,
	libextra/opencdk/stream.c, libextra/opencdk/verify.c,
	libextra/opencdk/write-packet.c: Update.

2007-05-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-05-11  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: (gnutls_set_default_priority): Change order to prefer X.509 over
	OpenPGP.

2007-05-03  Simon Josefsson <simon@josefsson.org>

	* doc/gendocs_template, gl/override/doc/gendocs_template,
	gl/override/doc/gendocs_template.diff: Update.

2007-05-03  Simon Josefsson <simon@josefsson.org>

	* doc/gendocs_template: Revert to upstream gnulib version.

2007-05-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-05-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-05-03  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/socklen.m4,
	gl/string_.h, gl/{socket_.h => sys_socket_.h}, lgl/Makefile.am,
	lgl/getpass.c, lgl/m4/fseeko.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/socklen.m4, lgl/m4/stdint.m4, lgl/m4/stdio_h.m4,
	lgl/m4/sys_stat_h.m4, lgl/m4/unistd_h.m4, lgl/stdio_.h,
	lgl/string_.h, lgl/{socket_.h => sys_socket_.h}, lgl/{stat_.h =>
	sys_stat_.h}, lgl/time_.h, lgl/unistd_.h, lgl/wchar_.h: Update.

2007-05-02  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Add gnutls-logo.pdf, to fix distcheck.

2007-05-02  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Fix mem leaks.

2007-04-29  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-otto-tls-sigma-ciphersuite-00.txt: Add.

2007-04-24  Timo Schulz <twoaday@gnutls.org>

	* libextra/opencdk/literal.c: missing file.

2007-04-24  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-new-mac-00.txt,
	doc/protocol/draft-ietf-tls-suiteb-00.txt: Add.

2007-04-22  Timo Schulz <twoaday@gnutls.org>

	* libextra/opencdk/dummy.c: [no log message]

2007-04-22  Timo Schulz <twoaday@gnutls.org>

	* libextra/opencdk/Makefile.am, libextra/opencdk/README,
	libextra/opencdk/armor.c, libextra/opencdk/cipher.c,
	libextra/opencdk/cipher.h, libextra/opencdk/compress.c,
	libextra/opencdk/context.h, libextra/opencdk/encrypt.c,
	libextra/opencdk/filters.h, libextra/opencdk/kbnode.c,
	libextra/opencdk/keydb.c, libextra/opencdk/keygen.c,
	libextra/opencdk/keylist.c, libextra/opencdk/keyserver.c,
	libextra/opencdk/main.c, libextra/opencdk/main.h,
	libextra/opencdk/md.c, libextra/opencdk/md.h,
	libextra/opencdk/misc.c, libextra/opencdk/new-packet.c,
	libextra/opencdk/opencdk.h, libextra/opencdk/packet.h,
	libextra/opencdk/plaintext.c, libextra/opencdk/pubkey.c,
	libextra/opencdk/read-packet.c, libextra/opencdk/seskey.c,
	libextra/opencdk/sig-check.c, libextra/opencdk/sign.c,
	libextra/opencdk/stream.c, libextra/opencdk/stream.h,
	libextra/opencdk/sym-cipher.c, libextra/opencdk/trustdb.c,
	libextra/opencdk/types.h, libextra/opencdk/verify.c,
	libextra/opencdk/write-packet.c: replace the old build-in opencdk
	version with the most recent cvs version.

2007-04-22  Simon Josefsson <simon@josefsson.org>

	* configure.in: Check for OpenCDK function that is only available in
	OpenCDK 0.6.0.

2007-04-21  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2007-04-21  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-badra-tls-password-00.txt,
	doc/protocol/draft-badra-tls-password-ext-00.txt: Add.

2007-04-20  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Adjustments for the opencdk migration
	and some cleanups.

2007-04-20  Timo Schulz <twoaday@gnutls.org>

	* libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.h,
	libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
	libextra/openpgp/privkey.c, libextra/openpgp/xml.c: First bunch of
	patches for the opencdk migration.

2007-04-19  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/extras.c: (gnutls_openpgp_keyring_import): Make it work (it seems the old code
	didn't work).  Patch from ludo@chbouib.org (Ludovic Courtès).

2007-04-18  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Mention P12 structure.

2007-04-18  Simon Josefsson <simon@josefsson.org>

	* tests/tlsia.c: Check return codes from init functions.

2007-04-18  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/sign.c: Write NULL in parameters for RSA signing.

2007-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/certtool-cfg.c, src/certtool.c: Use current time as
	default serial number.

2007-04-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-04-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-04-16  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2007-04-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.8.

2007-04-16  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_write.c: Doc fix.

2007-04-16  Simon Josefsson <simon@josefsson.org>

	* tests/gc.c: Need to init libgcrypt with secure memory hooks.

2007-04-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am: Add.

2007-04-16  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Reorder to make it compile.

2007-04-16  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-comp.m4, gl/string_.h, lgl/Makefile.am,
	lgl/float+.h, lgl/m4/gnulib-comp.m4, lgl/m4/intl.m4,
	lgl/m4/longdouble.m4, lgl/m4/stdint.m4, lgl/m4/stdio_h.m4,
	lgl/m4/vasnprintf.m4, lgl/printf-args.c, lgl/printf-args.h,
	lgl/printf-parse.c, lgl/stdio_.h, lgl/string_.h, lgl/time_.h,
	lgl/vasnprintf.c, lgl/wchar_.h: Update.

2007-04-16  Simon Josefsson <simon@josefsson.org>

	* lgl/gc-libgcrypt.c, lib/gnutls_handshake.c,
	lib/gnutls_session_pack.c, lib/x509/output.c, lib/x509/verify.c: Fix
	warnings, tiny patch from Andreas Metzler
	<ametzler@downhill.at.eu.org>.

2007-04-12  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Fix.

2007-04-12  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Fix.

2007-04-12  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2007-04-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_psk.c: (gnutls_psk_set_client_credentials): Fix prototype.

2007-04-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-04-10  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am, lib/Makefile.am, src/cli.c, src/serv.c: 
	Respect ENABLE_AUTHZ.

2007-04-10  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.c: Make tls-authz conditional on
	ENABLE_AUTHZ.

2007-04-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add anon conditional.

2007-04-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix --disable-*.

2007-04-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add --disable-tls-authorization.

2007-04-10  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openpgp.c: (gnutls_certificate_set_openpgp_key): Allocate certificate structure
	properly.  Tiny patch from ludo@chbouib.org (Ludovic Courtès).

2007-04-06  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Make -d work again after last change.

2007-04-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-04-06  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: (gnutls_x509_crt_get_key_id): Don't fail on non-RSA/DSA public keys.

2007-04-04  Simon Josefsson <simon@josefsson.org>

	* src/cli-gaa.c, src/cli.gaa, src/common.c, src/common.h,
	src/serv-gaa.c, src/serv.gaa: Use gnutls_cipher_suite_info.

2007-04-04  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add
	gnutls_cipher_suite_info API, suggested by Howard Chu
	<hyc@symas.com>.

2007-04-04  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Don't hard code algorithm list.

2007-04-04  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add
	new APIs to list supported algorithms: gnutls_cipher_list,
	gnutls_mac_list, gnutls_compression_list, gnutls_protocol_list,
	gnutls_certificate_type_list, and gnutls_kx_list.  Suggested by
	Howard Chu <hyc@symas.com>.

2007-04-04  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Simplify kx
	definition, since gnutls-extra no longer touches it.

2007-04-04  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Init the library immediately (for print_list(), called
	by gaa_parser, to be able to call gnutls functions).

2007-04-03  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: $(LIBOPENCDK_LIBS) should be necessary here,
	since libgnutls-extra links to it.

2007-04-03  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Fix LIBOPENCDK_LIBS.  No need for
	AM_CPPFLAGS += $(LIBOPENCDK_CFLAGS), the new macro add necessary
	-I's to CPPFLAGS automatically.

2007-04-03  Simon Josefsson <simon@josefsson.org>

	* configure.in: Need stddef.h for opencdk.h.

2007-04-03  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	lgl/.cvsignore, lgl/Makefile.am, lgl/getdelim.c, lgl/getdelim.h,
	lgl/getline.c, lgl/getline.h, {gl => lgl}/getpass.c, {gl =>
	lgl}/getpass.h, lgl/m4/getdelim.m4, lgl/m4/getline.m4, {gl =>
	lgl}/m4/getpass.m4, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4: 
	Update.

2007-04-03  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix LIBGNUTLS_EXTRA_* for cdk changes.

2007-04-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-04-03  Simon Josefsson <simon@josefsson.org>

	* configure.in, m4/opencdk.m4: Use AC_LIB_HAVE_LINKFLAGS to find
	opencdk, remove opencdk.m4.

2007-04-03  Simon Josefsson <simon@josefsson.org>

	* build-aux/gendocs.sh, gl/stdbool_.h, lgl/Makefile.am,
	lgl/alloca_.h, lgl/asprintf.c, lgl/m4/gnulib-cache.m4,
	lgl/m4/gnulib-comp.m4, lgl/m4/iconv.m4, lgl/m4/intdiv0.m4,
	lgl/stat_.h, lgl/stdbool_.h, lgl/vasprintf.c: Update.

2007-03-28  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: No need to error about unknown algorithm, it
	already says unknown.

2007-03-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Remove #if GNUTLS_PK_LOOP madness that
	hides problems.  (gnutls_pk_algorithm_get_name): Don't return GOST for unsupported
	algorithms (e.g., ECC).

2007-03-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_str.c: No need for vasprintf.h.

2007-03-28  Simon Josefsson <simon@josefsson.org>

	* gl/getaddrinfo.c, gl/string_.h, gl/version-etc.c, lgl/.cvsignore,
	lgl/Makefile.am, lgl/asprintf.c, lgl/des.c, lgl/dummy.c,
	lgl/float+.h, lgl/m4/gnulib-comp.m4, lgl/m4/printf-posix.m4,
	lgl/m4/stdio_h.m4, lgl/m4/vasnprintf.m4, lgl/m4/vasprintf.m4,
	lgl/printf-parse.c, lgl/stdio_.h, lgl/string_.h, lgl/vasnprintf.c,
	lgl/vasprintf.c, lgl/vasprintf.h: Update.

2007-03-21  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-crq.c, doc/examples/ex-pkcs12.c,
	doc/examples/ex-rfc2818.c, src/crypt.c: Use size_t at appropriate
	places.  Tiny patch by Deanna Phillips <deanna@sdf.lonestar.org>.

2007-03-21  Simon Josefsson <simon@josefsson.org>

	* tests/anonself.c: Need netinet/in.h.  Tiny patch from Deanna
	Phillips <deanna@sdf.lonestar.org>.

2007-03-21  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-padding/pkcs1-pad: Trim whitespace from 'wc' output.
	Tiny patch from Deanna Phillips <deanna@sdf.lonestar.org>.

2007-03-15  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2007-03-15  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_write.c: (gnutls_x509_crt_set_version): Doc fix, tiny patch from Florian
	Weimer <fweimer@bfk.de>.

2007-03-12  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/netinet_in_h.m4,
	gl/m4/sys_socket_h.m4, gl/netinet_in_.h, gl/socket_.h,
	lgl/Makefile.am, lgl/des.c, lgl/des.h, lgl/dummy.c,
	lgl/gc-gnulib.c, lgl/m4/gnulib-comp.m4, lgl/m4/snprintf.m4,
	lgl/m4/stdbool.m4, lgl/m4/stdio_h.m4, lgl/m4/sys_socket_h.m4,
	lgl/m4/vasnprintf.m4, lgl/snprintf.c, lgl/socket_.h,
	lgl/stdbool_.h, lgl/stdint_.h, lgl/stdio_.h, lgl/vasnprintf.c,
	lgl/vasnprintf.h, lgl/vasprintf.h: Update.

2007-03-07  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4346-bis-03.txt: Update,

2007-03-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.c: Simplify error handling.

2007-03-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-03-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Doc fix.

2007-03-07  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump due to added APIs.

2007-03-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Prefer aes256.

2007-03-06  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2007-03-06  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, maint-cfg.mk: Work around config.rpath issue.

2007-03-06  Simon Josefsson <simon@josefsson.org>

	* lgl/stdio_.h: Update.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Use libgnutls' priorities.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* tests/dhepskself.c: Remove priority setting.  Fix output.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-authz.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client2.c, doc/examples/ex-serv-pgp.c: Remove
	confusing priority setting stuff.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* .cvsignore, build-aux/.cvsignore, doc/.cvsignore: [no log message]

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* lib/ext_authz.c: Don't assert when no authz.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Use default ciphers.  Simplify SRP callback.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: (gnutls_set_default_priority): Fix defaults.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Let libgnutls remove SRP/PSK if not used.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Indent and doc fix.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/gnutls_priority.h, lib/gnutls_record.c,
	lib/gnutls_state.c: Remove gnutls_priority.h, not needed.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Reorder.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Reorder.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Reorder.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, build-aux/GNUmakefile, build-aux/config.rpath,
	gendocs.sh => build-aux/gendocs.sh, link-warning.h =>
	build-aux/link-warning.h, maint.mk => build-aux/maint.mk,
	gl/gnulib.mk, gl/m4/gnulib-cache.m4, lgl/Makefile.am,
	lgl/m4/gnulib-cache.m4: Fixes for build-aux.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Use build-aux/.

2007-03-05  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4346-bis-03.txt,
	lgl/m4/gnulib-comp.m4, lgl/m4/time_r.m4, lgl/m4/vasnprintf.m4,
	lgl/m4/vasprintf.m4, lgl/time_.h, lgl/vasnprintf.c,
	lgl/vasnprintf.h, lgl/vasprintf.h: Updaet.

2007-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-salowey-tls-rsa-aes-gcm-00.txt: Add.

2007-02-26  Simon Josefsson <simon@josefsson.org>

	* po/sv.po: Sync with TP.

2007-02-26  Simon Josefsson <simon@josefsson.org>

	* po/pl.po: Sync with TP.

2007-02-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-nir-tee-pm-00.txt: Add.

2007-02-25  Simon Josefsson <simon@josefsson.org>

	* doc/examples/.cvsignore: [no log message]

2007-02-25  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add authz server.

2007-02-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-02-25  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Add authz.

2007-02-25  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-serv-authz.c: Add.

2007-02-25  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-authz.c, doc/gnutls.texi: Add.

2007-02-24  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Add credits.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Minor tweaks to proxy output.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* THANKS: Typo.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* tests/dn.c: Other cert.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add dn.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* tests/dn.c: Add.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Rename.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: Rename non-released functions.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.h: Remove.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Code cleanup and documentation of last patch.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h, lib/x509/x509.h: Fix.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h, lib/x509/x509.c, lib/x509/x509.h: New APIs
	to deal with DN's.  Patch from Howard Chu <hyc@symas.com>.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.7.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lgl/.cvsignore: [no log message]

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* gl/getaddrinfo.c, gl/gnulib.mk, gl/m4/gnulib-comp.m4,
	gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
	lgl/m4/gnulib-comp.m4, lgl/m4/intdiv0.m4, lgl/m4/snprintf.m4,
	lgl/m4/stdio_h.m4, lgl/m4/string_h.m4, lgl/m4/unistd_h.m4,
	lgl/snprintf.c, lgl/snprintf.h, lgl/stdio_.h, lgl/string_.h,
	lgl/unistd_.h, link-warning.h: Update.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/ext_authz.c, lib/gnutls_supplemental.c: Typo.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h: Revert.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: New flags for authz extension.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/ext_authz.c: Use our own logic to determine whether to send
	extension replies in server.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.h: Add prototype for
	_gnutls_extension_list_check, we use it in ext_authz.c.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.c: Remove static from
	_gnutls_extension_list_check, we use it in ext_authz.c

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/ext_authz.c: Don't send authz extension when we shouldn't.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* src/cli-gaa.c, src/cli-gaa.h: Generated.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* src/cli.c, src/serv.c: Fix #include's.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* src/cli.c, src/cli.gaa: Support gnutls-cli --authz-x509-attr-cert
	and --authz-saml-assertion.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* src/common.c, src/serv-gaa.c, src/serv-gaa.h, src/serv.c,
	src/serv.gaa: Support gnutls-serv --authz-x509-attr-cert and
	--authz-saml-assertion.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix so version due to added APIs.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore more.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Revert.

2007-02-22  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.pc.in: Revert Requires-change.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_extensions.c: Add authz extension.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/ext_authz.c: Typo.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_supplemental.c: Add authz hooks.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Fix type (in never released
	prototypes).

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Add authz stuff.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Build ext_authz.h and ext_authz.c.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/ext_authz.c, lib/ext_authz.h: New file.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c, lib/gnutls_supplemental.h: Sync with
	gnutls_supplemental.c.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_supplemental.c: Fill in type+length.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Add gnutls_authz_recv_callback_func
	and gnutls_authz_send_callback_func.  Add gnutls_authz_enable,
	gnutls_authz_send_x509_attr_cert, gnutls_authz_send_saml_assertion,
	gnutls_authz_send_x509_attr_cert_url, and
	gnutls_authz_send_saml_assertion_url.  Remove GNUTLS_AUTHZ_LAST from
	gnutls_authz_data_format_type_t (never part of any release).

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_supplemental.c: If callbacks failed to provide
	anything, at least send protocol valid (yet semantically invalid)
	supplemental message.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Add for supplemental support.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Support supplemental handshake messages.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Add gnutls_supplemental.h and
	gnutls_supplemental.c.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_supplemental.c, lib/gnutls_supplemental.h: New file.

2007-02-21  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2007-02-19  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Add gnutls_supplemental_get_name.
	Fix gnutls_authz_data_format_type_t.

2007-02-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/debug.c: Support SUPPLEMENTAL handshake type.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: update

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check/hostname-check.c: Tests ipAddress SAN's too.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check/hostname-check.c: Test wildcard stuff too.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* lib/x509/rfc2818_hostname.c: Indent.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* lib/x509/rfc2818_hostname.c: Support iPAddress too.  Doc fix.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check/hostname-check.c: Fix mem leak.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* lib/x509/rfc2818_hostname.c: Doc fix.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* lib/x509/rfc2818_hostname.c: Don't treat absence of CN in subject
	as a successful RFC 2818 hostname comparison match.  Reported by
	"Richard W.M. Jones" <rjones@redhat.com>.

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* tests/hostname-check/.cvsignore: [no log message]

2007-02-16  Simon Josefsson <simon@josefsson.org>

	* configure.in, tests/Makefile.am,
	tests/hostname-check/Makefile.am, tests/hostname-check/README,
	tests/hostname-check/hostname-check.c: Add self test of rfc2818
	server identity check.

2007-02-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.pc.in: Add 'Requires: libtasn1' to make 'pkg-config
	--libs gnutls' output -ltasn1.  Reported by Pavlov Konstantin
	<thresh@altlinux.ru>.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_hash_int.c: Avoid assert.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Make sure NULL is a pointer.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Change vararg 0 to NULL.  Tiny change suggested by
	Joe Orton <joe@manyfish.co.uk>.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Fix gnutls_authz_data_format_type_t.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Add
	gnutls_supplemental_data_format_type_t with member
	GNUTLS_SUPPLEMENTAL_AUTHZ_DATA.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Add gnutls_authz_data_format_type_t,
	with members GNUTLS_AUTHZ_X509_ATTR_CERT,
	GNUTLS_AUTHZ_SAML_ASSERTION, GNUTLS_AUTHZ_X509_ATTR_CERT_URL,
	GNUTLS_AUTHZ_SAML_ASSERTION_URL.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Reorder.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Add GNUTLS_EXTENSION_AUTHZ_CLIENT and
	GNUTLS_EXTENSION_AUTHZ_SERVER.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Add GNUTLS_HANDSHAKE_SUPPLEMENTAL.

2007-02-14  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Spell out handshake types.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool-gaa.c, src/certtool-gaa.h: Update.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Use error().

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Cleanup p12 printing.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Cleanup pkcs7_info.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Better errors.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.gaa: Remove --copyright (use --version).

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Use version-etc.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix for version-etc.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/stdarg.m4, gl/version-etc-fsf.c, gl/version-etc.c,
	gl/version-etc.h: Update.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Cleanup CRL.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Cleanup.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Simplify.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Cleanups.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Rewrite generate_private_key_int.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix mem leak.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix crl_info.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Rewrite load_private_key.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Rewrite load_request.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Rewrite load_ca_private_key.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Remove.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Rewrite load_ca_cert.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: No limit on CRL size during verification.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Simplify.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/certificate_set_x509_crl.c: Need config.h.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Use AM_CPPFLAGS, not obsolete INCLUDES.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Need libgnu.la.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/errcodes.c: Need config.h.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c: Update.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove stuff obsoleted by time_r.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Don't check for time.h, not needed.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lib/defines.h: Only use time.h, from gnulib if needed.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lgl/.cvsignore: [no log message]

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: UPdate.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Remove.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* gl/string_.h, lgl/Makefile.am, lgl/m4/gnulib-comp.m4,
	lgl/m4/time_h.m4, lgl/m4/time_r.m4, lgl/string_.h, lgl/time_.h,
	lgl/time_r.c, lgl/time_r.h: Update.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/.cvsignore, tests/x509paths/.cvsignore: [no log
	message]

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/README: Fix.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/gnutls-nist-tests.html: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/README: Fix.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/pkits_test: Unpack.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/.cvsignore: [no log message]

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/pkits_test: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/pkits_test_list_generator.patch: Update.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/gnutls_test_entry: Remove.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/build-chain, tests/nist-pkits/gnutls_test_entry,
	tests/nist-pkits/pkits_test_list_generator.patch: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/README: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/README: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lib/x509/mpi.c: We don't support inherited DSA parameters.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/pkits_crl, tests/nist-pkits/pkits_crt,
	tests/nist-pkits/pkits_pkcs12, tests/nist-pkits/pkits_smime: Update.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/pkits: Fix.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/pkits: Fix.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/pkits: Fix.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore, tests/nist-pkits/.cvsignore: [no log message]

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/nist-pkits/README, tests/{ => nist-pkits}/pkits, tests/{ =>
	nist-pkits}/pkits_crl, tests/{ => nist-pkits}/pkits_crt, tests/{ =>
	nist-pkits}/pkits_pkcs12, tests/{ => nist-pkits}/pkits_smime: Move
	PKITS stuff to nist-pkits/.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/x509paths/README: Fix.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/x509paths/chain: fix for chain 1.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* tests/x509paths/README, tests/{ => x509paths}/chain: Move old NIST
	stuff to separate directory.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lib/x509/dn.c: Don't write to buf if *sizeof_buf==0.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Don't use uninitialized.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Don't access ret unless *ret_size>0.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix PKI test.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Simplify copyright.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool-cfg.c: Remove.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Remove unused.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Make certtool conditional on ENABLE_PKI.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add conditional for PKI stuff.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Handle larger certificate lists.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: crl: Support GNUTLS_X509_CRT_UNSIGNED_FULL.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Use gnutls_x509_crl_print.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/output.c,
	lib/x509/x509.c: Add gnutls_x509_crl_get_signature and
	gnutls_x509_crl_print.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Use error().

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: We do need lgl/ though.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am, libextra/opencdk/Makefile.am: No need for
	gl/.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/Makefile.am: Don't include gl/.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* gl/error.c, gl/error.h, gl/gnulib.mk, gl/m4/error.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/progname.c,
	gl/progname.h: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Revert.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in: Revert.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* gl/dummy.c, src/lib/Makefile.am, src/lib/error.c,
	src/lib/error.h, src/lib/m4/error.m4, src/lib/m4/gnulib-cache.m4,
	src/lib/m4/gnulib-common.m4, src/lib/m4/gnulib-comp.m4,
	src/lib/m4/gnulib-tool.m4, src/lib/progname.c, src/lib/progname.h: 
	Remove.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: No need for gl/.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix src/lib/.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Build src/lib/.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Init src/lib/.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	src/lib/Makefile.am, src/lib/m4/gnulib-cache.m4,
	src/lib/m4/gnulib-comp.m4: Update.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* gl/error.c, gl/error.h, gl/m4/error.m4: Remove.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* gl/error.c, gl/error.h, gl/gnulib.mk, gl/m4/error.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, src/lib/Makefile.am,
	src/lib/error.c, src/lib/error.h, src/lib/m4/error.m4,
	src/lib/m4/gnulib-cache.m4, src/lib/m4/gnulib-common.m4,
	src/lib/m4/gnulib-comp.m4, src/lib/m4/gnulib-tool.m4,
	src/lib/progname.c, src/lib/progname.h: Add.

2007-02-13  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: No size limit on CRL data.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: (_gnutls_x509_san_find_type): Support GNUTLS_SAN_DN.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Support GNUTLS_SAN_DN.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: (parse_general_name): Support GNUTLS_SAN_DN.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in: Add.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.6.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* configure.in: New APIs, bump libtool library versions.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
	lgl/m4/string_h.m4, lgl/string_.h: Update.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Use latest docs on web site.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* po/POTFILES.in: Add.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Mark for translation.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/pkix_asn1_tab.c: Generated.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Print more than one SAN.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Better printing of XMPP SAN.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/pkix.asn: Add XMPP definitions.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Doc fix.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Decode XMPP data.  Suggested by Matthias Wimmer
	<m@tthias.eu>.

2007-02-12  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Print X.509 client cert info.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Text fix.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: Update.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: strftime %Z on mingw32 seems to not understand
	that gmtime was used and that the time given is in UTC.  Just hard
	code it to UTC.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_str.c: Typo.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/asprintf.c, lgl/m4/gnulib-cache.m4,
	lgl/m4/gnulib-comp.m4, lgl/m4/vasprintf.m4, lgl/vasprintf.c,
	lgl/vasprintf.h: Add.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Use gnulib's time_r for systems that lack
	gmtime_r.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/time_r.m4, lgl/time_r.c, lgl/time_r.h: Add.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* tests/pathlen/no-ca-or-pathlen.pem: Fix.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Strings not zero terminated.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Hexprint unknown extensions.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* tests/key-id/key-id, tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: Update.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Remove.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Support GNUTLS_X509_CRT_UNSIGNED_FULL.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Use gnutls_x509_crt_print.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/x509.h: Add.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Fix error messages.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Really fix.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Fix.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: Change signature (ok since no release).

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Use datum for outputs.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-housley-tls-authz-extns-07.txt: Add.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Simplify.

2007-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/x509/extensions.c: Don't crash on NULL's.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add, from older branches.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/output.c: Doc fix.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Build output.c.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/output.c: Add.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/x509.h, lib/x509/x509.c: Add
	gnutls_x509_crt_get_signature.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: gnutls-serv: create client & proxy too.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* src/certtool-cfg.c: Default proxy policy is ALL.  Fixes crash.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/extensions.c: Fix warnings.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_str.c, lib/gnutls_str.h: Add
	_gnutls_string_append_printf.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/x509.h, lib/x509/x509.c: Add
	gnutls_x509_crt_get_extension_data and
	gnutls_x509_crt_get_extension_info.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: XMPP otherName SAN support.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/x509/x509.c: Fix.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Doc fix.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Support XMPP OID.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Doc fix.

2007-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, includes/gnutls/x509.h,
	lib/x509/common.c, lib/x509/x509.c, src/certtool.c: Support
	otherName SAN's.

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: add tcp and tlsia

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Fix.

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Don't say TLS 1.0.

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_sig.c: Fix DSA sign, broken by last commit.

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_sig.c: Fix TLS 1.2 signing (for servers).

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-07  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: dsa key

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_sig.c: Fix crash on failures.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-srp-00.txt,
	doc/protocol/draft-ietf-tls-srp-01.txt,
	doc/protocol/draft-ietf-tls-srp-02.txt,
	doc/protocol/draft-ietf-tls-srp-03.txt,
	doc/protocol/draft-ietf-tls-srp-04.txt,
	doc/protocol/draft-ietf-tls-srp-05.txt,
	doc/protocol/draft-ietf-tls-srp-06.txt,
	doc/protocol/draft-ietf-tls-srp-07.txt: Add.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.5.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
	lgl/m4/string_h.m4, lgl/string_.h: Update.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Reorder.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Don't ask for PSK if we don't have credentials for it.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: mention psk

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: (_gnutls_remove_unwanted_ciphersuites): Remove GNUTLS_KX_SRP_RSA or
	GNUTLS_KX_SRP_DSS if there is no SRP credential.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: fix

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: fix

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Don't try to negotiate SRP kx if we don't have SRP
	username/password.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Prefer PSK.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/cli.c, src/serv.c: Modernize priorities.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: more

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Parse new MACs.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Prefer OpenPGP certs from client.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/cli-gaa.c: Generated.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Typo in last commit.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/cli.gaa: Typo.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Fix --list.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_hash_int.c: Revert, not needed.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_hash_int.c: (_gnutls_hash_get_algo_len): Handle NULL MACs again, broken by last
	commit.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Fix last commit.

2007-02-06  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Support TLS 1.2 and AES 256.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.4.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: use static DH params if none or provided

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* tests/anonself.c, tests/dhepskself.c, tests/resume.c,
	tests/tlsia.c, tests/utils.c, tests/utils.h: Use static DH.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* tests/pskself.c: No dh here.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Reorder.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* tests/sha2/.cvsignore: [no log message]

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* configure.in, tests/Makefile.am: Add SHA-2 self test.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/sha2/Makefile.am, tests/sha2/key-ca.pem,
	tests/sha2/key-subca.pem, tests/sha2/key-subsubca.pem,
	tests/sha2/key-user.pem, tests/sha2/sha2: Add.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* src/certtool-cfg.c: Set pathlength to -1 (not present) by default,
	for templates.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* src/certtool-gaa.c: Generated.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c, src/certtool.gaa: Support --hash SHA-256/384/512.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/x509/common.h, lib/x509/dn.c, lib/x509/x509.h: Support
	(RSA-)SHA-256/384/512.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* lgl/gc-libgcrypt.c, lgl/gc.h: Update.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: (GNUTLS_SIGN_ALG_LOOP): Don't match unknown algorithms to GOST.
	Affects gnutls_sign_algorithm_get_name, and
	_gnutls_x509_sign_to_oid.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in: Enum types for SHA-256/384/512.

2007-02-05  Simon Josefsson <simon@josefsson.org>

	* gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/string_h.m4,
	gl/stdbool_.h, gl/string_.h, lgl/Makefile.am,
	lgl/m4/gnulib-comp.m4, lgl/m4/string_h.m4, lgl/memmem.c,
	lgl/string_.h: Update.

2007-02-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-04  Simon Josefsson <simon@josefsson.org>

	* gl/gai_strerror.c, gl/gnulib.mk, gl/m4/gnulib-comp.m4,
	gl/m4/socklen.m4, gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
	lgl/m4/gnulib-comp.m4, lgl/m4/socklen.m4, lgl/m4/string_h.m4,
	lgl/string_.h: Update.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Typo.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/signatures.texi: Removed the wrong file, re-add this one.
	Oops.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Remove bibliography.texi.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/bibliography.texi, doc/signatures.texi: Remove.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Don't use my-bib-macros.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/my-bib-macros.texi: use pxref.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/my-bib-macros.texi: Fix.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: proxy and certtool stuff

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Doc fix.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/bibliography.texi: reorder

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/bibliography.texi: Add rfc3820.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Mention RFC 3820.

2007-02-02  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Improve extensions stuff.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.3.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem: Update.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Print times in UTC.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* tests/key-id/.cvsignore: [no log message]

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Reorder.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* configure.in: Typo.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* configure.in, tests/Makefile.am, tests/key-id/Makefile.am,
	tests/key-id/README, tests/key-id/ca-gnutls-keyid.pem,
	tests/key-id/ca-no-keyid.pem, tests/key-id/ca-weird-keyid.pem,
	tests/key-id/key-ca.pem, tests/key-id/key-id,
	tests/key-id/key-user.pem: Add key-id self test.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Don't print proxy info if there aren't any proxy
	extension.

2007-02-01  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc4785.txt: Add.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Use the CA's SKI as the AKI value, if it is
	present.  Reported by Dale Sedivec
	<dale-keyword-gnutls.5670f1@codefu.org>.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: Doc fix.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Add.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* src/certtool-cfg.c: Fix last commit.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Support
	reading/generating proxy certificates in certtool.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/x509.h, lib/x509/extensions.c,
	lib/x509/extensions.h, lib/x509/x509.c: Add
	gnutls_x509_crt_get_proxy.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_write.c: Fix last commit.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_write.c: (gnutls_x509_crt_set_proxy_dn): Permit NULL @name's.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention RFC 3820.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509_write.c: 
	Add proxy certificate APIs.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* src/certtool-cfg.c: Have RET for path lengths to mean -1.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* gl/.cvsignore, lgl/.cvsignore: [no log message]

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* lib/defines.h: String.h from gnulib now makes sure memmem is
	available.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* gl/strdup.h, lgl/memmem.h: Remove.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* gl/getaddrinfo.c, gl/gnulib.mk, gl/m4/absolute-header.m4,
	gl/m4/extensions.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
	gl/m4/strdup.m4, gl/m4/string_h.m4, gl/socket_.h, gl/strdup.c,
	gl/string_.h, lgl/Makefile.am, lgl/m4/extensions.m4,
	lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4, lgl/m4/memmem.m4,
	lgl/m4/stdint.m4, lgl/m4/string_h.m4, lgl/m4/unistd_h.m4,
	lgl/m4/wchar.m4, lgl/printf-args.c, lgl/printf-args.h,
	lgl/printf-parse.c, lgl/socket_.h, lgl/stdint_.h, lgl/string_.h,
	lgl/vasnprintf.c, lgl/wchar_.h: Update.

2007-01-31  Simon Josefsson <simon@josefsson.org>

	* tests/pathlen/.cvsignore: Add.

2007-01-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-01-26  Simon Josefsson <simon@josefsson.org>

	* configure.in, tests/Makefile.am, tests/pathlen/Makefile.am,
	tests/pathlen/ca-no-pathlen.pem,
	tests/pathlen/no-ca-or-pathlen.pem, tests/pathlen/pathlen: Test for
	pathlen bug (and general certificate parsing).

2007-01-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-01-26  Simon Josefsson <simon@josefsson.org>

	* lib/x509/extensions.c: (_gnutls_x509_ext_extract_basicConstraints): Make sure
	pathLenConstraint is read, even if CA reading fails.

2007-01-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-01-25  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutlsxx.h, lib/gnutlsxx.cpp: Add comment to
	describe C++ compiler bug problem.

2007-01-25  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutlsxx.h, lib/gnutlsxx.cpp: Fix C++ compiler bug
	in a "better" way, tiny patch from Matthias Scheler
	<tron@NetBSD.org>.

2007-01-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2007-01-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-01-16  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c, lib/gnutls_extra_hooks.h,
	libextra/gnutls_openpgp.c, libextra/openpgp/gnutls_openpgp.h,
	libextra/openpgp/privkey.c: Fix import of ASCII armored OpenPGP
	keys, patch from ludovic.courtes@laas.fr (Ludovic Courtès).

2007-01-15  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-rescorla-tls-extractor-00.txt: Add.

2007-01-14  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2007-01-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.2.

2007-01-14  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/gc-gnulib.c, lgl/m4/gnulib-comp.m4,
	lgl/m4/unistd_h.m4, lgl/m4/wint_t.m4, lgl/unistd_.h: Update.

2007-01-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-01-14  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/pubkey.c: Doc fix.

2007-01-14  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/opencdk.h, libextra/opencdk/pubkey.c: (cdk_pubkey_to_sexp, cdk_seckey_to_sexp): New functions, from Mario
	Lenz <mario.lenz@gmx.net>.

2007-01-13  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2007-01-12  Simon Josefsson <simon@josefsson.org>

	* lib/gnutlsxx.cpp: Make it compile by commenting out call to
	virtual method (possibly incorrect but I don't know what the
	intention was).

2007-01-12  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Don't use -mms-bitfields
	--enable-runtime-pseudo-reloc.

2007-01-12  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am: Fix objdir!=srcdir.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: (generate_pkcs12): Read more than one certificate, if there are more
	available, and store them in the PKCS12 blob.  Suggested by Sascha
	Ziemann <sascha.ziemann@secunet.com>.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore gnutls_extra_hooks.h.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Add.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Reorder lgl/ and gl/, to make sure lgl is built
	before gl.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, includes/gnutls/x509.h,
	lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
	lib/x509/x509_write.c, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: Support pathLenConstraint.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: libgnu.la depends on liblgnu.la, so don't
	add it twice.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gnulib.mk, gl/m4/gnulib-cache.m4: Getaddrinfo
	needs snprintf from ../lgl/, so make libgnu.la depend on liblgnu.la.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_extra.c: Need strverscmp.h.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls.vers: Don't export _E_*, they are only needed inside
	libgnutls now.  Fix copyright years.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/Makefile.am, lib/auth_cert.c, lib/auth_dh_common.c,
	lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/auth_srp_rsa.c, lib/gnutls_cert.c, lib/gnutls_extra_hooks.c,
	lib/gnutls_extra_hooks.h, libextra/gnutls_extra.c: Cleanup gnutls vs
	gnutls-extra integration, for OpenPGP certs.

2007-01-11  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_extra.c: Replace libgcrypt version check with
	strverscmp.  No need to duplicate prototype found in gnutls.h for
	gnutls_check_version.

2007-01-09  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/lib-link.m4,
	lgl/gc-gnulib.c, lgl/gc-libgcrypt.c, lgl/m4/gc-arcfour.m4,
	lgl/m4/gc-arctwo.m4, lgl/m4/gc-des.m4, lgl/m4/gc-hmac-md5.m4,
	lgl/m4/gc-hmac-sha1.m4, lgl/m4/gc-md2.m4, lgl/m4/gc-md4.m4,
	lgl/m4/gc-md5.m4, lgl/m4/gc-random.m4, lgl/m4/gc-rijndael.m4,
	lgl/m4/gc-sha1.m4, lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/lib-link.m4: Update.

2007-01-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-01-05  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/lib-link.m4, lgl/Makefile.am, lgl/m4/gnulib-cache.m4,
	lgl/m4/gnulib-comp.m4, lgl/m4/lib-link.m4: Update.

2007-01-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2007-01-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2007-01-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Revert part of patch.

2007-01-05  Simon Josefsson <simon@josefsson.org>

	* configure.in, src/Makefile.am: Tiny patch from
	ludovic.courtes@laas.fr (Ludovic Courtès).  * configure.in: Look for `gaa', issuing a warning with the URL if
	not found.  * src/Makefile.am (*-gaa.c): Use `$(GAA)' instead of `gaa'.  Mark
	`.gaa' files as being in `$(srcdir)', thereby allowing for
	out-of-source-tree builds.

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Don't dist mkinstalldirs, automake no longer copies
	it.

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.1.

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_asn1_tab.c: Generate.

2006-12-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.asn: Fix comment to make it parse correctly.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_sig.c: Fix signature verification for DSA signatures in
	TLS 1.2, reported by ludovic.courtes@laas.fr (Ludovic Courtès).  (_gnutls_pkcs1_rsa_verify_sig): Rename to _gnutls_verify_sig, and
	add new parameter SHA1POS to indicate where in hash_concat the SHA.1
	hash is stored (for DSA).  (_gnutls_verify_sig_hdata): Pass proper SHA1POS.  (_gnutls_verify_sig_params): Likewise.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, lib/Makefile.am,
	lib/x509/Makefile.am, libextra/Makefile.am,
	libextra/openpgp/Makefile.am: Tiny patch from
	ludovic.courtes@laas.fr (Ludovic Courtès).  * doc/Makefile.am: Refer to `sort2.pl' as
	  `$(srcdir)/scripts/sort2.pl' instead of `scripts/sort2.pl'.  * doc/manpages/Makefile.am: Refer to `gdoc' as   `$(top_srcdir)/doc/scripts/gdoc' instead of `../scripts/gdoc'.  * doc/lib/Makefile.am: Likewise.  * doc/lib/x509/Makefile.am: Likewise.  * doc/libextra/Makefile.am: Likewise.  * doc/libextra/openpgp/Makefile.am: Likewise.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c: (_gnutls_gen_cert_server_cert_req): For TLS 1.2, generate conforming
	cert requests (i.e., include a empty list of supported hashes).
	Report and tiny patch from ludovic.courtes@laas.fr (Ludovic
	Courtès).

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* tests/userid/.cvsignore: [no log message]

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: (_oid2str): Mark UID as a CHOICE-field (i.e., DirectoryString).  (_gnutls_x509_oid_data2string): Handle ia5String in CHOICEs.  Fixes
	problem reported by Max Kellermann <max@duempel.org>.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* lib/pkix_asn1_tab.c: Generated.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* lib/pkix.asn: Encoded UID DN fields as DirectoryString (e.g.,
	PrintableString), not as IA5String.  Add IA5String as a CHOICE for
	DirectoryString, to deal with backwards compatibility if there are
	IA5String UID fields out there that were generated by older
	versions.  Reported by Max Kellermann <max@duempel.org>.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* tests/userid/userid: Add.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add tests/userid/.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add userid/.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* tests/userid/Makefile.am, tests/userid/userid.pem: Add.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: (generate_rdn_seq): Store subject DN instead of issuer DN in the
	certificate authority list, to make sure server's send the proper
	list of expected CAs to the client.  Reported by Max Kellermann
	<max@duempel.org>.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: (gnutls_certificate_set_x509_crl): Initialize before use, reported
	by Max Kellermann <max@duempel.org>.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, tests/Makefile.am, tests/certificate_set_x509_crl.c: 
	Add.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-12-27  Simon Josefsson <simon@josefsson.org>

	* gl/m4/lib-link.m4, gl/strdup.h, lgl/m4/lib-link.m4,
	lgl/m4/stdint.m4: Update.

2006-12-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-srp-13.txt: Add.

2006-12-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-santesson-tls-gssapi-01.txt: Add.

2006-12-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-rescorla-tls-opaque-prf-input-00.txt,
	doc/protocol/draft-rescorla-tls-suiteb-00.txt: Add.

2006-12-26  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/de.po: Sync with TP.

2006-12-10  Simon Josefsson <simon@josefsson.org>

	* m4/intl.m4, m4/intldir.m4, m4/lock.m4, m4/visibility.m4: Remove
	(should have just been .cvsignore'd).

2006-12-10  Simon Josefsson <simon@josefsson.org>

	* m4/.cvsignore: [no log message]

2006-12-10  Simon Josefsson <simon@josefsson.org>

	* m4/intl.m4, m4/intldir.m4, m4/lock.m4, m4/visibility.m4: Add.

2006-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-12-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2006-12-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2006-12-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_record.c: Doc fix.

2006-11-29  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, lgl/Makefile.am: Update.

2006-11-29  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-11-29  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Put in devel/ directory.  Disable doc generation.

2006-11-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.7.0.

2006-11-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-29  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, lgl/Makefile.am: Fix gnulib-tool bug.

2006-11-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_priority.c: Attempt TLS 1.2 and TLS 1.1 too, by
	default.

2006-11-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-11-28  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gettext.h, lgl/Makefile.am, lgl/gettext.h,
	lgl/m4/eoverflow.m4, lgl/m4/size_max.m4, lgl/m4/stdint.m4: Update.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* tests/anonself.c: Print TLS version too.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* tests/anonself.c: More debugging.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* tests/utils.c: Output more debug info.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/keyserver.c: Doc fix.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/opencdk.h: Doc fixes.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/kbnode.c, libextra/opencdk/keydb.c,
	libextra/opencdk/keygen.c, libextra/opencdk/keylist.c,
	libextra/opencdk/sign.c: Doc fix.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/kbnode.c, libextra/opencdk/keygen.c,
	libextra/opencdk/sign.c: Doc fix.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/keydb.c: Doc fix.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_ia.c: Use new internal PRF API.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_sig.c: To use NULL
	DigestInfo.AlgorithmsIdentifier.parameters or not, that is the
	question.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* configure.in: Move AM_CONDITIONAL outside of 'if gcc' clause,
	fixes problem reported by "Michael C. Vergallen"
	<mvergall@telenet.be>.

2006-11-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-25  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
	lib/gnutls_kx.c, lib/gnutls_sig.c, lib/gnutls_state.c,
	lib/gnutls_state.h: Client TLS 1.2 support.  Works against
	www.mikestoolbox.org:4433.

2006-11-25  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Support "TLS1.2" as protocol name.

2006-11-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-25  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: (gnutls_protocol_t): Add GNUTLS_TLS1_2.

2006-11-25  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Support TLS 1.2.

2006-11-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-25  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getaddrinfo.c, gl/imaxtostr.c, gl/intprops.h,
	gl/inttostr.c, gl/inttostr.h, gl/m4/absolute-header.m4,
	gl/m4/gnulib-comp.m4, gl/m4/inttostr.m4, gl/m4/longlong.m4,
	gl/m4/stdint.m4, gl/m4/ulonglong.m4, gl/offtostr.c, gl/stdint_.h,
	gl/uinttostr.c, gl/umaxtostr.c, lgl/m4/alloca.m4, lgl/m4/gettext.m4: 
	Update.

2006-11-25  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2006-11-22  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-housley-evidence-extns-01.txt: Add.

2006-11-17  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-11-17  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Release do non-devel directory.

2006-11-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.6.0.

2006-11-17  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Fix copyright years.

2006-11-17  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2006-11-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.5.5.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_record.c: (gnutls_record_recv): Fix docstring, suggested by Tim Kosse
	<tim.kosse@filezilla-project.org>.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-sasl-rfc2831bis-11.txt: Remove, oops wrong
	project.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-sasl-rfc2831bis-11.txt: Add.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* tests/rsa-md5-collision/Makefile.am: Remove.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gettext.h, gl/m4/gnulib-comp.m4,
	gl/m4/lib-link.m4, gl/m4/longlong.m4, gl/stdint_.h,
	lgl/Makefile.am, lgl/gettext.h, lgl/m4/gnulib-comp.m4,
	lgl/m4/lib-link.m4, lgl/m4/longlong.m4, lgl/stdint_.h: Update.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* tests/rsa-md5-collision/chain1-expect.log,
	tests/rsa-md5-collision/chain2-expect.log: Remove.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* tests/rsa-md5-collision/rsa-md5-collision: Remove -x.

2006-11-16  Simon Josefsson <simon@josefsson.org>

	* tests/rsa-md5-collision/rsa-md5-collision: Make it work under
	mingw32.

2006-11-15  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions (done incorrectly in the 1.5.4
	release).

2006-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-15  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-x509-info.c: Fix cert_list_size type to match API,
	reported by Tim Kosse <tim.kosse@filezilla-project.org>.

2006-11-14  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-hajjeh-tls-identity-protection-00.txt: Add.

2006-11-11  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-hajjeh-tls-sign-02.txt: Add.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.5.4.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/strverscmp.m4, lgl/strverscmp.c, lgl/strverscmp.h,
	lib/gnutls_global.c: Use strverscmp.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.c: Typo.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/manpages/Makefile.am: Add.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_ia.c: Doc fix.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: More errno discussion regarding push/pull
	functions.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.c: Don't use errno to avoid thread-safety
	issues.

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.c: Convert to EINTR/EAGAIN errno under Windows,
	using WSAGetLastError().

2006-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_buffers.c,
	lib/gnutls_int.h: Add new APIs to set errno for push/pull functions,
	suggested by tim.kosse@filezilla-project.org.

2006-11-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-11-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-11-05  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, libextra/Makefile.am: Remove SOVERSION (see
	configure.in).

2006-11-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Set SOVERSION here.

2006-11-05  Simon Josefsson <simon@josefsson.org>

	* lgl/.cvsignore: [no log message]

2006-11-05  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/openpgp.h: (gnutls_openpgp_key_get_pk_algorithm): Fix prototype.

2006-11-03  Simon Josefsson <simon@josefsson.org>

	* lgl/printf-parse.c: Update.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/pgp.c: (gnutls_openpgp_key_get_fingerprint): Doc fix.  Reported by
	ludovic.courtes@laas.fr (Ludovic Courtès).

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/pgp.c: (gnutls_openpgp_key_get_name): Make SIZEOF_BUF contain
	actual/required buffer size on return.  Suggested by
	ludovic.courtes@laas.fr (Ludovic Courtès).

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/openpgp.h, libextra/openpgp/pgp.c,
	libextra/openpgp/privkey.c: Fix return types.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_v2_compat.c: Have SSLv2 ClientHello's for unknown
	versions negotiate the highest version we support, instead of the
	lowest.  Reported by Pasi.Eronen@nokia.com.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* configure.in: Simplify ssize_t test.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-cert-select.c: Remove duplicate #include
	<sys/stat.h>.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/defines.h: Simplify #include's using gnulib
	modules.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/gettext.h,
	gl/m4/lib-link.m4, gl/readline.c, lgl/Makefile.am, lgl/arcfour.c,
	lgl/arctwo.c, lgl/des.c, lgl/gc-gnulib.c, lgl/gc-libgcrypt.c,
	lgl/gc-pbkdf2-sha1.c, lgl/gettext.h, lgl/hmac-md5.c,
	lgl/hmac-sha1.c, lgl/m4/codeset.m4, lgl/m4/gettext.m4,
	lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4, lgl/m4/intl.m4,
	lgl/m4/intldir.m4, lgl/m4/intmax.m4, lgl/m4/inttypes-h.m4,
	lgl/m4/inttypes-pri.m4, lgl/m4/lib-link.m4, lgl/m4/lock.m4,
	lgl/m4/signed.m4, lgl/m4/sys_stat_h.m4, lgl/m4/unistd_h.m4,
	lgl/m4/vasnprintf.m4, lgl/md2.c, lgl/md4.c, lgl/memxor.c,
	lgl/read-file.c, lgl/rijndael-alg-fst.c, lgl/rijndael-api-fst.c,
	lgl/stat_.h: Update.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* lgl/m4/gnulib-comp.m4, lgl/m4/sys_stat_h.m4, lgl/stat_.h: Update.

2006-10-30  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.5.3.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* lgl/.cvsignore: [no log message]

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/Makefile.am: Fix -I's.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* tests/rsa-md5-collision/Makefile.am: Dist more.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/rsa-md5-collision/README: Add.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, libextra/Makefile.am, src/Makefile.am,
	tests/Makefile.am: Change lgpl/ library name.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/m4/gnulib-cache.m4: Change lgpl/ library name
	to liblgnu, to avoid weird libtool errors.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* lgl/Makefile.am, lgl/stdint_.h: Update.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getaddrinfo.c, gl/imaxtostr.c, gl/intprops.h,
	gl/inttostr.c, gl/inttostr.h, gl/m4/absolute-header.m4,
	gl/m4/gnulib-comp.m4, gl/m4/inttostr.m4, gl/m4/longlong.m4,
	gl/m4/stdint.m4, gl/m4/ulonglong.m4, gl/offtostr.c, gl/stdint_.h,
	gl/uinttostr.c, gl/umaxtostr.c: Add.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/encrypt.c, libextra/opencdk/opencdk.h: Update to
	0.5.11.

2006-10-26  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Be specific about SSLv2 security problems.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/rsa-md5-collision/rsa-md5-collision: Fix distcheck.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/rsa-md5-collision/Makefile.am: Dist more.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs12-decode/.cvsignore: [no log message]

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add tests.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/pkcs12-decode/Makefile.am,
	tests/{pkcs12_neon => pkcs12-decode/pkcs12}: Move pkcs12 tests to
	pkcs12-decode/.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs8-decode/pkcs8: More debugging info.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs8-decode/.cvsignore: [no log message]

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/pkcs8-decode/Makefile.am, tests/{ =>
	pkcs8-decode}/enc2pkcs8.pem, tests/{ => pkcs8-decode}/encpkcs8.pem,
	tests/{ => pkcs8-decode}/pkcs8, tests/{ =>
	pkcs8-decode}/unencpkcs8.pem: Move pkcs8 tests to pkcs8-decode/.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Move pkcs1-pad stuff to pkcs1-padding/.  Add
	rsa-md5-collision/.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-padding/.cvsignore,
	tests/rsa-md5-collision/.cvsignore: [no log message]

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/rsa-md5-collision/Makefile.am,
	tests/rsa-md5-collision/chain1-expect.log,
	tests/rsa-md5-collision/chain2-expect.log,
	tests/rsa-md5-collision/mbox,
	tests/rsa-md5-collision/rsa-md5-collision: Add.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
	tests/pkcs1-padding/pkcs1-pad-broken.pem,
	tests/pkcs1-padding/pkcs1-pad-broken2.pem,
	tests/pkcs1-padding/pkcs1-pad-broken3.pem,
	tests/pkcs1-padding/pkcs1-pad-ok.pem,
	tests/pkcs1-padding/pkcs1-pad-ok2.pem: Moved from ../.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad, tests/pkcs1-pad-broken.pem,
	tests/pkcs1-pad-broken2.pem, tests/pkcs1-pad-broken3.pem,
	tests/pkcs1-pad-ok.pem, tests/pkcs1-pad-ok2.pem: Move to separate
	directory.

2006-10-24  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-psk-null-03.txt,
	doc/protocol/draft-ietf-tls-rfc4346-bis-02.txt: Add.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* lgl/.cvsignore: [no log message]

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Need lgpl gnulib.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Add lgpl too.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Reorder libgnu.la's.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/Makefile.am: Need lgpl/ gnulib in CFLAGS.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* lgl/alloca.h, lgl/stdint.h: Remove files that shouldn't have been
	committed.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4: Fix avoid modules.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/alloca_.h, gl/asnprintf.c, gl/m4/alloca.m4,
	gl/m4/eoverflow.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4, gl/m4/longdouble.m4,
	gl/m4/longlong.m4, gl/m4/signed.m4, gl/m4/size_max.m4,
	gl/m4/snprintf.m4, gl/m4/stdint_h.m4, gl/m4/vasnprintf.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4,
	gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
	gl/printf-parse.h, gl/size_max.h, gl/snprintf.c, gl/snprintf.h,
	gl/vasnprintf.c, gl/vasnprintf.h, gl/xsize.h: Avoid duplicate
	modules.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Avoid
	duplicate modules.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Need gnulib lgl/ in CFLAGS and LIBADD.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/Makefile.am: Need gnulib lgl/ in CFLAGS.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am: Move modules from gl/ to lgl/.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, lgl/Makefile.am,
	lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4: Move modules from gl/
	to lgl/.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/absolute-header.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/minmax.m4, gl/m4/stdint.m4,
	gl/m4/ulonglong.m4, gl/minmax.h, lgl/Makefile.am, lgl/alloca.h,
	lgl/alloca_.h, lgl/asnprintf.c, lgl/gettext.h, lgl/m4/alloca.m4,
	{gl => lgl}/m4/codeset.m4, lgl/m4/eoverflow.m4, {gl =>
	lgl}/m4/gettext.m4, {gl => lgl}/m4/glibc2.m4, {gl =>
	lgl}/m4/glibc21.m4, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
	{gl => lgl}/m4/iconv.m4, {gl => lgl}/m4/intdiv0.m4, {gl =>
	lgl}/m4/intmax.m4, lgl/m4/intmax_t.m4, {gl =>
	lgl}/m4/inttypes-h.m4, {gl => lgl}/m4/inttypes-pri.m4,
	lgl/m4/inttypes_h.m4, {gl => lgl}/m4/lcmessage.m4, {gl =>
	lgl}/m4/lock.m4, lgl/m4/longdouble.m4, {gl => lgl}/m4/memmove.m4,
	{gl => lgl}/m4/nls.m4, {gl => lgl}/m4/po.m4, {gl =>
	lgl}/m4/printf-posix.m4, {gl => lgl}/m4/progtest.m4, {gl =>
	lgl}/m4/read-file.m4, lgl/m4/signed.m4, lgl/m4/size_max.m4,
	lgl/m4/snprintf.m4, lgl/m4/socklen.m4, lgl/m4/sockpfaf.m4,
	lgl/m4/stdint_h.m4, lgl/m4/sys_socket_h.m4, {gl =>
	lgl}/m4/uintmax_t.m4, lgl/m4/vasnprintf.m4, {gl =>
	lgl}/m4/visibility.m4, lgl/m4/wchar_t.m4, lgl/m4/wint_t.m4,
	lgl/m4/xsize.m4, {gl => lgl}/memmove.c, lgl/printf-args.c,
	lgl/printf-args.h, lgl/printf-parse.c, lgl/printf-parse.h, {gl =>
	lgl}/read-file.c, {gl => lgl}/read-file.h, lgl/size_max.h,
	lgl/snprintf.c, lgl/snprintf.h, lgl/socket_.h, gl/stdint_.h =>
	lgl/stdint.h, lgl/vasnprintf.c, lgl/vasnprintf.h, lgl/xsize.h: Move
	modules from gl/ to lgl/.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* lgl/.cvsignore: [no log message]

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Build lgl/ too.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	lgl/Makefile.am, {gl => lgl}/arcfour.c, {gl => lgl}/arcfour.h, {gl
	=> lgl}/arctwo.c, {gl => lgl}/arctwo.h, {gl => lgl}/des.c, {gl =>
	lgl}/des.h, {gl => lgl}/gc-gnulib.c, {gl => lgl}/gc-libgcrypt.c,
	{gl => lgl}/gc-pbkdf2-sha1.c, {gl => lgl}/gc.h, {gl =>
	lgl}/hmac-md5.c, {gl => lgl}/hmac-sha1.c, {gl => lgl}/hmac.h,
	lgl/m4/absolute-header.m4, {gl => lgl}/m4/arcfour.m4, {gl =>
	lgl}/m4/arctwo.m4, {gl => lgl}/m4/des.m4, {gl =>
	lgl}/m4/gc-arcfour.m4, {gl => lgl}/m4/gc-arctwo.m4, {gl =>
	lgl}/m4/gc-des.m4, {gl => lgl}/m4/gc-hmac-md5.m4, {gl =>
	lgl}/m4/gc-hmac-sha1.m4, {gl => lgl}/m4/gc-md2.m4, {gl =>
	lgl}/m4/gc-md4.m4, {gl => lgl}/m4/gc-md5.m4, {gl =>
	lgl}/m4/gc-pbkdf2-sha1.m4, {gl => lgl}/m4/gc-random.m4, {gl =>
	lgl}/m4/gc-rijndael.m4, {gl => lgl}/m4/gc-sha1.m4, {gl =>
	lgl}/m4/gc.m4, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4, {gl
	=> lgl}/m4/hmac-md5.m4, {gl => lgl}/m4/hmac-sha1.m4,
	lgl/m4/lib-ld.m4, lgl/m4/lib-link.m4, lgl/m4/lib-prefix.m4,
	lgl/m4/longlong.m4, {gl => lgl}/m4/md2.m4, {gl => lgl}/m4/md4.m4,
	{gl => lgl}/m4/md5.m4, {gl => lgl}/m4/memxor.m4, lgl/m4/minmax.m4,
	{gl => lgl}/m4/rijndael.m4, {gl => lgl}/m4/sha1.m4,
	lgl/m4/stdint.m4, lgl/m4/ulonglong.m4, {gl => lgl}/md2.c, {gl =>
	lgl}/md2.h, {gl => lgl}/md4.c, {gl => lgl}/md4.h, {gl =>
	lgl}/md5.c, {gl => lgl}/md5.h, {gl => lgl}/memxor.c, {gl =>
	lgl}/memxor.h, lgl/minmax.h, {gl => lgl}/rijndael-alg-fst.c, {gl =>
	lgl}/rijndael-alg-fst.h, {gl => lgl}/rijndael-api-fst.c, {gl =>
	lgl}/rijndael-api-fst.h, {gl => lgl}/sha1.c, {gl => lgl}/sha1.h,
	lgl/stdint_.h: Move modules from gl/ to lgl/.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am, lib/x509/Makefile.am: Use gnulib in
	lgl/ instead of gl/.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/alloca_.h, gl/arcfour.c,
	gl/arcfour.h, gl/arctwo.c, gl/arctwo.h, gl/asnprintf.c, gl/des.c,
	gl/des.h, gl/dummy.c, gl/gai_strerror.c, gl/gc-gnulib.c,
	gl/gc-libgcrypt.c, gl/gc-pbkdf2-sha1.c, gl/gc.h, gl/getaddrinfo.c,
	gl/getaddrinfo.h, gl/getdelim.c, gl/getdelim.h, gl/getline.c,
	gl/getline.h, gl/getpass.c, gl/getpass.h, gl/gettext.h,
	gl/hmac-md5.c, gl/hmac-sha1.c, gl/hmac.h, gl/inet_ntop.c,
	gl/inet_ntop.h, gl/inet_pton.c, gl/inet_pton.h,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/md2.c, gl/md2.h,
	gl/md4.c, gl/md4.h, gl/md5.c, gl/md5.h, gl/memxor.c, gl/memxor.h,
	gl/minmax.h, gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
	gl/printf-parse.h, gl/read-file.c, gl/read-file.h, gl/readline.c,
	gl/readline.h, gl/rijndael-alg-fst.c, gl/rijndael-alg-fst.h,
	gl/rijndael-api-fst.c, gl/rijndael-api-fst.h, gl/sha1.c, gl/sha1.h,
	gl/size_max.h, gl/snprintf.c, gl/snprintf.h, gl/socket_.h,
	gl/stdbool_.h, gl/stdint_.h, gl/strdup.c, gl/strdup.h,
	gl/vasnprintf.c, gl/vasnprintf.h, gl/xsize.h, lgl/Makefile.am,
	lgl/dummy.c, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
	lgl/m4/gnulib-tool.m4, {gl => lgl}/m4/memmem.m4, {gl =>
	lgl}/memmem.c, {gl => lgl}/memmem.h, lib/Makefile.am: Add lgl/ for
	LGPLed gnulib modules (for lib/) and use gl/ for GPL gnulib modules,
	for use in src/ etc.

2006-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gettext.h, gl/m4/alloca.m4,
	gl/m4/gnulib-comp.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
	gl/m4/size_max.m4, gl/m4/stdint.m4, gl/m4/ulonglong.m4,
	gl/m4/vasnprintf.m4, gl/printf-args.c, gl/printf-args.h,
	gl/printf-parse.c, gl/stdint_.h, gl/strdup.c, gl/vasnprintf.c: 
	Update.

2006-10-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-10-19  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/libtasn1.h: Update to 0.3.7.

2006-10-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-10-11  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/keylist.c, libextra/opencdk/opencdk.h: Bump to
	0.5.10.

2006-10-11  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc4680.txt, doc/protocol/rfc4681.txt: Add.

2006-10-10  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-psk-null-02.txt: Add.

2006-10-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-10-03  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, libextra/Makefile.am: Fix .def filename.

2006-10-03  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2006-10-03  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-10-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.5.2.

2006-10-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-10-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-10-03  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getpass.c, gl/m4/getpass.m4, gl/m4/intmax.m4: 
	Update.

2006-09-29  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-psk-null-01.txt: Add.

2006-09-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-26  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openpgp.c: (kbx_data_to_keyring): Fix off-by-one error in call to malloc,
	reported by "Adam Langley" <agl@imperialviolet.org>.

2006-09-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-25  Simon Josefsson <simon@josefsson.org>

	* configure.in: Use library shared version 13 instead of 14,
	incrementing it was a mistake since no API/ABI changes happened.
	Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.

2006-09-25  Simon Josefsson <simon@josefsson.org>

	* configure.in: Improve the C++ test, to handle CXX env. variables,
	suggested by Andreas Metzler <ametzler@downhill.at.eu.org>.

2006-09-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-25  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Use version script for libgnutlsxx too.

2006-09-25  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/libgnutlsxx.vers: Add.

2006-09-24  Simon Josefsson <simon@josefsson.org>

	* gl/gc-gnulib.c, gl/m4/gnulib-comp.m4, gl/m4/lock.m4,
	gl/m4/signed.m4, gl/m4/sockpfaf.m4, gl/md4.c, gl/rijndael-api-fst.c: 
	Update.

2006-09-24  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2006-09-24  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.c: (gnutls_x509_crt_init): Don't set output parameter on failures,
	reported by Alon Bar-Lev <alon.barlev@gmail.com>.  Also clean up
	logic.

2006-09-24  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2006-09-24  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl.c: Fix prototype of gnutls_x509_crl_get_issuer_dn to
	match x509.h, for IRIX ido cc builds, reported by Georg Schwarz
	<georg.schwarz@freenet.de>.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix gendocs.sh path.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.5.1.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* gl/override/gpl.diff: Rename.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* gl/override/{ => doc}/gpl.texi.diff, gl/override/{ =>
	doc}/lgpl.texi.diff, gl/override/gpl.diff, gl/override/lgpl.diff: 
	Rename.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* gl/override/lgpl.diff: Rename.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* doc/fdl.texi, doc/gpl.texi, doc/lgpl.texi, gl/Makefile.am,
	gl/asnprintf.c, gl/gai_strerror.c, gl/getaddrinfo.c, gl/getpass.c,
	gl/inet_ntop.c, gl/inet_pton.c, gl/m4/gettext.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inttypes-h.m4,
	gl/m4/inttypes-pri.m4, gl/m4/lib-link.m4, gl/m4/stdint.m4,
	gl/md5.c, gl/memmove.c, gl/override/gpl.texi.diff,
	gl/override/lgpl.texi.diff, gl/printf-args.c, gl/printf-parse.c,
	gl/sha1.c, gl/snprintf.c, gl/stdint_.h, gl/strdup.c,
	gl/vasnprintf.c: Update.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Dist gpl.texi and lgpl.texi.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add LGPL and GPL texts.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad: Simplify grep expression, to work around debug
	messages from wine.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: (generate_self_signed): Load key, if generate_certificate() didn't
	load or generate it, typically because it used a certificate
	request.  Reported by Sascha Ziemann <sascha.ziemann@secunet.com>.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Revert last patch.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* src/tests.c: (test_session_resume2): When comparing session id's, also compare
	that the lengths are the same.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2006-09-21  Simon Josefsson <simon@josefsson.org>

	* src/tests.c: (test_session_resume2): If session-id is NULL, resumption isn't
	supported.  Tiny patch from Kataja Kai <kai.kataja@op.fi>.

2006-09-19  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Dist more.

2006-09-19  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad: Test another cert.

2006-09-19  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad-broken3.pem: Add forged cert, from Ralf-Philipp
	Weinmann.

2006-09-18  Simon Josefsson <simon@josefsson.org>

	* configure.in: Gnulib seems to require autoconf 2.60?  Bump it.

2006-09-18  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/keydb.c: (keydb_idx_search): Don't return CDK_EOF if key is found at offset
	0.  Suggested by "Adam Langley" <alangley@gmail.com>.

2006-09-18  Simon Josefsson <simon@josefsson.org>

	* THANKS: Remove (already there).

2006-09-18  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2006-09-18  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-serv-pgp.c: Fix typo.  Tiny patch from "Adam
	Langley" <agl@imperialviolet.org>.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad: Fix.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify.c: Permit empty parameters field too, found after
	adding self tests.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad: Fix exit code.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad-broken2.pem, tests/pkcs1-pad-ok2.pem: Add, from
	Eric Young in
	<http://permalink.gmane.org/gmane.comp.encryption.general/9185>.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad: Add more tests.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add pkcs1-pad test.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad-broken.pem, tests/pkcs1-pad-ok.pem: Add, from
	Yutaka OIWA <y.oiwa@aist.go.jp>.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs1-pad: Add.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify.c: Fix asn1_read_value() call to fix crash,
	reported by Andreas Metzler <ametzler@downhill.at.eu.org>.

2006-09-12  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pk.c: Add 'break' to make logic easier to follow.

2006-09-11  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pk.c: Revert part of patch, logging is only enabled in
	debug mode, which isn't recommended for real use.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify.c: Make sure the digestAlgorithm.parameters field
	is empty, which it has to be for the hashes we support.  Otherwise,
	the field can encode "garbage" that might be used to make the
	signature be a perfect cube, similar (but not identical) to
	Bleichenbacher's Crypto 06 rump session attack.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pk.c: Don't return different errors depending on
	content of decrypted PKCS#1 token, to avoid Bleichenbacher's
	Crypto'98 attack, suggested by Werner Koch <wk@gnupg.org>.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2006-09-08  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client-srp.c: Use GNUTLS_SHUT_RDWR, tiny patch
	from "Robert Millan [ackstorm]" <rmillan@ackstorm.es>.

2006-08-29  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-11.txt: Add.

2006-08-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-08-28  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getaddrinfo.c, gl/m4/arcfour.m4,
	gl/m4/arctwo.m4, gl/m4/codeset.m4, gl/m4/des.m4,
	gl/m4/gc-pbkdf2-sha1.m4, gl/m4/gc.m4, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/hmac-md5.m4, gl/m4/hmac-sha1.m4,
	gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes_h.m4,
	gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/md2.m4, gl/m4/md4.m4,
	gl/m4/md5.m4, gl/m4/memxor.m4, gl/m4/read-file.m4,
	gl/m4/readline.m4, gl/m4/rijndael.m4, gl/m4/sha1.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/strdup.m4,
	gl/override/doc/gendocs_template, gl/stdint_.h: Update.

2006-08-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2006-08-27  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, doc/examples/tcp.c: Include netinet/in.h
	for FreeBSD, reported by Roman Bogorodskiy <novel@FreeBSD.org>.

2006-08-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-08-27  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2006-08-27  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: (generate_certificate): Load private key when --load-request is
	used, based on report from Sascha Ziemann
	<sascha.ziemann@secunet.com>.

2006-08-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509_write.c: (gnutls_x509_crt_sign2): Check to see if ISSUER_KEY is NULL before
	continuing, based on report from Sascha Ziemann
	<sascha.ziemann@secunet.com>.

2006-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-08-14  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Map select to _win_select on Windows hosts.

2006-08-14  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Need select.c in cli.c and serv.c.

2006-08-14  Simon Josefsson <simon@josefsson.org>

	* src/select.c: Add, moved from cli.c, originally from plibc, see

	<http://plibc.cvs.sourceforge.net/plibc/plibc/src/select.c?view=markup>.

2006-08-14  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Move _win_select to select.c.

2006-08-14  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Make select() work on Windows, copying code from plibc,
	see

	<http://plibc.cvs.sourceforge.net/plibc/plibc/src/select.c?view=markup>.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openssl.c: Mark with XXX.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix release target.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.5.0.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openssl.c: Add (XXX).

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, libextra/Makefile.am: Install *.def to bin/
	directory.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/Makefile.am, libextra/Makefile.am: Create *.def
	files for libraries, on mingw.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gc.m4, gl/m4/getaddrinfo.m4,
	gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
	gl/m4/memxor.m4, gl/m4/restrict.m4, gl/snprintf.c: Update.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openssl.c: Use int/void* macros to avoid warnings,
	suggested by Andreas Metzler <ametzler@downhill.at.eu.org>.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_buffers.c: Remove.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Move GNUTLS_POINTER_TO_INT here.  Add
	GNUTLS_INT_TO_POINTER.  Based on glib macros, and suggestions from
	Andreas Metzler <ametzler@downhill.at.eu.org>.

2006-08-13  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add void*, for GNUTLS_POINTER_TO_INT_CAST macros.

2006-08-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-08-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-08-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-08-11  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: (_gnutls_x509_oid2mac_algorithm): Don't crash trying to strcmp the
	NULL OID value in the hash_algorithms array, which happens when the
	input OID doesn't match our OIDs for SHA1, MD5, MD2 or RIPEMD160.
	Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>.

2006-08-11  Simon Josefsson <simon@josefsson.org>

	* configure.in: Don't overwrite CFLAGS.

2006-08-07  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutlsxx.h: Make it compile.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* src/tls_test-gaa.c, src/tls_test-gaa.h: Update.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* src/tls_test.gaa: Use -V for --verbose.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c, src/crypt.c: Fix --version to conform to FSF
	standards, to fix make distcheck.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* src/tls_test.c, src/tls_test.gaa: Support --version.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* src/cli.c, src/psk.c, src/serv.c: Fix --version to conform to FSF
	standards, to fix make distcheck.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix --without-included-libtasn1, reported by Daniel
	Black <dragonheart@gentoo.org>.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4: Update.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-08-06  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/kbnode.c, libextra/opencdk/opencdk.h,
	libextra/opencdk/stream.h: Update to 0.5.9.

2006-08-03  Simon Josefsson <simon@josefsson.org>

	* THANKS: add

2006-08-03  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Fix libgcrypt link failure, reported by Brant
	Gurganus, tiny patch by Daniel Black <dragonheart@gentoo.org>.

2006-07-28  Simon Josefsson <simon@josefsson.org>

	* gendocs.sh, gl/Makefile.am, gl/getaddrinfo.c, gl/getaddrinfo.h,
	gl/gettext.h, gl/inet_ntop.h, gl/inet_pton.h, gl/m4/getline.m4,
	gl/m4/gettext.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4, gl/m4/{inttypes.m4 =>
	inttypes-h.m4}, gl/m4/inttypes-pri.m4, gl/m4/isc-posix.m4,
	gl/m4/lib-link.m4, gl/m4/lock.m4, gl/m4/netinet_in_h.m4,
	gl/m4/nls.m4, gl/m4/onceonly_2_57.m4, gl/m4/po.m4, gl/m4/stdint.m4,
	gl/m4/visibility.m4, gl/printf-args.c, gl/stdint_.h: Update.

2006-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: cert_type extension was updated to the IANA
	assigned value

2006-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: cert_type extension was updated to the IANA
	assigned value

2006-07-13  Simon Josefsson <simon@josefsson.org>

	* doc/gendocs.sh => gendocs.sh, gl/Makefile.am,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update.

2006-07-13  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openssl.c: Revert.

2006-07-13  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2006-07-13  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openssl.c: Retry handshake on non-fatal errors.

2006-07-11  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix last commit.

2006-07-11  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Dist arch/ images.

2006-07-11  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Need -I's for arch/ images.

2006-07-11  Simon Josefsson <simon@josefsson.org>

	* configure.in: Improve valgrind test.

2006-07-11  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/absolute-header.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/onceonly_2_57.m4, gl/m4/stdint.m4: 
	Update.

2006-07-10  Simon Josefsson <simon@josefsson.org>

	* THANKS: Fix.

2006-07-10  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2006-07-10  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix load of pgp_keyfile, reported by Mario Lenz.

2006-07-10  Simon Josefsson <simon@josefsson.org>

	* gl/.cvsignore: [no log message]

2006-07-07  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getaddrinfo.c, gl/getaddrinfo.h,
	gl/m4/absolute-header.m4, gl/m4/full-header-path.m4,
	gl/m4/getpass.m4, gl/m4/gnulib-comp.m4, gl/m4/longlong.m4,
	gl/m4/onceonly_2_57.m4, gl/m4/sockpfaf.m4, gl/m4/stdint.m4,
	gl/m4/ulonglong.m4, gl/stdint_.h: Update.

2006-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/bibliography.texi, doc/gnutls.texi: changed CRL rfc reference
	from 2511 to 4211

2006-07-06  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2006-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2006-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: added an extra error check.

2006-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c, src/serv.c: replaced USE_OPENPGP ifdefs
	with ENABLE_OPENPGP.

2006-06-29  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-funk-tls-inner-application-extension-03.txt: 
	Add.

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* doc/examples/.cvsignore: [no log message]

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* includes/Makefile.am: Only conditionally install gnutlsxx.h.

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Build and dist ex-client-tlsia.

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Dist gnutls-logo.png.

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* gl/getaddrinfo.c, gl/m4/getaddrinfo.m4: Update.

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* gl/getaddrinfo.c: Update.

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getaddrinfo.c, gl/getaddrinfo.h,
	gl/m4/getaddrinfo.m4, gl/m4/stdint.m4, gl/stdint_.h: Update.

2006-06-28  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-srp-12.txt: Add.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc4346-bis-01.txt: Add.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Use GNU-style warnings.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Improve man output, from libtasn1.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix valgrind test.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* configure.in: Move around, to make $cross_compile work.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* configure.in, tests/Makefile.am: Add --enable-valgrind-tests that
	make it possible to enable/disable use of valgrind on self tests
	specifically.  Defaults to enabled if valgrind is installed and we
	aren't cross-compiling.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Fix.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Revert.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* libextra/minilzo/Makefile.am: Use libtool -no-install.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* libextra/minilzo/Makefile.am: Use -DLZO_HAVE_CONFIG_H, as
	suggested by README.LZO.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* libextra/minilzo/Makefile.am, tests/Makefile.am: Work under mingw.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/gnutls_buffers.c: Avoid warnings when casting
	void* to int.

2006-06-27  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/libtasn1.h: Update.

2006-06-26  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/stdint.m4, gl/stdint_.h: Update.

2006-06-26  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2006-06-26  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.pc.in, libextra/gnutls-extra.pc.in: Add Libs.Private to
	pkg-config files, from Andreas Metzler
	<ametzler@downhill.at.eu.org>.

2006-06-22  Simon Josefsson <simon@josefsson.org>

	* gl/getaddrinfo.c, gl/getaddrinfo.h, gl/m4/getaddrinfo.m4,
	gl/socket_.h: Try new win32 hooks for getaddrinfo.

2006-06-22  Simon Josefsson <simon@josefsson.org>

	* configure.in: Use AC_LIBTOOL_WIN32_DLL to make OBJDUMP/DLLTOOL
	work under mingw.  Fix use of deprecated AM_PROG_LIBTOOL.

2006-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2006-06-21  Simon Josefsson <simon@josefsson.org>

	* gl/inet_pton.c: Update.

2006-06-21  Simon Josefsson <simon@josefsson.org>

	* gl/alloca_.h, gl/getaddrinfo.c, gl/inet_ntop.c,
	gl/m4/getaddrinfo.m4, gl/m4/sockpfaf.m4, gl/m4/stdint.m4,
	gl/read-file.c, gl/socket_.h, gl/stdint_.h: Update.

2006-06-21  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Add -no-install.

2006-06-21  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Look for gnutls.h in builddir.

2006-06-19  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Need -I$builddir/gl for alloca.h when srcdir
	!= objdir.

2006-06-19  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/Makefile.am: Need -I$builddir/gl for alloca.h
	when srcdir != objdir.

2006-06-19  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Need -I$builddir/gl for alloca.h when srcdir
	!= objdir.

2006-06-19  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Need -I$builddir/gl for alloca.h when srcdir !=
	objdir.

2006-06-19  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Need -I$builddir/gl for alloca.h when srcdir !=
	objdir.

2006-06-17  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am: Update.

2006-06-17  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/inet_ntop.c, gl/{arpa_inet_.h => inet_ntop.h},
	gl/inet_pton.c, gl/inet_pton.h, gl/m4/arpa_inet_h.m4,
	gl/m4/full-header-path.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
	gl/m4/size_max.m4, gl/m4/stdint.m4, gl/read-file.c, gl/size_max.h,
	gl/stdint_.h: Update.

2006-06-17  Simon Josefsson <simon@josefsson.org>

	* gl/.cvsignore: [no log message]

2006-06-17  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-badra-hajjeh-mtls-01.txt: Add

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ctr-01.txt: Add.

2006-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2006-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: fixed bug

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Disable tests that use fork if the host doesn't
	have fork.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Test for fork.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Typo.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Typo.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix LDFLAGS.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Use LDFLAGS for --enable-runtime-pseudo-reloc, to
	avoid warnings.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* tests/anonself.c, tests/dhepskself.c, tests/pskself.c,
	tests/resume.c, tests/tlsia.c: Need config.h.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Workaround hard-wiring of gcrypt test in gnulib.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h: Fix prototype.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* lib/strfile.h: Remove.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/Makefile.am, lib/gnutls_x509.c,
	libextra/gnutls_openpgp.c: Use read_binary_file from gnulib instead
	of strfile stuff, to fix problem with binary files on mingw.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* tests/set_pkcs12_cred.c: Use utils stuff.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Initialize winsock, for mingw.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add HAVE_WINSOCK.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
	doc/examples/ex-client2.c, doc/examples/ex-crq.c,
	doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
	doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
	doc/examples/tcp.c: Include config.h, don't include netinet/in.h
	(for mingw).

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Need to use AC_LINK_IFELSE, for
	-Wl,--enable-runtime-pseudo-reloc.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Simplify.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix typo.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Set -mms-bitfields -Wl,--enable-runtime-pseudo-reloc
	if supported.  The former is to produce MSVS-compatible DLLs.  The
	second is needed to link libgnutls-extra at all (only due to
	_gnutls_compression_algorithms, fix it another way?).

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am: Update.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* gl/arpa_inet_.h, gl/inet_pton.c: Update.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Typo.

2006-06-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add all the LZO tests.

2006-06-15  Simon Josefsson <simon@josefsson.org>

	* po/sv.po: Sync with TP.

2006-06-15  Simon Josefsson <simon@josefsson.org>

	* configure.in: AC_PROG_CXX must be invoked unconditionally, for
	libtool.  (argh!)

2006-06-15  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Fix last commit.

2006-06-15  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Make C++ stuff conditioned on ENABLE_CXX.

2006-06-15  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add --disable-cxx, to make it possibly to disable
	the C++ stuff.  Will also automatically disable it if there is no
	C++ compiler.

2006-06-15  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Use gnulib, for portability.

2006-06-15  Simon Josefsson <simon@josefsson.org>

	* src/common.h: Don't include inet_ntop.h, use arpa/inet.h
	unconditonially.

2006-06-15  Simon Josefsson <simon@josefsson.org>

	* gl/m4/arpa_inet_h.m4: Update.

2006-06-15  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/{inet_ntop.h => arpa_inet_.h}, gl/inet_ntop.c,
	gl/inet_pton.c, gl/m4/arpa_inet_h.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4: Try new arpa-inet module,
	for mingw.

2006-06-14  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove mingw32 hook to get -lwsock32, the
	getaddrinfo gnulib module links with -lws2_32 which is the more
	appropriate library to use (winsock.h goes with wsock32.lib and
	winsock2.h goes with ws2_32, of which the latter is backwards
	compatible and available since Windows 3.11 or so, I'm told).

2006-06-14  Simon Josefsson <simon@josefsson.org>

	* tests/certder.c: fix

2006-06-12  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gc-gnulib.c, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/read-file.m4, gl/read-file.c,
	gl/read-file.h: Update.

2006-06-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump so version.

2006-06-08  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Add gnutlsxx.h.

2006-06-07  Simon Josefsson <simon@josefsson.org>

	* gl/getpass.c, gl/m4/stdbool.m4, gl/printf-args.c, gl/sha1.c,
	gl/stdint_.h: Update.

2006-06-07  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-10.txt: Add.

2006-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, includes/Makefile.am,
	includes/gnutls/gnutlsxx.h, lib/Makefile.am, lib/gnutls_db.c,
	lib/gnutlsxx.cpp: Added a preliminary C++ interface.

2006-06-01  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-housley-tls-authz-extns-06.txt: Add.

2006-05-23  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-housley-tls-authz-extns-05.txt: Add.

2006-05-23  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/sv.po: Sync with TP.

2006-05-22  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/certtool.1: Typo, from debian #368323.

2006-05-18  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-srp-11.txt: Add.

2006-05-17  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc4507.txt: Add.

2006-05-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2006-05-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-05-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.4.0.

2006-05-15  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-09.txt: Add.

2006-05-15  Simon Josefsson <simon@josefsson.org>

	* src/certtool-cfg.c: Remove duplicated #include.

2006-05-12  Simon Josefsson <simon@josefsson.org>

	* src/serv.c, src/tls_test.c: Don't use AI_NUMERICSERV, it doesn't
	exist on most platforms.

2006-05-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-05-12  Simon Josefsson <simon@josefsson.org>

	* src/serv.c: Need getaddrinfo.h.

2006-05-12  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gai_strerror.c, gl/getaddrinfo.c,
	gl/getaddrinfo.h, gl/m4/getaddrinfo.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/strdup.m4, gl/strdup.c, gl/strdup.h: Add
	getaddrinfo.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* buildconf: Remove.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: No supression file.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_ia.c: Remove junk.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* lib/ext_inner_application.c: Fix self tests.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_ia.c: Indent.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Improve valgrind stuff.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* .cvsignore: [no log message]

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* config.rpath: Not needed, generated by autopoint.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* config.rpath, gl/Makefile.am, gl/des.c, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/md4.c, gl/sha1.c, gl/stdint_.h: Update.

2006-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: updated to reflect the new openpgp draft.

2006-05-11  Simon Josefsson <simon@josefsson.org>

	* configure.in: Check for -Wno-pointer-sign, taken from Werner's
	ksba.

2006-05-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/protocol/draft-santesson-tls-ume-07.txt: Add.

2006-05-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump required libtasn1.

2006-05-10  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/errors.c,
	lib/minitasn1/gstr.c, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c: Update to 0.3.4.

2006-05-07  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump required libtasn1 version to 0.3.3.

2006-05-07  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Fix.

2006-05-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-05-07  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Run tests under valgrind.

2006-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c, src/tls_test.c: some changes for IPv6.
	Based on patch by Remi Denis-Courmont, sent to Debian bug tracking
	system.

2006-05-05  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-housley-tls-authz-extns-04.txt: Add.

2006-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/structure.c: updated to the latest libtasn1

2006-05-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-05-05  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h, includes/gnutls/gnutls.h.in,
	lib/ext_inner_application.c, lib/gnutls_int.h, libextra/gnutls_ia.c: 
	TLS/IA fixes from Emile.

2006-04-27  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc4366.txt: Add.

2006-04-27  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc4346.txt, doc/protocol/rfc4347.txt: Add.

2006-04-26  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: Fix prototypes.

2006-04-26  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/getpass.m4, gl/m4/longdouble.m4: Update.

2006-04-21  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-santesson-tls-supp-02.txt,
	doc/protocol/draft-santesson-tls-ume-06.txt: Add.

2006-04-19  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: (LDADD): Add libgnutls after libgnu, for libgcrypt transitive
	reference, tiny patch from Nix <nix@esperi.org.uk>.

2006-04-19  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-santesson-tls-supp-01.txt: Add.

2006-04-17  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-housley-tls-authz-extns-03.txt,
	doc/protocol/draft-santesson-tls-ume-05.txt: Add.

2006-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: removed AES-256 from the list of default
	ciphers. No point in having it (when everything else is far away
	even from 128 bit security)

2006-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/gnutls.h.in, lib/gnutls_srp.c: 
	gnutls_srp_set_client_credentials() uses const

2006-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: documented the return value in the priority
	functions

2006-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/gnutls.h.in, lib/gnutls_handshake.c: [no log
	message]

2006-04-04  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gc-random.m4, gl/stdint_.h: Update.

2006-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
	lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/x509.c: use snprintf()
	instead of multiple calls to str_cpy() and str_cat().

2006-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: bug fix

2006-03-30  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-santesson-tls-supp-00.txt,
	doc/protocol/draft-santesson-tls-ume-04.txt: Add.

2006-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2006-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: added -Wno-pointer-sign to gcc to avoid tons of
	useless warnings.

2006-03-24  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-housley-tls-authz-extns-01.txt: Add.

2006-03-21  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2006-03-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/bibliography.texi, doc/gnutls.texi: added reference for TLS
	1.1

2006-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_global.h, lib/gnutls_x509.c,
	lib/x509/rfc2818_hostname.c: some fixes for compilation

2006-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: export to DER format is possible with certtool

2006-03-15  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2006-03-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-03-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c: Indent.

2006-03-15  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am, lib/x509/compat.c, lib/x509/compat.h: Move
	to ../gnutls_cert.c.

2006-03-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c: Move from x509/compat.c.

2006-03-12  Simon Josefsson <simon@josefsson.org>

	* doc/README.CVS: Add.

2006-03-12  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2006-03-12  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/structure.c: Update.

2006-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: force the gcrypt random generator to be
	initialized at startup. Maybe it should be within and ifdef? This
	saves lots of debugging time when something fails.

2006-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/libtasn1.h,
	lib/minitasn1/structure.c: added the fix for der_coding() from
	libtasn1.

2006-03-09  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Rebuild srp manpages too.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.3.5.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/libtasn1.h: Update.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS, po/pl.po: Sync with TP.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Add update-po target.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Doc fix.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c, lib/x509/sign.c, lib/x509/x509_write.c: Use new
	asn1_copy_node API.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: Update.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1-dont.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c: Update.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Use internal error approach again, after
	discussion with Nikos.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Fix.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1-dont.h, lib/minitasn1/libtasn1.h: Update.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Fix type_field.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Use external API.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: Update.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Fix.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Use external libtasn1 API.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Fix typo.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* configure.in: Required libtasn1 0.3.1.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Revert, we now use the new exported functions.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Make it build.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Sort.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Disable XML functionality, because it relies on
	libtasn1 internals.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, libextra/Makefile.am: Add -no-undefined, for
	mingw32 builds.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c, lib/x509/xml.c, src/cli.c, src/common.c,
	src/common.h, src/serv.c, tests/resume.c: Indent.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gc-gnulib.c, gl/gc-libgcrypt.c,
	gl/m4/gc-random.m4, gl/m4/gc.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/readline.m4, maint.mk: Update.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* po/LINGUAS: Add.

2006-03-08  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-funk-tls-inner-application-extension-02.txt: 
	Add.

2006-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/common.c, src/common.h: gnutls-cli can now recognize services
	and port numbers with the -p option.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* .cvscopying: Fix.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Gettext fixes.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Fix.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c, lib/gnutls_global.c: Error message
	translations.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* .cvsignore, m4/.cvsignore, po/.cvsignore: [no log message]

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* maint.mk: Update.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* maint-cfg.mk: Add indent file list.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Remove indent target.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* configure.in: Revert, autoreconf needs it.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove gettext version stuff.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gettext.h, gl/m4/codeset.m4, gl/m4/gettext.m4,
	gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/intdiv0.m4,
	gl/m4/intmax.m4, gl/m4/inttypes-pri.m4, gl/m4/isc-posix.m4,
	gl/m4/lcmessage.m4, gl/m4/nls.m4, gl/m4/po.m4,
	gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/readline.m4,
	gl/m4/uintmax_t.m4, gl/m4/ulonglong.m4, maint.mk: Update.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-03-03  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in, po/Makevars, po/POTFILES.in: 
	Gettextize.

2006-03-01  Simon Josefsson <simon@josefsson.org>

	* gtk-doc.make: Add.

2006-03-01  Simon Josefsson <simon@josefsson.org>

	* gl/m4/readline.m4, gl/m4/socklen.m4, gl/m4/sys_socket_h.m4,
	gl/readline.c, maint.mk: Update.

2006-03-01  Simon Josefsson <simon@josefsson.org>

	* buildconf, maint-cfg.mk: Don't gtkdocize.

2006-02-28  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
	lib/minitasn1/decoding.c, lib/minitasn1/der.h,
	lib/minitasn1/element.c, lib/minitasn1/errors.h,
	lib/minitasn1/errors_int.h, lib/minitasn1/gstr.c,
	lib/minitasn1/gstr.h, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h: Update.

2006-02-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_record.c: gnutls_record_send: Doc fix, suggested by
	Eric Leblond <regit@inl.fr>.

2006-02-17  Simon Josefsson <simon@josefsson.org>

	* lib/x509/sign.c: Fix warning.

2006-02-17  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Make it explicit that GNUTLS_DIG_*
	has the same values as GNUTLS_MAC_*.

2006-02-16  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-santesson-tls-ume-02.txt: Add.

2006-02-14  Simon Josefsson <simon@josefsson.org>

	* maint-cfg.mk: Fix.

2006-02-14  Simon Josefsson <simon@josefsson.org>

	* maint-cfg.mk: Fix.

2006-02-14  Simon Josefsson <simon@josefsson.org>

	* maint-cfg.mk: Fix.

2006-02-14  Simon Josefsson <simon@josefsson.org>

	* maint-cfg.mk: Fix.

2006-02-14  Simon Josefsson <simon@josefsson.org>

	* maint-cfg.mk: Add mingw32 target.

2006-02-14  Simon Josefsson <simon@josefsson.org>

	* GNUmakefile, gl/Makefile.am, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, maint-cfg.mk, maint.mk: Add
	maintainer-makefile module.

2006-02-11  Simon Josefsson <simon@josefsson.org>

	* lib/x509/xml.c: Use external libtasn1 API.

2006-02-11  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/der.h, lib/minitasn1/element.c,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c: Sync with libtasn1 CVS.

2006-02-11  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump libtasn1 version.

2006-02-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2006-02-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix typo.

2006-02-09  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-02-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.3.4.

2006-02-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-02-09  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2006-02-09  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/errors.c,
	lib/minitasn1/errors.h, lib/minitasn1/errors_int.h,
	lib/minitasn1/gstr.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c: Update from libtasn1.

2006-02-09  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2006-02-09  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-housley-tls-authz-extns-00.txt: Add.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/decoding.c: Fix typo in last commit.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* tests/set_pkcs12_cred.c: Simplify using under gdb.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/decoding.c: Fix for latest certder bug.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* tests/certder.c: Add more bug trigger.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* tests/certder.c: Add.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/decoding.c: More asn1 length out of bounds checking.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/decoding.c: Fix asn1_get_length_der usage.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c: Fix asn1_get_length_der usage.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/element.c: Fix copyright.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/element.c, lib/minitasn1/structure.c: Fix
	asn1_get_length_der usage.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/decoding.c: Revert.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/decoding.c: Fix for cert selftest.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add certder test.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* tests/certder.c: Add.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/libtasn1.h: Bump version.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* configure.in: Need libtasn1 0.2.18.

2006-02-08  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/der.h, lib/minitasn1/element.c,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c: Add libtasn1 fixes from Nikos, prompted
	by report from "Evgeny Legerov" <admin@gleg.net>.

2006-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/xml.c: some fixes for the new libtasn1

2006-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/mpi.c: [no log message]

2006-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/mpi.c: corrected wrong order of free.

2006-02-02  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/main.h, libextra/opencdk/packet.h: Fix prototypes
	for AIX compiler, reported by "Heiden, John"
	<JHeiden@UTNet.UToledo.Edu>.

2006-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2006-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: Corrected bugs in
	gnutls_certificate_set_x509_crl() and
	gnutls_certificate_set_x509_trust(), that caused memory corruption
	if more than one certificates were added. Report and patch by Max
	Kellermann <max@duempel.org>.

2006-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2006-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: added some text about premature termination
	of sessions.

2006-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: fixed bug in non-blocking gnutls_bye().
	gnutls_send will no longer invalidate session if the underlying send
	fails, but it will set may_not_write to true. That is to allow
	reading the already received data. Patches and bug reports by Yoann
	Vandoorselaere <yoann@prelude-ids.org>

2006-01-27  Simon Josefsson <simon@josefsson.org>

	* gl/.cvsignore: [no log message]

2006-01-27  Simon Josefsson <simon@josefsson.org>

	* gl/inet_ntop.h, gl/m4/gnulib-tool.m4, gl/m4/socklen.m4,
	gl/m4/stdbool.m4, gl/socket_.h, gl/stdbool_.h, gl/vasnprintf.c: 
	Update.

2006-01-27  Simon Josefsson <simon@josefsson.org>

	* src/common.h: Mingw32 fixes.

2006-01-27  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-salowey-tls-ticket-07.txt: Add.

2006-01-20  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-santesson-tls-ume-01.txt: Add.

2006-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: removed the RIPEMD test
	since it is not supported any more.

2006-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: minor updates.

2006-01-19  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/sys_socket_h.m4,
	gl/md5.c, gl/md5.h, gl/sha1.c, gl/sha1.h, gl/socket_.h: Update.

2006-01-18  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2006-01-18  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-08.txt: Add.

2006-01-12  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2006-01-12  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix igloo scp.

2006-01-12  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Re-add igloo.

2006-01-12  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2006-01-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.3.3.

2006-01-12  Simon Josefsson <simon@josefsson.org>

	* .cvscopying: Fix copyright years.

2006-01-12  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2006-01-11  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/dummy.c, gl/m4/gnulib-comp.m4,
	gl/m4/readline.m4, gl/sha1.c, gl/stdint_.h: Update.

2006-01-09  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/socklen.m4,
	gl/m4/stdint.m4, gl/stdint_.h: Update.

2006-01-09  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-santesson-tls-ume-00.txt: Add.

2006-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/bibliography.texi: [no log message]

2005-12-31  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h: C++ fix.

2005-12-31  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_ia.c: Doc fix.

2005-12-28  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-07.txt: Add.

2005-12-28  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls_errors.c,
	lib/gnutls_global.h, lib/minitasn1/coding.c,
	lib/minitasn1/errors.c, lib/x509/crq.c: Constify, tiny patch from
	"ZIGLIO, Frediano, VF-IT" <Frediano.Ziglio@vodafone.com>.

2005-12-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-26  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Doc fix.

2005-12-26  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h, libextra/gnutls_ia.c: Fix TLS/IA
	prototypes, suggested by Jouni Malinen <jkmaline@cc.hut.fi>.

2005-12-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-23  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Use _gnutls_init as increment/decrement
	counter for init/deinit, suggested by ZIGLIO, Frediano.

2005-12-18  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Cosmetic changes.

2005-12-18  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Cosmetic changes.

2005-12-18  Simon Josefsson <simon@josefsson.org>

	* tests/resume.c: Fix mem leak.

2005-12-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, includes/gnutls/gnutls.h.in,
	lib/gnutls_compress_int.c, lib/gnutls_constate.c: fixed a memory
	copy that caused crashes.

2005-12-17  Simon Josefsson <simon@josefsson.org>

	* tests/resume.c: More debug info.

2005-12-17  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2005-12-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-17  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add resume self test.

2005-12-17  Simon Josefsson <simon@josefsson.org>

	* tests/resume.c: Add, to test resume funtions.

2005-12-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-12-17  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-salowey-tls-ticket-06.txt: Add.

2005-12-16  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-12-16  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: Doc fix.

2005-12-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in: Add.

2005-12-16  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: Add API to get master secret too.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Fix.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Fix indentation.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, includes/gnutls/extra.h,
	includes/gnutls/gnutls.h.in, includes/gnutls/openpgp.h,
	includes/gnutls/openssl.h, includes/gnutls/pkcs12.h,
	includes/gnutls/x509.h, lib/auth_anon.c, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp_passwd.h,
	lib/auth_srp_sb64.c, lib/ext_inner_application.c,
	lib/ext_inner_application.h, lib/ext_max_record.c,
	lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_db.h,
	lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/gnutls_psk.c, lib/gnutls_record.c,
	lib/gnutls_session.c, lib/gnutls_session_pack.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
	lib/x509/mpi.h, lib/x509_b64.c, libextra/gnutls_ia.c,
	libextra/openpgp/gnutls_openpgp.h, src/common.c, src/serv.c,
	tests/dhepskself.c, tests/tlsia.c: Indent more.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Remove igloo, it seem weird.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.3.2.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c, lib/gnutls_state.h: Fix warnings.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Remove debug code.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_state.c: Add
	functions to access the TLS PRF and to extract client/server random
	fields, suggested by Jouni Malinen <jkmaline@cc.hut.fi>.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore more.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* doc/.cvsignore, libextra/.cvsignore, tests/.cvsignore: [no log
	message]

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/Makefile.am, doc/examples/ex-client-tlsia.c,
	doc/gnutls.texi, doc/manpages/Makefile.am, includes/gnutls/extra.h,
	includes/gnutls/gnutls.h.in, lib/Makefile.am, lib/debug.c,
	lib/defines.h, lib/ext_inner_application.c,
	lib/ext_inner_application.h, lib/gnutls_alert.c,
	lib/gnutls_buffers.c, lib/gnutls_constate.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_record.c, lib/gnutls_state.c, libextra/Makefile.am,
	libextra/gnutls_ia.c, tests/Makefile.am, tests/tlsia.c: Add TLS/IA
	support.

2005-12-15  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-comp.m4: Update.

2005-12-12  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: added missing set_params_function()

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c, lib/auth_cert.h, lib/auth_psk_passwd.c,
	lib/auth_srp_passwd.c, lib/auth_srp_sb64.c, lib/defines.h,
	lib/ext_cert_type.c, lib/ext_server_name.c, lib/ext_srp.c,
	lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/gnutls_ui.c, lib/gnutls_x509.c, lib/x509/common.c,
	lib/x509/dn.c, lib/x509/extensions.c, lib/x509/pkcs7.c,
	lib/x509/privkey_pkcs8.c, lib/x509_b64.c: Replace "uint" with
	"unsigned".  Remove unused "sint".

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* lib/defines.h, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_num.c,
	lib/gnutls_num.h, lib/gnutls_session_pack.c, lib/x509/mpi.c,
	lib/x509/mpi.h, libextra/openpgp/extras.c,
	libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/pgp.c: Replace
	uint32 with uint32_t.

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* lib/auth_dh_common.c, lib/auth_psk.c, lib/auth_rsa_export.c,
	lib/auth_srp.c, lib/defines.h, lib/ext_max_record.c,
	lib/ext_max_record.h, lib/ext_server_name.c,
	lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.c,
	lib/gnutls_num.h, lib/gnutls_record.c, lib/gnutls_v2_compat.c,
	lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
	lib/x509/x509_write.c: Replace uint16 with uint16_t.

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove unused sizeof checks.

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/auth_cert.c, lib/auth_dh_common.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp_passwd.h,
	lib/auth_srp_sb64.c, lib/defines.h, lib/ext_cert_type.c,
	lib/ext_max_record.c, lib/ext_server_name.c, lib/ext_srp.c,
	lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_datum.c, lib/gnutls_db.c, lib/gnutls_db.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_num.c, lib/gnutls_record.c,
	lib/x509/extensions.c, lib/x509/pkcs12.c, lib/x509/pkcs7.c,
	lib/x509/x509.c, lib/x509_b64.c, lib/x509_b64.h,
	libextra/gnutls_openpgp.c, libextra/openpgp/gnutls_openpgp.h,
	libextra/openpgp/xml.c: Replace uint8 with uint8_t.

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4: Update.

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* lib/defines.h: Remove unused types, to start the transition to the
	POSIX integer types (uint32_t, uint16_t, uint8_t).

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Remove -I../lib, these tools should only use the
	external API.

2005-12-09  Simon Josefsson <simon@josefsson.org>

	* lib/defines.h, lib/gnutls_str.c: ULONG_MAX should be in limits.h,
	so include it at the right place.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/pkcs12.c: Fix mem leaks.  Remove unused variable.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: Fix mem leak.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.3.1.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_str.c: Fix.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Dist pkcs8 blobs.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Fix.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* tests/enc3pkcs8.pem: add

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* tests/enc3pkcs8.pem: Add.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* tests/enc2pkcs8.pem, tests/pkcs8: Add rc2 pkcs#8 blob.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* tests/encpkcs8.pem, tests/unencpkcs8.pem: Fix.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/pkcs8: Add PKCS#8 self test.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Make --password work for PKCS#8 --key-info.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* tests/encpkcs8.pem, tests/unencpkcs8.pem: Add, PKSC#8 blobs.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Remove.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* lib/x509/privkey_pkcs8.c: (gnutls_x509_privkey_import_pkcs8): Handle unencrypted PEM keys.
	Remove unused "encrypted" variable.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/certtool.c: Generate unencrypted PKCS#8 keys for blank
	passwords.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/TODO, includes/gnutls/gnutls.h.in, lib/gnutls_x509.c,
	tests/Makefile.am, tests/set_pkcs12_cred.c: Support reading X.509
	credentials from PKCS#12 files.

2005-12-08  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Print PKCS#12 type for each element.

2005-12-06  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc4279.txt: Add.

2005-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session_pack.c: Corrected bugs in session resumption.
	Bugs reported by Yoann Vandoorselare.

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Put 1.3.x releases in devel/ directory.

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: add

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Fix.

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* doc/README.CODING_STYLE: Mention indentation.

2005-12-02  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-12-01  Simon Josefsson <simon@josefsson.org>

	* gl/m4/socklen.m4, gl/readline.c, gl/stdint_.h: Update.

2005-12-01  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Don't infloop.

2005-12-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-12-01  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Check starttls_alarmed earlier, the signal might be
	sent before select is called.  Report by Otto Maddox
	<ottomaddox@fastmail.fm> and influenced by tiny patch from Nozomu
	Ando <nand@mac.com>.

2005-12-01  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2005-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/gnutls.h.in, lib/gnutls_session.c,
	lib/gnutls_session_pack.c: Some fixes in session resumption and
	prototypes. Based on patches and suggestions by Joe Orton.

2005-11-21  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/tls-numbers.txt: From
	<http://people.nokia.net/~pasi/tls-numbers.txt>.

2005-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c: added some clarification about the
	encryption status.

2005-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool.c: Corrected a bug in certtool for 64 bit
	machines. Reported by Max Kellermann <max@duempel.org>.

2005-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli.gaa: [no log message]

2005-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_datum.c, lib/gnutls_session_pack.c, src/serv.c: some
	more fixes for PSK.

2005-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: the library version number was bumped to 13 to allow
	for incompatible changes.

2005-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, lib/auth_anon.c, lib/auth_anon.h,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
	lib/gnutls_kx.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, src/Makefile.am,
	src/cli-gaa.c, src/cli.c, src/cli.gaa, src/common.c,
	src/gnutls-http-serv, src/params.pem, src/serv.c: Completed the
	DHE-PSK ciphersuite additions.

2005-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_psk.c: some documentation updates

2005-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_anon_cred.c, lib/gnutls_psk.c: 
	gnutls_anon_set_params_function was renamed to
	gnutls_anon_set_server_params_function to be more consistent with
	the other functions. The same for the PSK.

2005-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.h, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/gnutls_cert.c, lib/gnutls_handshake.c: get_rsa_params was
	converted to behave similarly to get_dh_params.

2005-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: [no log message]

2005-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/gnutls.h.in, lib/Makefile.am,
	lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_dhe.c, lib/auth_dhe_psk.c,
	lib/auth_psk.c, lib/auth_psk.h, lib/auth_rsa_export.c,
	lib/auth_srp.c, lib/auth_srp_sb64.c, lib/gnutls_algorithms.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
	lib/gnutls_cert.c, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_psk.c,
	lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
	lib/gnutls_state.c, lib/gnutls_ui.c, src/common.c, src/serv.c,
	tests/Makefile.am, tests/dhepskself.c, tests/pskself.c: added
	DHE-PSK ciphersuites and some cleanups.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.3.0.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* src/prime.c, src/serv.c, tests/pskself.c: Indent.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Use sha1sum instead of md5sum for igloo.linux.gr
	CHECKSUMS.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog.1: Add, generated using cvs2cl --utc --fsf --FSF
	--usermap .cvsusers -I ChangeLog -I .cvs --window 120 -l
	"-d""<2005-11-08""", and manually adjusting the start and end of the
	file.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Don't use --tags for cvs2cl.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Dist auth_psk.h.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* src/certtool-gaa.c, src/cli-gaa.c, src/crypt-gaa.c,
	src/psk-gaa.c, src/serv-gaa.c, src/tls_test-gaa.c: Regenerate GAA
	code, to remove use of C++ // comments.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Add license.  Fix parser error.  Dist
	and install SRP man pages too.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* configure.in, doc/examples/Makefile.am, doc/manpages/Makefile.am,
	src/Makefile.am, src/prime.c: Disable more SRP stuff if
	--disable-srp, tiny patch from Albert Chin
	<gnutls-dev@mlists.thewrittenword.com> and tiny patch to src/prime.c
	from RedHat gnutls-1.2.6 RPM.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Use more verbose NEWS entry format.

2005-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pskself.c: updated PSK self test

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* src/certtool-gaa.c: Fix.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add pskself.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* tests/pskself.c: Add, based on anonself.c.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_errors.c: Fix error messages; PSK also use the SRP
	errors.

2005-11-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_psk.c: Doc fix.

2005-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/debug.c, lib/x509/common.c, lib/x509/crl.c, lib/x509/dn.c,
	lib/x509/pkcs12.c, lib/x509/pkcs7.c, libextra/openssl_compat.c,
	src/serv.c: Include config.h first.  Tiny patch from Albert Chin
	<gnutls-dev@mlists.thewrittenword.com>.

2005-11-14  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/opencdk.h: Don't use trailing comma in last enum
	constant, for IBM C v6.  Tiny patch from Albert Chin
	<gnutls-dev@mlists.thewrittenword.com>.

2005-11-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: Tru64 UNIX 4.0D has mmap() but doesn't define
	MAP_FAILED, tiny patch from Albert Chin
	<gnutls-dev@mlists.thewrittenword.com>

2005-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/gnutls.texi, lib/gnutls_algorithms.c: removed the RIPEMD
	ciphersuites.

2005-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/arch/extensions_st.eps, doc/arch/extensions_st.pdf,
	doc/arch/mod_auth_st.eps, doc/arch/mod_auth_st.pdf,
	doc/internals.texi: added brief documentation on the extension and
	auth_method internals.

2005-11-12  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi, lib/gnutls_state.c, lib/gnutls_x509.c,
	src/certtool.gaa: some documentation updates.

2005-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/arch/certificate-user-use-case.eps, doc/{ =>
	arch}/certificate-user-use-case.pdf,
	doc/arch/client-server-use-case.eps, doc/{ =>
	arch}/client-server-use-case.pdf, doc/arch/handshake-sequence.eps,
	doc/{ => arch}/handshake-sequence.pdf,
	doc/arch/handshake-state.eps, doc/{ => arch}/handshake-state.pdf,
	doc/arch/objects.eps, doc/{ => arch}/objects.pdf,
	doc/internals.texi: moved architecture figures to arch/

2005-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, Makefile.am: made ChangeLog more compact by ignoring
	past changes.

2005-11-10  Simon Josefsson <simon@josefsson.org>

	* gl/inet_ntop.h, gl/readline.c: Update.

2005-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: [no log message]

2005-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2005-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/signatures.texi: Add.

2005-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/certificate-user-use-case.pdf,
	doc/client-server-use-case.pdf, doc/gnutls.texi,
	doc/handshake-sequence.pdf, doc/handshake-state.pdf,
	doc/internals.texi, doc/objects.pdf: added some stuff about the
	internals of gnutls.

2005-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : added again the files in binary mode.

2005-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : [no log message]

2005-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : added some architectural diagrams. Quite primitive.

2005-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/signatures.texi: add

2005-11-08  Simon Josefsson <simon@josefsson.org>

	* doc/signatures.texi: Wrap around <80 columns.

2005-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, lib/gnutls_session_pack.c, src/cli.c,
	src/serv.c: fixed bug in session packing for anonymous connections.

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* src/serv.c, tests/anonself.c, tests/openpgp_test.c,
	tests/openssl.c, tests/x509_test.c: Indent.

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Indent tests/.

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
	lib/auth_dhe.c, lib/auth_psk.c, lib/auth_psk.h,
	lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
	lib/auth_srp_sb64.c, lib/debug.c, lib/debug.h, lib/defines.h,
	lib/ext_cert_type.c, lib/ext_cert_type.h, lib/ext_max_record.c,
	lib/ext_max_record.h, lib/ext_server_name.c, lib/ext_server_name.h,
	lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_compress_int.c,
	lib/gnutls_compress_int.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
	lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
	lib/gnutls_priority.h, lib/gnutls_psk.c, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
	lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_ui.c,
	lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/io_debug.h, lib/pkix_asn1_tab.c,
	lib/strfile.h, lib/x509/common.c, lib/x509/common.h,
	lib/x509/compat.c, lib/x509/compat.h, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/crq.h,
	lib/x509/dn.c, lib/x509/dn.h, lib/x509/dsa.c, lib/x509/dsa.h,
	lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/mpi.c,
	lib/x509/mpi.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
	lib/x509/pkcs7.h, lib/x509/privkey.c, lib/x509/privkey.h,
	lib/x509/privkey_pkcs8.c, lib/x509/rfc2818.h,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/sign.h,
	lib/x509/verify.c, lib/x509/verify.h, lib/x509/x509.c,
	lib/x509/x509.h, lib/x509/x509_write.c, lib/x509/xml.c,
	lib/x509_b64.c, lib/x509_b64.h, libextra/gnutls_extra.c,
	libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openssl.c, libextra/openpgp/compat.c,
	libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
	libextra/openpgp/openpgp.h, libextra/openpgp/pgp.c,
	libextra/openpgp/pgpverify.c, libextra/openpgp/privkey.c,
	libextra/openpgp/xml.c, libextra/openssl_compat.c,
	libextra/openssl_compat.h, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
	src/errcodes.c, src/list.h, src/prime.c, src/psk.c, src/serv.c,
	src/tests.c, src/tests.h, src/tls_test.c: Use GNU coding style.

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Use GNU coding style for indent.

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Add.

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Ignore more headers.

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* src/.cvsignore: [no log message]

2005-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_psk.c, lib/auth_psk_passwd.c, lib/auth_psk_passwd.h,
	lib/gnutls_psk.c, src/serv-gaa.c, src/serv-gaa.h: more psk stuff

2005-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/TODO, doc/gnutls.texi,
	doc/manpages/Makefile.am, doc/manpages/psktool.1,
	includes/gnutls/gnutls.h.in, lib/Makefile.am, lib/auth_psk.c,
	lib/auth_psk.h, lib/auth_psk_passwd.c, lib/auth_psk_passwd.h,
	lib/auth_srp.h, lib/auth_srp_sb64.c, lib/ext_srp.c,
	lib/gnutls_algorithms.c, lib/gnutls_compress_int.c,
	lib/gnutls_db.c, lib/gnutls_helper.c, lib/gnutls_helper.h,
	lib/gnutls_int.h, lib/gnutls_psk.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
	lib/gnutls_srp.c, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/libgnutls.vers, src/Makefile.am, src/cli-gaa.c, src/cli-gaa.h,
	src/cli.c, src/cli.gaa, src/common.c, src/crypt.c,
	src/gnutls-http-serv, src/psk-gaa.c, src/psk-gaa.h, src/psk.c,
	src/psk.gaa, src/serv.c, src/serv.gaa: This is the initial commit in
	the 1.3 branch. Ported from the PSK branch: * PSK ciphersuites have been added.  * The session resumption data are now system independent.

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-11-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.2.9.

2005-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: corrected bug in pkcs 12 ID key setting. Found and
	reported by Fran <e_agf@yahoo.es>.

2005-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: fixed typos etc.

2005-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: [no log message]

2005-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/signatures.texi: supported algorithms were moved in a
	different subsection.

2005-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: [no log message]

2005-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/signatures.texi: [no log message]

2005-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/signatures.texi: [no log message]

2005-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi, doc/signatures.texi: better output for non-tex
	formats.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* doc/signatures.texi: Fix.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* doc/signatures.texi: Add.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* doc/signatures.texi: Add.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: Remove
	GNUTLS_CERTIFICATE_VERIFY_FLAGS_LAST hack, use version number
	defines instead.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Add numeric version numbers, for CPP
	version comparisons.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* configure.in: Compute numeric version numbers, for CPP version
	comparisons.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: Add GNUTLS_CERTIFICATE_VERIFY_FLAGS_LAST,
	based on report by Daniel Stenberg <daniel@haxx.se>.

2005-11-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_ui.c: Doc fix, suggested by Daniel Stenberg
	<daniel@haxx.se>.

2005-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: some type fixes.

2005-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: [no log message]

2005-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/bibliography.texi, doc/gnutls.texi,
	doc/signatures.texi: added some text about digital signatures.

2005-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/x509/clicert-dsa.pem, src/x509/clicert.pem: appended the
	intermediate CA certificates to client certificates.

2005-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: added
	the --require-cert option to gnutls-serv

2005-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_kx.c: Some fixes in the certificate
	handling.

2005-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/bibliography.texi: [no log message]

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/bibliography.texi, doc/gnutls.texi: [no log message]

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/bibliography.texi, doc/gnutls.texi: the bibliography stuff is
	a bit sorted... I hate that texinfo stuff.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* gl/inet_ntop.c: Update.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* gl/inet_ntop.h: Update.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* gl/gc-gnulib.c, gl/gc-libgcrypt.c, gl/md2.c, gl/md2.h: Update.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/pgpverify.c: Doc fix.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Revert.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Fix warnings.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Don't include openpgp stuff in api manual.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Remove @anchor, texinfo @deftypefun create them
	implicitly.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Fix.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Fix depends.

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi, doc/scripts/gdoc: some changes to allow cross
	referencing of functions.

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/arctwo.c: [no log message]

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/TODO: Add.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* gl/gc-libgcrypt.c, gl/m4/md2.m4: Update.

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* gl/gc-libgcrypt.c: Support MD2.

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: some more updates.

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: added text about gnutls_certificate_verify_flags.

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: [no log message]

2005-10-28  Simon Josefsson <simon@josefsson.org>

	* gl/gc-gnulib.c, gl/gc-libgcrypt.c, gl/gc.h: Update.

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/bibliography.texi, doc/gnutls.texi, doc/my-bib-macros.texi: 
	some more changes for better pdf output

2005-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/bibliography.texi, doc/gnutls.texi,
	doc/my-bib-macros.texi: added bibliography\!

2005-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : [no log message]

2005-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : pdf files generated with png2pdf. The output is a bit better
	than eps2pdf.

2005-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi, src/errcodes.c: some updates and improvments in
	the pdf output.

2005-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: [no log message]

2005-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: The check for insecure algorithms is only
	performed on non-self signed certificates.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* gl/gc-gnulib.c: Update.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/verify.c: Don't accept MD2/MD5 hashes when verifying
	X.509 certificate signatures.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Print whether verification failed due to an
	insecure algorithm.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in: Add GNUTLS_CERT_INSECURE_ALGORITHM.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/pkcs7.h, lib/x509/privkey.h, lib/x509/verify.h,
	lib/x509/x509.h: Get public prototypes from gnutls/x509.h instead.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Fix prototype.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.h: Get exported function prototypes from
	gnutls/x509.h instead.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: Fix.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.h: Add.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_hash_int.c: Add MD2.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* gl/gc-gnulib.c: Fix link errors.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* : Remove.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: Add MD2/MD5 verify flags.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gc-gnulib.c, gl/gc-libgcrypt.c, gl/gc.h,
	gl/m4/gc-md2.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/md2.m4, gl/md2.c, gl/md2.h: Add MD2.

2005-10-27  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add MD2.

2005-10-24  Simon Josefsson <simon@josefsson.org>

	* gl/gc-gnulib.c, gl/inet_ntop.c, gl/inet_ntop.h,
	gl/m4/inet_ntop.m4, gl/md4.h, gl/md5.c, gl/md5.h: Update.

2005-10-24  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-hajjeh-tls-sign-01.txt: Add.

2005-10-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-10-23  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_record.c: Fix zero size send.

2005-10-22  Simon Josefsson <simon@josefsson.org>

	* gl/arcfour.c, gl/arcfour.h, gl/arctwo.h, gl/m4/gc.m4,
	gl/m4/gnulib-comp.m4, gl/md4.c, gl/md4.h: Update.

2005-10-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/gc-gnulib.c: Update.

2005-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/hmac-md5.c, gl/hmac-sha1.c, gl/m4/gc.m4,
	gl/m4/gnulib-comp.m4, gl/md4.c, gl/rijndael-alg-fst.h: Update.

2005-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/gc-gnulib.c: Update.

2005-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/des.c, gl/des.h, gl/gc-gnulib.c, gl/m4/des.m4,
	gl/m4/gc-des.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: 
	Update.

2005-10-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/arctwo.c, gl/arctwo.h, gl/gc-gnulib.c,
	gl/gc-libgcrypt.c, gl/m4/arctwo.m4, gl/m4/gc-arctwo.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update.

2005-10-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-10-21  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-salowey-tls-ticket-05.txt: Add.

2005-10-20  Simon Josefsson <simon@josefsson.org>

	* tests/anonself.c: Fix bug.

2005-10-20  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-modadugu-tls-ctr-00.txt: Add.

2005-10-19  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/arcfour.c, gl/arcfour.h, gl/gc-gnulib.c,
	gl/m4/arcfour.m4, gl/m4/gc-arcfour.m4, gl/m4/gc-hmac-md5.m4,
	gl/m4/gc-hmac-sha1.m4, gl/m4/gc-md4.m4, gl/m4/gc-md5.m4,
	gl/m4/gc-rijndael.m4, gl/m4/gc-sha1.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4: Update.

2005-10-19  Simon Josefsson <simon@josefsson.org>

	* gl/gc-gnulib.c: Cleanup.

2005-10-19  Simon Josefsson <simon@josefsson.org>

	* gl/gc.h: Add ecb.

2005-10-19  Simon Josefsson <simon@josefsson.org>

	* gl/rijndael-api-fst.c: Fix CBC IV bugs.

2005-10-19  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gc-gnulib.c, gl/hmac-md5.c, gl/hmac-sha1.c,
	gl/m4/gc-rijndael.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/rijndael.m4, gl/rijndael-alg-fst.c, gl/rijndael-alg-fst.h,
	gl/rijndael-api-fst.c, gl/rijndael-api-fst.h: Update.

2005-10-19  Simon Josefsson <simon@josefsson.org>

	* configure.in: Reverse logic.

2005-10-19  Simon Josefsson <simon@josefsson.org>

	* README: Update --with-builtin-crypto documentation.

2005-10-19  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add --with-builtin-crypto to enable gnulib
	functions.

2005-10-18  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Initialize gcrypt here, for now, to make sure
	it is done even if gnulib's GC uses the non-libgcrypt functions.

2005-10-18  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove unused USE_GCRYPT.

2005-10-18  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gc-gnulib.c, gl/gc-libgcrypt.c, gl/gc.h,
	gl/m4/gc-md4.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/md4.m4, gl/md4.c, gl/md4.h: Add gc-md4.

2005-10-18  Simon Josefsson <simon@josefsson.org>

	* gl/m4/stdbool.m4: Update.

2005-10-17  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2005-10-17  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gc-libgcrypt.c, gl/m4/gc-sha1.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update.

2005-10-17  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/gc.c: Add self tests of gc.

2005-10-17  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/hmac-md5.c, gl/m4/gc-hmac-md5.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hmac-md5.m4,
	gl/m4/md5.m4, gl/md5.c, gl/md5.h: Update.

2005-10-17  Simon Josefsson <simon@josefsson.org>

	* gl/gc.h, lib/gnutls_cipher_int.h, lib/gnutls_hash_int.h,
	lib/x509/pkcs12_encr.c, lib/x509/privkey_pkcs8.c,
	libextra/Makefile.am: Fixes to make GC work again.

2005-10-17  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/x509/Makefile.am, libextra/Makefile.am,
	src/Makefile.am: Don't link to gc directly.

2005-10-17  Simon Josefsson <simon@josefsson.org>

	* crypto/.cvsignore, crypto/Makefile.am, crypto/gc-libgcrypt.c,
	crypto/gc-nettle.c, crypto/gc.h, crypto/pkcs5.c, crypto/test-gc.c,
	crypto/utils.c, crypto/utils.h, nettle/.cvsignore,
	nettle/Makefile.am, nettle/aes-decrypt-table.c,
	nettle/aes-decrypt.c, nettle/aes-encrypt-table.c,
	nettle/aes-encrypt.c, nettle/aes-internal.h, nettle/aes-meta.c,
	nettle/aes-set-decrypt-key.c, nettle/aes-set-encrypt-key.c,
	nettle/aes.c, nettle/aes.h, nettle/arcfour-crypt.c,
	nettle/arcfour-meta.c, nettle/arcfour.c, nettle/arcfour.h,
	nettle/arctwo-meta.c, nettle/arctwo.c, nettle/arctwo.h,
	nettle/cbc.c, nettle/cbc.h, nettle/des-compat.c,
	nettle/des-compat.h, nettle/des.c, nettle/des.h, nettle/des3.c,
	nettle/desCode.h, nettle/descore.README, nettle/desinfo.h,
	nettle/hmac-md5.c, nettle/hmac-sha1.c, nettle/hmac.c,
	nettle/hmac.h, nettle/keymap.h, nettle/knuth-lfib.c,
	nettle/knuth-lfib.h, nettle/macros.h, nettle/md2-meta.c,
	nettle/md2.c, nettle/md2.h, nettle/md5-meta.c, nettle/md5.c,
	nettle/md5.h, nettle/memxor.c, nettle/memxor.h,
	nettle/nettle-internal.c, nettle/nettle-internal.h,
	nettle/nettle-meta.h, nettle/parity.h, nettle/rotors.h,
	nettle/sha.h, nettle/sha1-compress.c, nettle/sha1-meta.c,
	nettle/sha1.c, nettle/tests/.cvsignore, nettle/tests/Makefile.am,
	nettle/tests/aes-test.c, nettle/tests/arcfour-test.c,
	nettle/tests/arctwo-test.c, nettle/tests/cbc-test.c,
	nettle/tests/des-compat-test.c, nettle/tests/des-test.c,
	nettle/tests/des3-test.c, nettle/tests/hmac-test.c,
	nettle/tests/knuth-lfib-test.c, nettle/tests/md2-test.c,
	nettle/tests/md4-test.c, nettle/tests/md5-test.c,
	nettle/tests/run-tests, nettle/tests/sha1-test.c,
	nettle/tests/testutils.c, nettle/tests/testutils.h: Remove
	nettle+crypto.

2005-10-17  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in: Replace nettle+crypto with gnulib.

2005-10-17  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gc-libgcrypt.c, gl/gc-pbkdf2-sha1.c, gl/gc.h,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/stdbool.m4: 
	UPdate.

2005-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: added some more verbose messages to the client to
	report whether it sent any certificates or not.

2005-10-12  Simon Josefsson <simon@josefsson.org>

	* lib/ext_server_name.h: Remove unused prototypes.

2005-10-12  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Don't
	use gc just yet.

2005-10-12  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gc-md5.m4: Add.

2005-10-12  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/gc-gnulib.c, gl/gc-libgcrypt.c,
	gl/gc-pbkdf2-sha1.c, gl/gc.h, gl/hmac-sha1.c, gl/hmac.h,
	gl/m4/gc-hmac-sha1.m4, gl/m4/gc-pbkdf2-sha1.m4, gl/m4/gc.m4,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hmac-sha1.m4,
	gl/m4/inttypes.m4, gl/m4/memxor.m4, gl/m4/restrict.m4,
	gl/m4/sha1.m4, gl/m4/stdint.m4, gl/memxor.c, gl/memxor.h,
	gl/sha1.c, gl/sha1.h, gl/stdint_.h: Update.

2005-10-12  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-badra-hajjeh-mtls-00.txt: Add.

2005-10-11  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-srp-10.txt: Add.

2005-10-07  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2005-10-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-10-07  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-10-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.2.8.

2005-10-07  Simon Josefsson <simon@josefsson.org>

	* src/crypt.c: Don't use error.

2005-10-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-10-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-10-07  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2005-10-07  Simon Josefsson <simon@josefsson.org>

	* gl/getdelim.c, gl/m4/gnulib-comp.m4, gl/m4/stdbool.m4: Update.

2005-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: depends on libgcrypt 1.2.2

2005-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: handle better EOF from stdin.

2005-10-01  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2005-10-01  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Don't install libexamples.la.

2005-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/manpages/Makefile.am, lib/auth_dh_common.c,
	lib/auth_rsa_export.c, lib/auth_srp.c, lib/gnutls_dh_primes.c,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
	lib/gnutls_srp.c, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: Made the PKCS #12 API
	  handle null passwords. Based on patch by Anton Altaparmakov
	<aia21@cam.ac.uk>.

2005-09-27  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc4158.txt: Add.

2005-09-24  Simon Josefsson <simon@josefsson.org>

	* configure.in, src/common.c, src/common.h: Use gnulib for
	inet_ntop.

2005-09-24  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/inet_ntop.c, gl/inet_ntop.h,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
	gl/m4/sockpfaf.m4: Add inet_ntop.

2005-09-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-09-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-09-23  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add --insecure.

2005-09-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-09-23  Simon Josefsson <simon@josefsson.org>

	* src/cli-gaa.c, src/cli-gaa.h: Generated.

2005-09-23  Simon Josefsson <simon@josefsson.org>

	* src/cli.c, src/cli.gaa: Add --insecure.  Make the default be to
	abort connections if the peer doesn't verify, when a ca certificate
	or PGP trust database has been supplied.

2005-09-23  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Fix warnings.

2005-09-22  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-cert-select.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c: Don't use mmap.
	Use memset instead of bzero.

2005-09-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-09-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-09-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Revert stupid program_name workaround, patch
	from Martin Lambers <marlam@marlam.de>.

2005-09-21  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/error.c, gl/error.h, gl/getdelim.c,
	gl/getline.c, gl/getpass.c, gl/m4/error.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-comp.m4, gl/m4/strerror_r.m4, gl/memmove.c,
	gl/readline.c: Remove error module.  Update gnulib files.

2005-09-21  Simon Josefsson <simon@josefsson.org>

	* src/certtool-cfg.c, src/certtool.c: Don't use error module until
	program_name problem is solved.

2005-09-19  Simon Josefsson <simon@josefsson.org>

	* configure.in: Use gnulib for socklen test.

2005-09-19  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
	gl/m4/socklen.m4: Update.

2005-09-19  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-09-19  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Don't use mmap, patch from Martin Lambers
	<marlam@marlam.de>.

2005-09-19  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-11.txt: Add.

2005-09-14  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-funk-tls-inner-application-extension-00.txt,
	doc/protocol/draft-funk-tls-inner-application-extension-01.txt: Add.

2005-09-12  Simon Josefsson <simon@josefsson.org>

	* doc/README.CVS: gtk-doc in debian should work fine now

2005-09-12  Simon Josefsson <simon@josefsson.org>

	* doc/reference/tmpl/.cvsignore: [no log message]

2005-09-12  Simon Josefsson <simon@josefsson.org>

	* doc/reference/tmpl/gnutls-unused.sgml: Add (to workaround gtk-doc
	makefile bug.)

2005-09-10  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-chudov-cryptopro-cptls-02.txt: Add.

2005-09-09  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2005-09-09  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2005-09-09  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-09-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.2.7.

2005-09-09  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-salowey-tls-ticket-04.txt: Add.

2005-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-09-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-09-06  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getpass.c: Update.

2005-09-03  Simon Josefsson <simon@josefsson.org>

	* gl/m4/gnulib-tool.m4, gl/m4/lib-ld.m4, gl/m4/lib-prefix.m4: Add.

2005-09-03  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib.m4: Update.

2005-09-02  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/getdelim.c,
	gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/lib-link.m4: 
	Update gnulib.

2005-09-02  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc4162.txt: Add.

2005-08-31  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Update my PGP key.

2005-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/libtasn1.h: Update.

2005-08-31  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Dist libgnutls-extra.vers.

2005-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Dist libgnutls.vers.

2005-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Fix typo.

2005-08-31  Simon Josefsson <simon@josefsson.org>

	* libextra/libgnutls-extra.vers: Add version script.

2005-08-31  Simon Josefsson <simon@josefsson.org>

	* NEWS, lib/libgnutls.vers: Add.

2005-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, libextra/Makefile.am: Use version script.

2005-08-31  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add --enable-ld-version-script.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix typo.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Link with libz.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/isascii.c, gl/isascii.h, gl/m4/gnulib.m4,
	gl/m4/isascii.m4: Update.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Add program_name, to shut up error module.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove isascii gnulib module.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/defines.h: Let's pretend all system has isascii until we find
	one that actually hasn't.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-verify.c: Don't use C99 features.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* configure.in: Disable zlib code if we don't find zlib.h too.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Remove gnutls_random.h.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* gl/getpass.c, gl/m4/gnulib.m4: Update.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/auth_srp_passwd.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_pk.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
	lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: Don't include
	gnutls_random.h.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/gnutls_random.c, lib/gnutls_random.h: (_gnutls_get_random): Removed, not used any more.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/auth_rsa.c: Call gc directly instead of _gnutls_get_random.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* src/crypt.c: Prototype error().

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: Call gc directly
	instead of _gnutls_get_random.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pk.c: Fix last commit.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* lib/auth_srp_passwd.c, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/gnutls_pk.c: Call gc directly instead of
	_gnutls_get_random.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Add libgc.la for crypt.c.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* src/crypt.c: Avoid gcrypt.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Fix typo.

2005-08-30  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Add -I for ../crypto.  Remove unneeded OpenCDK
	CFLAGS.

2005-08-25  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2005-08-25  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getpass.c, gl/m4/gnulib.m4, gl/m4/minmax.m4: 
	Update.

2005-08-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-08-24  Simon Josefsson <simon@josefsson.org>

	* gl/getpass.c: Update.

2005-08-24  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getpass.c, gl/m4/getpass.m4, gl/m4/gnulib.m4: 
	Update.

2005-08-24  Simon Josefsson <simon@josefsson.org>

	* configure.in: Only use getpass, not getpass-gnu (the later is
	always built on glibc platforms).

2005-08-24  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Fix copyright.  Fix rc/status checking in last
	commit.

2005-08-24  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Use gnutls_certificate_verify_peers2, suggested by
	Daniel Stenberg <daniel@haxx.se>.

2005-08-24  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c, lib/gnutls_x509.c: Doc fix.

2005-08-24  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c: (gnutls_certificate_verify_peers2): Doc fix, suggested by Daniel
	Stenberg <daniel@haxx.se>.

2005-08-24  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: Indent.

2005-08-24  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: (gnutls_certificate_verify_flags): Doc fix.

2005-08-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-08-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-08-23  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Fix objdir!=srcdir builds once again.

2005-08-23  Simon Josefsson <simon@josefsson.org>

	* doc/examples/Makefile.am: Add -I for objdir!=srcdir builds.

2005-08-23  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am: Add -I for gl.

2005-08-23  Simon Josefsson <simon@josefsson.org>

	* src/common.h: Don't re-map socklen_t (done by configure now),
	suggested by Martin Lambers <marlam@marlam.de>.

2005-08-23  Simon Josefsson <simon@josefsson.org>

	* configure.in: Define socklen_t to int, not size_t, if it is
	missing, suggested by Martin Lambers <marlam@marlam.de>.

2005-08-23  Simon Josefsson <simon@josefsson.org>

	* gl/getpass.c, gl/m4/getpass.m4: Update.

2005-08-23  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/openpgp.h: Protect config.h #include.

2005-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/internals.eps, doc/layers.eps, doc/pgp1.eps: updated figures

2005-08-15  Simon Josefsson <simon@josefsson.org>

	* src/certtool-cfg.c: (read_int): Use readline.  Use strtol, and catch out of range
	inputs.  Suggested by Fran.

2005-08-15  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add readline.

2005-08-15  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Possibly link with readline.

2005-08-15  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/lib-link.m4,
	gl/m4/readline.m4, gl/readline.c, gl/readline.h: Update.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/errors.c, lib/minitasn1/errors.h,
	lib/minitasn1/libtasn1.h: Update to 0.2.15.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* gl/m4/isascii.m4: Update.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/isascii.c, gl/isascii.h,
	gl/m4/gnulib.m4, gl/m4/isascii.m4, lib/defines.h: Use isascii from
	gnulib.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* lib/defines.h: Protect config.h include.  Assume C89 platform.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/memmove.m4,
	gl/memmove.c, lib/defines.h: Cleanup memmove.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* doc/examples/tcp.c: Add, from ex-client2.c.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client2.c: Use external tcp_*.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Don't call progname stuff.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* lib/memmem.c, lib/memmem.h: Remove.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Link with gnulib for memmem.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/alloca_.h, gl/asnprintf.c, gl/error.c,
	gl/error.h, gl/getdelim.c, gl/getdelim.h, gl/getline.c,
	gl/getline.h, gl/getpass.c, gl/getpass.h, gl/m4/gnulib.m4,
	gl/m4/memmem.m4, gl/memmem.c, gl/memmem.h, gl/minmax.h,
	gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
	gl/printf-parse.h, gl/progname.c, gl/progname.h, gl/size_max.h,
	gl/snprintf.c, gl/snprintf.h, gl/stdbool_.h, gl/vasnprintf.c,
	gl/vasnprintf.h, gl/xsize.h: Update.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Replace GPL progname.h with simple workaround.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* configure.in: Avoid progname module (only GPL one left).  Add
	memmem gnulib module.  Force gnulib files to be LGPL.

2005-08-12  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/getdelim.c, gl/getdelim.h, gl/getline.c,
	gl/getline.h, gl/getndelim2.c, gl/getndelim2.h, gl/m4/getdelim.m4,
	gl/m4/getline.m4, gl/m4/getndelim2.m4, gl/m4/gnulib.m4,
	gl/m4/onceonly_2_57.m4, gl/m4/ssize_t.m4: Update.

2005-08-10  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client1.c, doc/examples/ex-client2.c,
	doc/examples/ex-crq.c, doc/examples/ex-pkcs12.c,
	doc/examples/ex-rfc2818.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
	doc/examples/ex-session-info.c, doc/examples/ex-verify.c,
	doc/examples/ex-x509-info.c: Indent.

2005-08-10  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, doc/Makefile.am, doc/examples/.cvsignore,
	doc/examples/Makefile.am, doc/examples/ex-cert-select.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client1.c, doc/examples/ex-client2.c,
	doc/examples/ex-crq.c, doc/examples/ex-pkcs12.c,
	doc/examples/ex-rfc2818.c, doc/examples/ex-serv-anon.c,
	doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
	doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
	doc/examples/ex-session-info.c, doc/examples/ex-verify.c,
	doc/examples/ex-x509-info.c: Build examples.  Fix errors.

2005-07-25  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2005-07-25  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Doc fixes, tiny patch from Ralph Giles
	<giles@onlinegamegroup.com>.

2005-07-24  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc4132.txt: Add.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.2.6.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/libtasn1.h: Sync with 0.2.14.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_alert.c, lib/gnutls_anon_cred.c: Fix GTK-DOC warnings.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* doc/README.CVS: gtk-doc 1.4 is ok

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/gnutls.h.in, includes/gnutls/openpgp.h,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_ui.c: Fix GTK-DOC
	warnings.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* lib/x509/x509.h: Fix GTK-DOC warning.

2005-07-16  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c, lib/x509/privkey.c, lib/x509/x509.c: Fix GTK-DOC
	warnings.

2005-07-15  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-salowey-tls-ticket-03.txt: Add.

2005-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-x509-info.c: corrected wrong number of arguments
	in gnutls_x509_crt_import(). Reported by Fco J. Arias.

2005-07-15  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/gnutls_compress_int.c, libextra/gnutls_extra.c: 
	Fix LZO 1.x vs 2.x header file #include mess.

2005-07-14  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2005-07-14  Simon Josefsson <simon@josefsson.org>

	* gl/m4/size_max.m4, gl/size_max.h: Update.

2005-07-14  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2005-07-14  Simon Josefsson <simon@josefsson.org>

	* configure.in: Check for lzo1x_1_compress in -llzo2 too, and prefer
	-llzo2 if available, reported by Thomas Klausner <tk@giga.or.at>.

2005-07-12  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/gnutls_compress_int.c, libextra/Makefile.am,
	libextra/gnutls_extra.c, libextra/minilzo/.cvsignore,
	libextra/minilzo/Makefile.am, libextra/minilzo/README.LZO,
	libextra/{ => minilzo}/lzoconf.h, libextra/{ => minilzo}/lzodefs.h,
	libextra/{ => minilzo}/minilzo.c, libextra/{ => minilzo}/minilzo.h,
	libextra/minilzo/testmini.c: Move MiniLZO to separate directory.
	Update from MiniLZO 2.00 to 2.01.

2005-07-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-07-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-07-03  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-07-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.2.5.

2005-07-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-07-02  Simon Josefsson <simon@josefsson.org>

	* libextra/libgnutls-extra-config.in: Fix --help for distcheck.

2005-07-02  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls-config.in: Send --help output to stdout.

2005-07-02  Simon Josefsson <simon@josefsson.org>

	* lib/libgnutls-config.in: Exit with 0 for --help.

2005-06-27  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs12_neon: Fix.

2005-06-27  Simon Josefsson <simon@josefsson.org>

	* tests/pkcs12_neon: Fix objdir!=srcdir (for distcheck).

2005-06-27  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Dist gnutls-logo.eps.

2005-06-24  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-rescorla-dtls-05.txt: Add.

2005-06-24  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc2246-bis-13.txt: Add.

2005-06-23  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-psk-09.txt: Add.

2005-06-17  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Use --enable-gtk-doc during distcheck.

2005-06-15  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2005-06-15  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/Makefile.am: Fix srcdir!=objdir builds.

2005-06-15  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/Makefile.am, libextra/openpgp/Makefile.am: Add
	license.

2005-06-15  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am, libextra/openpgp/Makefile.am: Fix
	srcdir!=objdir builds.

2005-06-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-06-14  Simon Josefsson <simon@josefsson.org>

	* libextra/lzodefs.h: Add.

2005-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS: [no log message]

2005-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_compress_int.c, libextra/Makefile.am,
	libextra/gnutls_extra.c, libextra/lzoconf.h, libextra/minilzo.c,
	libextra/minilzo.h: Updated to minilzo 2.0 and corrected stuff
	pointed out by

2005-06-03  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc2246-bis-12.txt: Add.

2005-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_write.c: some updates to prevent warnings for non
	constant initializers

2005-05-31  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-10.txt: Add.

2005-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_ui.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/mpi.c, lib/x509/sign.c,
	lib/x509/x509_write.c: fixed some type conflicts.

2005-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: crt_list_import() now works with DER certificates
	(although only 1 can be imported).

2005-05-29  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-05-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2005-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c: [no log message]

2005-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c: correct the behaviour in DN parsing. Return the
	correct size when requested.

2005-05-28  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2005-05-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-05-28  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-05-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.2.4.

2005-05-28  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2005-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: print the correct issuer in verify_chain()

2005-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_anon.c, lib/auth_cert.c, lib/auth_dhe.c,
	lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
	lib/auth_srp_passwd.c, lib/auth_srp_rsa.c, lib/ext_srp.c,
	lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/gnutls_x509.c, lib/x509/pkcs12_bag.c,
	src/certtool.c: eliminated some warnings.

2005-05-26  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2005-05-26  Simon Josefsson <simon@josefsson.org>

	* config.rpath, doc/gendocs.sh: Update.

2005-05-26  Simon Josefsson <simon@josefsson.org>

	* AUTHORS, COPYING, COPYING.LIB, Makefile.am, NEWS, configure.in,
	crypto/Makefile.am, crypto/gc-libgcrypt.c, crypto/gc.h,
	crypto/pkcs5.c, crypto/test-gc.c, crypto/utils.c, crypto/utils.h,
	doc/Makefile.am, doc/fdl.texi, doc/gendocs.sh,
	doc/gendocs_template, includes/Makefile.am,
	includes/gnutls/extra.h, includes/gnutls/gnutls.h.in,
	includes/gnutls/openpgp.h, includes/gnutls/openssl.h,
	includes/gnutls/pkcs12.h, includes/gnutls/x509.h, lib/Makefile.am,
	lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
	lib/auth_srp.h, lib/auth_srp_passwd.c, lib/auth_srp_passwd.h,
	lib/auth_srp_rsa.c, lib/auth_srp_sb64.c, lib/debug.c, lib/debug.h,
	lib/defines.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
	lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_server_name.c,
	lib/ext_server_name.h, lib/ext_srp.c, lib/ext_srp.h,
	lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffer.h,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
	lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
	lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
	lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
	lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
	lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_priority.h,
	lib/gnutls_random.c, lib/gnutls_random.h, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session.c,
	lib/gnutls_session.h, lib/gnutls_session_pack.c,
	lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/io_debug.h, lib/memmem.c,
	lib/memmem.h, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/errors.c,
	lib/minitasn1/errors.h, lib/minitasn1/gstr.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c, lib/strfile.h, lib/x509/Makefile.am,
	lib/x509/common.c, lib/x509/common.h, lib/x509/compat.c,
	lib/x509/compat.h, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c, lib/x509/dn.h,
	lib/x509/dsa.c, lib/x509/dsa.h, lib/x509/extensions.c,
	lib/x509/extensions.h, lib/x509/mpi.c, lib/x509/mpi.h,
	lib/x509/pkcs12.c, lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
	lib/x509/privkey.c, lib/x509/privkey.h, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818.h, lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
	lib/x509/sign.h, lib/x509/verify.c, lib/x509/verify.h,
	lib/x509/x509.c, lib/x509/x509.h, lib/x509/x509_write.c,
	lib/x509/xml.c, lib/x509_b64.c, lib/x509_b64.h,
	libextra/Makefile.am, libextra/gnutls_extra.c,
	libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openssl.c, libextra/lzoconf.h, libextra/minilzo.c,
	libextra/minilzo.h, libextra/opencdk/armor.c,
	libextra/opencdk/cipher.c, libextra/opencdk/cipher.h,
	libextra/opencdk/compress.c, libextra/opencdk/context.h,
	libextra/opencdk/encrypt.c, libextra/opencdk/filters.h,
	libextra/opencdk/kbnode.c, libextra/opencdk/keydb.c,
	libextra/opencdk/keygen.c, libextra/opencdk/keylist.c,
	libextra/opencdk/keyserver.c, libextra/opencdk/main.c,
	libextra/opencdk/main.h, libextra/opencdk/md.c,
	libextra/opencdk/md.h, libextra/opencdk/misc.c,
	libextra/opencdk/new-packet.c, libextra/opencdk/opencdk.h,
	libextra/opencdk/packet.h, libextra/opencdk/plaintext.c,
	libextra/opencdk/pubkey.c, libextra/opencdk/read-packet.c,
	libextra/opencdk/seskey.c, libextra/opencdk/sig-check.c,
	libextra/opencdk/sign.c, libextra/opencdk/stream.c,
	libextra/opencdk/stream.h, libextra/opencdk/sym-cipher.c,
	libextra/opencdk/trustdb.c, libextra/opencdk/types.h,
	libextra/opencdk/verify.c, libextra/opencdk/write-packet.c,
	libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
	libextra/openpgp/privkey.c, libextra/openpgp/xml.c,
	libextra/openssl_compat.c, libextra/openssl_compat.h,
	src/Makefile.am, src/certtool-cfg.c, src/certtool.c, src/cli.c,
	src/common.c, src/crypt.c, src/list.h, src/prime.c, src/serv.c,
	src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c,
	tests/chain, tests/openssl.c, tests/pkcs12_neon, tests/pkits,
	tests/pkits_crl, tests/pkits_crt, tests/pkits_pkcs12,
	tests/pkits_smime, tests/simple.c, tests/utils.c, tests/utils.h: 
	Update FSF office address in license.

2005-05-26  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Update FSF office address in license.

2005-05-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-05-26  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/alloca_.h, gl/asnprintf.c, gl/error.c,
	gl/error.h, gl/getline.c, gl/getline.h, gl/getndelim2.c,
	gl/getndelim2.h, gl/getpass.c, gl/getpass.h, gl/m4/gnulib.m4,
	gl/m4/minmax.m4, gl/minmax.h, gl/printf-args.c, gl/printf-args.h,
	gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
	gl/snprintf.c, gl/snprintf.h, gl/stdbool_.h, gl/vasnprintf.c,
	gl/vasnprintf.h, gl/xsize.h: Update.

2005-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/certtool.1: [no log message]

2005-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-verify.c: improved the verification example.

2005-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/verify.c: Corrected a bug in
	certificate verification that could lead to a trusted certificate
	path to be marked as non-trusted, if it included the last
	self-signed certificate in the chain.

2005-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/ex-cert-select.c: [no log message]

2005-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, configure.in, doc/manpages/Makefile.am,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: Introduced to --fix-key option to certtool, which
	can be used to regenerate the (optional) parameters in a private
	key. It should be used together with --key-info.

2005-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-05-20  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc3546bis-01.txt: Add.

2005-05-20  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Typo.

2005-05-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Include defines.h before gnutls.h, to pull in
	config.h, to make sure memmem.h prototype memmem properly, from
	Yoann Vandoorselaere <yoann.v@prelude-ids.com>.

2005-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: removed unneeded gnutls_x509_crt_init().

2005-05-16  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc2246-bis-10.txt: Add.

2005-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: [no log message]

2005-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/pkcs12.c: corrected some things that
	could affect 64 bit machines.

2005-05-01  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Use gnutls/extra.h to get
	gnutls_openpgp_recv_key_func type.

2005-05-01  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/openpgp.h: Remove, defined in gnutls.h.

2005-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: added date

2005-04-28  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-04-27  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2005-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-04-27  Simon Josefsson <simon@josefsson.org>

	* configure.in: Revert fully, LT_CURRENT was also updated.  Sorry.

2005-04-27  Simon Josefsson <simon@josefsson.org>

	* configure.in: Revert partially, LT_AGE already incremented.

2005-04-27  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump versions.

2005-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: for the gnutls_cipher.c bug, that could cause denial of
	service

2005-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: increased age

2005-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, includes/gnutls/x509.h,
	lib/gnutls_rsa_export.c, lib/x509/privkey.c, src/certtool.c: 
	certtool can now fix the old RSA private keys. This is done by using
	the -k parameter.

2005-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c, lib/x509/x509.h: at the export phase, encode
	the key.

2005-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mpi.h, lib/x509/privkey.c, lib/x509/x509.h: corrected
	bugs in RSA key export.

2005-04-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: added an extra check while checking the
	padding.

2005-04-25  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-04-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.2.2.

2005-04-25  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Don't regenerate error_codes.texi when gnutls.h
	is newer, because it will always be, and this causes texinfo to be
	run on the manual.

2005-04-25  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Dist more.

2005-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c: some updates in the description of
	gnutls_alert_get()

2005-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c: gnutls_alert_send_appropriate() is no longer
	marked as deprecated.

2005-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: [no log message]

2005-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: [no log message]

2005-04-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2005-04-21  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_alert.c: Make it compile.

2005-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.h: [no log message]

2005-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.h, lib/gnutls_cert.c, lib/gnutls_session_pack.c,
	lib/gnutls_ui.c: some cleanups, and changes in the resuming code to
	avoid freeing non-allocated stuff.

2005-04-19  Simon Josefsson <simon@josefsson.org>

	* configure.in: Remove some warnings.

2005-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: some cleanups in certtool

2005-04-15  Simon Josefsson <simon@josefsson.org>

	* configure.in, includes/Makefile.am, includes/gnutls/Makefile.am: 
	Remove includes/gnutls/Makefile.am.  Fix includes/Makefile.am to
	compensate.

2005-04-15  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Remove gnutls_alert.h.

2005-04-15  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/Makefile.am: Add license.

2005-04-15  Simon Josefsson <simon@josefsson.org>

	* includes/Makefile.am: Simplify.  Add license.

2005-04-15  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/Makefile.am: Don't dist gnutls.h, it is generated.

2005-04-15  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/gnutls.h.in.in => includes/gnutls/gnutls.h.in: 
	Move lib/gnutls.h.in.in into includes/gnutls/gnutls.h.in.  Fix
	#warning about missing components, it didn't work in config.status.
	Simplify configure.ac wrt to gnutls.h.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add more warnings (likely to be trimmed later).

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h: Remove.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.h: Remove dupe definition.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.h.in.in: Revert.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.h.in.in: Moved from gnutls_mem.h.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_mem.h: Cleanup.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.h: Fix warning.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/main.c: Fix warning.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/auth_cert.c, lib/auth_srp_passwd.c, lib/gnutls_constate.c,
	lib/gnutls_v2_compat.c, lib/gnutls_x509.c, libextra/opencdk/main.c,
	libextra/opencdk/misc.c: Fix warning.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_hash_int.c, lib/gnutls_kx.c: Fix warning.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.c: Fix warnings.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_state.c, lib/gnutls_state.h: Fix
	warning.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/getpass.m4: Update.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_handshake.h: Cleanup.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/getline.m4, gl/m4/getpass.m4,
	gl/progname.c, gl/size_max.h, gl/vasnprintf.c: Update.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* configure.in: Improve warning CFLAGS.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: (_gnutls_x509_oid_data2string): Fix memory leak, tiny patch from
	Rupert Kittinger <rkit@mur.at>.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Make error_codes.texi build, after removing
	gnutls_errors_int.h.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_alert.c: Make it build.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/auth_srp.c, lib/ext_srp.c, lib/gnutls_alert.h,
	lib/gnutls_algorithms.h, lib/gnutls_handshake.c, lib/gnutls_kx.c,
	lib/gnutls_record.c: Simplify.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_auth_int.h, lib/gnutls_db.h: Cleanup.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* doc/README.CODING_STYLE, lib/Makefile.am, lib/gnutls_errors.h,
	lib/gnutls_errors_int.h: Simplify.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_ui.h: Remove. (Everything moved to gnutls.h.in.in.)

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h,
	lib/auth_cert.c, lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
	lib/auth_srp_rsa.c, lib/debug.c, lib/debug.h, lib/gnutls.h.in.in,
	lib/gnutls_alert.h, lib/gnutls_auth_int.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_dh.h, lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_mem.h, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_rsa_export.h, lib/gnutls_session.h, lib/gnutls_sig.h,
	lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
	lib/gnutls_x509.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/rfc2818_hostname.c, lib/x509/x509.c, lib/x509/x509.h,
	lib/x509/x509_write.c, libextra/openpgp/openpgp.h: Clean up #include
	situation, merge from gnutls_1_2_1_with_include_fixes.  Now
	lib/gnutls_int.h start by including gnutls/gnutls.h, to check
	prototypes during compile time.  More cleanups are expected.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Mention API/ABI changes more clearly.

2005-04-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2005-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c: Some fixes for
	AuthorityKeyIdentifier parsing. Suggested by Fabio.

2005-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: [no log message]

2005-04-12  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-rescorla-dtls-04.txt: Add.

2005-04-12  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-09.txt: Add.

2005-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/manpages/Makefile.am, lib/x509/common.c,
	lib/x509/common.h, lib/x509/dn.c, lib/x509/pkcs12.c: Fixed pkcs12
	friendly name and local key identifier decoding.

2005-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: print some more information for PKCS #12
	structures.

2005-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: [no log message]

2005-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/x509_write.c: [no log message]

2005-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c: return unexpected_message alert in the case of
	a handshake unexpected message.

2005-04-04  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2005-04-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2005-04-04  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_record.c: Doc fix, suggested by Nikos Mavrogiannopoulos
	<nmav@gnutls.org>.

2005-04-04  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-04-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.2.1.

2005-04-04  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_record.c: Doc fixes, adapted from suggestions by Martin
	Lambers <marlam@web.de>.

2005-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: added warning to libraries compiled with features
	disabled.

2005-04-02  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Fix.

2005-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: some more documentation fixes.

2005-03-29  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_record.c: Doc fix, reported by Martin Lambers
	<marlam@web.de>.

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: [no log message]

2005-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/x509.c, lib/x509/x509.h,
	src/certtool.c, src/cli.c: more improvments to
	gnutls_x509_crt_list_import()

2005-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/x509.c, lib/x509/x509.h,
	src/cli.c: improved gnutls_x509_crt_list_import().

2005-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool can now print certificate information in
	files containing multiple certificates.

2005-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: [no log message]

2005-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/x509/x509.c, src/cli.c: Added
	the function gnutls_x509_crt_list_import(). This is a convinience
	function to import many certificates with a single call.

2005-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/x509/x509_write.c: Added
	gnutls_x509_crt_set_extension_by_oid().

2005-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/crq.c: corrected bug in
	gnutls_crq_get_attribute_by_oid()

2005-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: fixed the library number.

2005-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls_hash_int.h, lib/x509/common.c,
	lib/x509/crq.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.h,
	lib/x509/xml.c, libextra/opencdk/opencdk.h: [no log message]

2005-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/x509/crq.c: Added the functions:     gnutls_x509_crq_get_attribute_by_oid() and     gnutls_x509_crq_set_attribute_by_oid().

2005-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_cert.h, lib/auth_dh_common.c,
	lib/auth_dh_common.h, lib/gnutls_auth.c, lib/gnutls_record.c,
	lib/gnutls_session_pack.c: eliminated some memory leaks caused by
	DHE and RSA-EXPORT ciphersuites. Thanks to Yoann Vandoorselaere for
	reporting them.

2005-03-18  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-srp-09.txt: Add.

2005-03-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-03-11  Simon Josefsson <simon@josefsson.org>

	* nettle/tests/Makefile.am: Dist testutils.{c,h}.

2005-03-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Flow.

2005-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c, libextra/openpgp/pgpverify.c,
	libextra/openssl_compat.c: some doc fixes.

2005-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: [no log message]

2005-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dsa.c, lib/x509/privkey.c: [no log message]

2005-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/x509/common.h, lib/x509/pkcs12.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.h: gnutls will now recognize
	the GOST signature and public key OIDs. However no support is
	planned.

2005-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c: added a check to test whether the DH secret is
	zero.

2005-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2005-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/x509/verify.c,
	lib/x509/verify.h: Improved the semantics of
	GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to allow only trusted Version 1
	CAs and introduced GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has
	the old semantics.

2005-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: test commit

2005-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: [no log message]

2005-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2005-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
	lib/gnutls_state.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/pkcs12.c, lib/x509/privkey.c, lib/x509/sign.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
	libextra/gnutls_openssl.c, src/certtool.c, src/cli.c, src/common.c,
	src/serv.c, src/tests.c: renamed all instances of _SHA to _SHA1 to
	make naming more consistent and clear.

2005-03-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-03-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2005-03-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Don't force -O2 -finline-functions.

2005-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa, src/prime.c: Added the option --get-dh-params to
	certtool, in order to get the included primes and generators

2005-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool.c: added warning when MD5 is being used.

2005-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2005-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_srp.c: added more strict checks for g,n

2005-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-salowey-tls-ticket-00.txt,
	doc/protocol/draft-salowey-tls-ticket-02.txt: new ticket

2005-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-02-24  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-psk-06.txt: Add.

2005-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: some modifications for gnutls_bye()
	semantics.

2005-02-22  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-rescorla-dtls-03.txt: Add.

2005-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/srptool.1: updated documentation for srptool.1

2005-02-12  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add -Wshadow for --enable-developer-mode.

2005-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_ui.c, lib/gnutls_ui.h: (gnutls_rsa_export_get_pubkey): Don't use reserved word "exp",
	reported by Neil Spring <nspring@cs.washington.edu>.

2005-02-12  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h, lib/x509/crl.c: (gnutls_x509_crl_get_crt_serial): Don't use reserved word "time",
	reported by Neil Spring <nspring@cs.washington.edu>.

2005-02-12  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: Fix last commit.

2005-02-12  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl.c: (gnutls_x509_crl_get_crt_serial): Don't use reserved word "index",
	reported by Neil Spring <nspring@cs.washington.edu>.

2005-02-12  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h: (gnutls_x509_crl_get_crt_serial): Don't use reserved word "index" in
	prototype, reported by Neil Spring <nspring@cs.washington.edu>.

2005-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: [no log message]

2005-02-06  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2005-02-06  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h: Protect for C++, tiny patch from Daniel
	Black <dragonheart@gentoo.org>.

2005-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Scan in lib/x509/ too, sources now
	fixed.

2005-02-06  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c: Doc fix.

2005-02-06  Simon Josefsson <simon@josefsson.org>

	* lib/x509/privkey.c, lib/x509/x509.c: Doc fix.

2005-02-06  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
	lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/x509.c: Doc fix.

2005-02-06  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Markup fixes.

2005-02-05  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2005-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-04.txt,
	doc/protocol/draft-ietf-tls-srp-07.txt: [no log message]

2005-01-31  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-lee-tls-seed-01.txt: Add.

2005-01-30  Simon Josefsson <simon@josefsson.org>

	* doc/README.CVS: Fix gtk-doc.

2005-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/xml.c: some
	changes for 64bit machines.

2005-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: [no log message]

2005-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/compat.c: these functions are not exported in the API
	documentation.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Don't use "devel" directory.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: Fix.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.2.0.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Make it compile.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* doc/gendocs_template: Add.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* doc/gendocs.sh, doc/gendocs_template: Update.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Fix gnutls-extra-api.texi.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Fix x509-api.texi.

2005-01-27  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix indices, suggested by Nikos.

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : converted the eps to pdf (using epstopdf), resulting in a better
	output in gnutls.pdf.

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: corrected types.

2005-01-26  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add, from Nikos.

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: [no log message]

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi, doc/manpages/Makefile.am,
	doc/protocol/draft-ietf-tls-openpgp-keys-05.txt: [no log message]

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.gaa: srptool has now
	the --version parameter.

2005-01-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-05.txt,
	doc/protocol/draft-ietf-tls-openpgp-keys-06.txt: Add.

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crypt.c: print version in srptool

2005-01-26  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2005-01-26  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crypt.c: [no log message]

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: --disable-extra-pki works again.

2005-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/auth_cert.c, lib/auth_cert.h, lib/auth_srp.h,
	lib/gnutls_algorithms.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_priority.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.h,
	libextra/gnutls_extra.c, libextra/gnutls_extra.h,
	libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.h: 
	Changes to make the --disable-* options work again.

2005-01-26  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2005-01-26  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Typo.

2005-01-26  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix license header.  Mention TLS 1.1 more.  Talk
	about TLS instead of TLS 1.0 in general.

2005-01-26  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/error.c, gl/gettext.h, gl/m4/alloca.m4,
	gl/m4/codeset.m4, gl/m4/eoverflow.m4, gl/m4/error.m4,
	gl/m4/getline.m4, gl/m4/getndelim2.m4, gl/m4/getpass.m4,
	gl/m4/gettext.m4, gl/m4/glibc21.m4, gl/m4/gnulib.m4,
	gl/m4/iconv.m4, gl/m4/intdiv0.m4, gl/m4/intmax.m4,
	gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
	gl/m4/inttypes_h.m4, gl/m4/isc-posix.m4, gl/m4/lcmessage.m4,
	gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lib-prefix.m4,
	gl/m4/longdouble.m4, gl/m4/longlong.m4, gl/m4/nls.m4, gl/m4/po.m4,
	gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/signed.m4,
	gl/m4/size_max.m4, gl/m4/snprintf.m4, gl/m4/ssize_t.m4,
	gl/m4/stdbool.m4, gl/m4/stdint_h.m4, gl/m4/strerror_r.m4,
	gl/m4/uintmax_t.m4, gl/m4/ulonglong.m4, gl/m4/vasnprintf.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/size_max.h: 
	Update.

2005-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-01-24  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/anonself.c, tests/chain,
	tests/openssl.c, tests/pkcs12_neon, tests/simple.c, tests/utils.c,
	tests/utils.h: Clean up license templates.

2005-01-24  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Clean up license templates.

2005-01-24  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in, doc/Makefile.am, lib/Makefile.am,
	lib/gnutls.pc.in, lib/x509/Makefile.am, lib/x509/common.h,
	lib/x509/compat.h, lib/x509/crq.h, lib/x509/dn.h, lib/x509/dsa.h,
	lib/x509/extensions.h, lib/x509/mpi.h, lib/x509/pkcs12.h,
	lib/x509/pkcs7.h, lib/x509/privkey.h, lib/x509/rfc2818.h,
	lib/x509/sign.h, lib/x509/verify.h, lib/x509/x509.h,
	libextra/Makefile.am, libextra/gnutls-extra.pc.in,
	libextra/gnutls_extra.h, libextra/openssl_compat.h: Clean up license
	templates.

2005-01-24  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.pc.in: Clean up license templates.

2005-01-24  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/gnutls_int_compat.c: Remove
	gnutls_int_compat.c (not used).

2005-01-24  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/auth_anon.h, lib/auth_cert.h,
	lib/auth_dh_common.h, lib/auth_srp.h, lib/auth_srp_passwd.h,
	lib/debug.h, lib/defines.h, lib/ext_cert_type.h,
	lib/ext_max_record.h, lib/ext_server_name.h, lib/ext_srp.h,
	lib/gnutls.h.in.in, lib/gnutls_alert.h, lib/gnutls_algorithms.h,
	lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffer.h,
	lib/gnutls_buffers.h, lib/gnutls_cert.h, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.h,
	lib/gnutls_compress_int.h, lib/gnutls_constate.h,
	lib/gnutls_datum.h, lib/gnutls_db.h, lib/gnutls_dh.h,
	lib/gnutls_errors.h, lib/gnutls_errors_int.h,
	lib/gnutls_extensions.h, lib/gnutls_global.h,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_kx.h, lib/gnutls_mem.h, lib/gnutls_mpi.h,
	lib/gnutls_num.h, lib/gnutls_pk.h, lib/gnutls_priority.h,
	lib/gnutls_random.h, lib/gnutls_record.h, lib/gnutls_rsa_export.h,
	lib/gnutls_session.h, lib/gnutls_session_pack.h, lib/gnutls_sig.h,
	lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.h,
	lib/gnutls_ui.h, lib/gnutls_v2_compat.h, lib/gnutls_x509.h,
	lib/io_debug.h, lib/strfile.h, lib/x509_b64.c, lib/x509_b64.h: Clean
	up license templates.

2005-01-24  Simon Josefsson <simon@josefsson.org>

	* lib/auth_anon.h, lib/auth_cert.h, lib/auth_dh_common.h,
	lib/auth_srp.h, lib/auth_srp_passwd.h, lib/debug.h, lib/defines.h,
	lib/ext_cert_type.h, lib/ext_max_record.h, lib/ext_server_name.h,
	lib/ext_srp.h, lib/gnutls_alert.h, lib/gnutls_algorithms.h,
	lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffer.h,
	lib/gnutls_buffers.h, lib/gnutls_cert.h, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.h,
	lib/gnutls_compress_int.h, lib/gnutls_constate.h,
	lib/gnutls_datum.h, lib/gnutls_db.h, lib/gnutls_dh.h,
	lib/gnutls_errors.h, lib/gnutls_errors_int.h,
	lib/gnutls_extensions.h, lib/gnutls_global.h,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_kx.h, lib/gnutls_mem.h, lib/gnutls_mpi.h,
	lib/gnutls_num.h, lib/gnutls_pk.h, lib/gnutls_priority.h,
	lib/gnutls_random.h, lib/gnutls_record.h, lib/gnutls_rsa_export.h,
	lib/gnutls_session.h, lib/gnutls_session_pack.h, lib/gnutls_sig.h,
	lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.h,
	lib/gnutls_ui.h, lib/gnutls_v2_compat.h, lib/gnutls_x509.h,
	lib/io_debug.h, lib/memmem.h, lib/strfile.h, lib/x509_b64.h: Clean
	up license templates.

2005-01-24  Simon Josefsson <simon@josefsson.org>

	* lib/debug.c, lib/ext_server_name.c: File is LGPL.

2005-01-22  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h, includes/gnutls/openpgp.h,
	includes/gnutls/openssl.h, includes/gnutls/pkcs12.h,
	includes/gnutls/x509.h: Clean up license templates.

2005-01-22  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
	libextra/openpgp/privkey.c, libextra/openpgp/xml.c,
	libextra/openssl_compat.c: Clean up license templates.

2005-01-22  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c, lib/x509/compat.c, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
	lib/x509/dsa.c, lib/x509/extensions.c, lib/x509/mpi.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
	lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_write.c, lib/x509/xml.c,
	libextra/gnutls_extra.c, libextra/gnutls_openpgp.c,
	libextra/gnutls_openssl.c, libextra/openssl_compat.c: Clean up
	license templates.

2005-01-22  Simon Josefsson <simon@josefsson.org>

	* lib/auth_anon.c, lib/auth_cert.c, lib/auth_dh_common.c,
	lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/auth_srp.c, lib/auth_srp_passwd.c, lib/auth_srp_rsa.c,
	lib/auth_srp_sb64.c, lib/debug.c, lib/ext_cert_type.c,
	lib/ext_max_record.c, lib/ext_server_name.c, lib/ext_srp.c,
	lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
	lib/gnutls_compress.c, lib/gnutls_compress_int.c,
	lib/gnutls_constate.c, lib/gnutls_datum.c, lib/gnutls_db.c,
	lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_mpi.c,
	lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
	lib/gnutls_priority.c, lib/gnutls_random.c, lib/gnutls_record.c,
	lib/gnutls_rsa_export.c, lib/gnutls_session.c,
	lib/gnutls_session.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
	lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_str.c,
	lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
	lib/x509_b64.c: Clean up license templates.

2005-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, src/certtool.c: some cleanups.

2005-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls.h.in.in,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/mpi.c,
	lib/x509/mpi.h, lib/x509/sign.c, lib/x509/sign.h,
	lib/x509/x509_write.c, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa: introduced
	gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and
	gnutls_x509_crl_sign2(). Also added the --hash option to certtool in
	order to be able to generate certificates signed with different hash
	algorithms.

2005-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls.h.in.in, lib/gnutls_handshake.c,
	lib/gnutls_int.h: changed the values of GNUTLS_PK_UNKNOWN and
	GNUTLS_SIGN_UNKNOWN to zero.

2005-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-01-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_int.h, lib/x509/common.c,
	lib/x509/common.h, lib/x509/x509.h: Simplified the algorithm to OID
	and vice versa functions, and added the RSA-RMD160 and the RMD160
	OID.

2005-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
	lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/x509.c: updated documentation

2005-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c: [no log message]

2005-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openssl_compat.c: These compatibility functions will no
	longer show up in the documentation.

2005-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-rescorla-dtls-00.txt =>
	draft-rescorla-dtls-02.txt}: updated dtls draft

2005-01-19  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: (ChangeLog): Add --tags.

2005-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: increased a buffer.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: (release): Fix.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.23.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix last commit better.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix client cert callback, to make X.509 client
	authentication work.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: (ChangeLog): Make it more like FSF format.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* .cvscopying: Add.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c, src/errcodes.c: Fix warning.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-01-18  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/errors.c,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/structure.c: Sync with
	libtasn1 0.2.13.

2005-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2005-01-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2005-01-15  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-hajjeh-tls-sign-00.txt: Add.

2005-01-15  Simon Josefsson <simon@josefsson.org>

	* doc/README.CVS: Fix.

2005-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: added a check in verbose
	mode to print the HTTPS server's name.

2005-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tls_test.c: [no log message]

2005-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2005-01-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: print RSA and DSA parameters in both certificates
	and private keys.

2005-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2005-01-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-01-07  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: (_gnutls_x509_data2hex): Make sure bin2hex will convert entire
	string first, because bin2hex will not return NULL any longer.

2005-01-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_constate.c: (_gnutls_set_keys): Use larger buffer, to hold entire hex output.
	Reported by Michael.Ringe@aachen.utimaco.de.

2005-01-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_kx.c: (generate_normal_master): Use larger buffer, to hold entire hex
	output.  Reported by Michael.Ringe@aachen.utimaco.de.

2005-01-07  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2005-01-07  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_str.c: (_gnutls_bin2hex): Return truncated string instead of NULL, to make
	it easier to use directly as a parameter to printf.  Reported by
	Michael.Ringe@aachen.utimaco.de.

2005-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2005-01-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2005-01-05  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2005-01-05  Simon Josefsson <simon@josefsson.org>

	* lib/x509/dn.c: (_gnutls_x509_parse_dn): Return buffer size, not string size, in
	*sizeof_buf.  Reported by Martin Lambers <marlam@web.de>.

2005-01-05  Simon Josefsson <simon@josefsson.org>

	* doc/README.CVS: Add gtk-doc URLs.

2005-01-05  Simon Josefsson <simon@josefsson.org>

	* doc/README.CVS: Fix gtk-doc stuff.

2004-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-12-30  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc3546bis-00.txt: Add.

2004-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2004-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-12-26  Simon Josefsson <simon@josefsson.org>

	* doc/README.CVS: Update.

2004-12-26  Simon Josefsson <simon@josefsson.org>

	* nettle/tests/.cvsignore: [no log message]

2004-12-26  Simon Josefsson <simon@josefsson.org>

	* nettle/Makefile.am, nettle/tests/md2-test.c: Add MD2.

2004-12-26  Simon Josefsson <simon@josefsson.org>

	* nettle/Makefile.am, nettle/{md5-compat.c => md2-meta.c},
	nettle/md2.c, nettle/{md5-compat.h => md2.h},
	nettle/tests/Makefile.am, nettle/tests/md5-compat-test.c: Remove
	md5-compat (not used).

2004-12-26  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2004-12-26  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c, crypto/gc.h: Add MD2 support, tiny patch
	from Martin Kostner.

2004-12-26  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/.cvsignore: [no log message]

2004-12-26  Simon Josefsson <simon@josefsson.org>

	* gl/alloca_.h, gl/progname.c, gl/progname.h: Update.

2004-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-12-17  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-psk-05.txt: Add.

2004-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: [no log message]

2004-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/pkcs12.c: [no log message]

2004-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: [no log message]

2004-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: corrected bug in gnutls_x509_set_time()

2004-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: some additions for certtool

2004-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/gnutls.texi: added documentation for the export/import to
	pkcs3 and pkcs1 formats for RSA and DH parameters.

2004-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509/verify.c, libextra/gnutls_openssl.c,
	src/certtool.c: Corrected bugs found by Marcin Garski
	<mgarski@post.pl>

2004-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-12-14  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Fix.

2004-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-12-09  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-kerb-01.txt: Add.

2004-12-09  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc2246-bis-09.txt: Add.

2004-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-12-07  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-ecc-07.txt: Add.

2004-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkix_asn1_tab.c, lib/x509/verify.c: The certificate
	chain verification function now checks certificates in the reverse
	order to minimize the resources spent. This has not be thoroughtly
	tested.

2004-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-29  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-psk-04.txt: Add.

2004-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c: corrected bug in parse_dn_oid(). Traced and
	reported by Pelle Johansson.

2004-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-23  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rfc3943.txt: Add.

2004-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-19  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_ui.c: Doc fix.

2004-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-17  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2004-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-16  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-psk-03.txt: Add.

2004-11-16  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2004-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/parser_aux.c, lib/minitasn1/structure.c: updated to
	the new libtasn1.

2004-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/extensions.c: [no log message]

2004-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/extensions.c: corrected CRL dist points handling.

2004-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/extensions.c: corrected a sigsegv when writing CRL
	distribution points. It does not work properly though.

2004-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-08  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-11-08  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Make private key optional in --to-p12, suggested
	by Fabian Fagerholm <fabbe@paniq.net>.

2004-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-04  Simon Josefsson <simon@josefsson.org>

	* crypto/gc.h: Cleanup.  Add PKs.

2004-11-04  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2004-11-04  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2004-11-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.22.

2004-11-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2004-11-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-11-04  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/Makefile.am: Need minitasn1 -I's.

2004-11-04  Simon Josefsson <simon@josefsson.org>

	* gl/getpass.c, gl/m4/getpass.m4: Update.

2004-11-04  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add link to PGP key.

2004-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Forgot a source file.

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Remove leftovers.

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/.cvsignore: Fix.

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am, libextra/opencdk/Makefile.am,
	libextra/openpgp/Makefile.am: Use convenience libraries for openpgp/
	and opencdk/.

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Use LDFLAGS instead of LIBADD, for
	$(LIBTASN1_LIBS).

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Simplify.

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Need libtasn1 for libgnutls-openssl.

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am: Add -I for alloca.h in gl (why wasn't
	this needed before?).

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2004-11-03  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-31  Simon Josefsson <simon@josefsson.org>

	* doc/reference/.cvsignore: [no log message]

2004-10-31  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls.types: Remove.

2004-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/decoding.c, lib/minitasn1/errors.c,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c: GTK-DOC fixes.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/openpgp.h: GTK-DOC fixes.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/x509/crl.c, lib/x509/x509_write.c: Doc fix.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/structure.c: GTK-DOC fix.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Editorial fixes.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* src/errcodes.c: Fix.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: No need for libgnutls-extra.vers.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Need libgc.la for libgnutls_openssl.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Add openssl self test.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* tests/openssl.c: Add.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/openssl.h: Declare MD_CTX.  Add MD5_DIGEST_LENGTH.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_openssl.c: Remove MD_CTX (should never have been
	here).

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/openssl.h, libextra/gnutls_openssl.c: Port openssl
	glue to generic crypto API.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* tests/simple.c: Fix.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Recurse into minitasn1/.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Remove libgnutls.vers.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Use AM_CPPFLAGS instead of obsoleted INCLUDES.
	Use only one of -Iminitasn1 or $(LIBTASN1_CFLAGS), depending on
	ENABLE_MINITASN1.  Link with minitasn1/libminitasn1.la, instead of
	building files here.  Don't use $(LIBTASN1_LIBS) unless
	ENABLE_MINITASN1.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am: Build library in this directory.

2004-10-30  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Put .la libraries in LIBADD, not LDFLAGS, as
	recommended.

2004-10-29  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/x509/Makefile.am: Build x509 files inside
	x509/, to avoid scattering *.o and *.lo for every file in x509/ in
	lib/.

2004-10-29  Simon Josefsson <simon@josefsson.org>

	* buildconf: Fix.

2004-10-29  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Remove SERV_LIBS (not used).

2004-10-29  Simon Josefsson <simon@josefsson.org>

	* configure.in: Use AS_HELP_STRING.  Remove SERV_LIBS (unused).
	Various indentation and cleanup.

2004-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-29  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2004-10-29  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in, lib/Makefile.am, lib/libgnutls.vers,
	libextra/Makefile.am, libextra/libgnutls-extra.vers: Replace GNU LD
	version script with Libtool -export-symbols-regex, tiny patch from
	Joe Orton <joe@manyfish.co.uk>.

2004-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/errors.c,
	lib/minitasn1/errors.h, lib/minitasn1/errors_int.h,
	lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c: Doc fixes,
	from Martijn Koster <mak@greenhills.co.uk>.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/structure.c: GTK-DOC fix.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* lib/ext_server_name.c, lib/gnutls_alert.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_db.c, lib/gnutls_handshake.c,
	lib/gnutls_priority.c, lib/gnutls_record.c, lib/gnutls_session.c,
	lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/gnutls_x509.c, lib/minitasn1/structure.c,
	libextra/gnutls_openpgp.c: Doc fix.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Reenable --sgml-mode.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Change struct-marker & to #, to align with
	modern GTK-DOC.  Improve texinfo and man output.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_int.h, lib/gnutls_ui.h, libextra/gnutls_openpgp.c,
	libextra/minilzo.c, libextra/openpgp/gnutls_openpgp.h, src/serv.c: 
	Indent.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* lib/auth_anon.h, lib/auth_cert.c, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
	lib/auth_srp_passwd.h, lib/ext_server_name.c,
	lib/ext_server_name.h, lib/ext_srp.h, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_compress_int.c, lib/gnutls_constate.c,
	lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_db.c,
	lib/gnutls_db.h, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_extensions.c,
	lib/gnutls_global.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_kx.h, lib/gnutls_mem.h, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/gnutls_random.c, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_rsa_export.c, lib/gnutls_session.h,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/memmem.c, lib/memmem.h,
	lib/x509/common.c, lib/x509/common.h, lib/x509/compat.c,
	lib/x509/compat.h, lib/x509/crl.c, lib/x509/crl_write.c,
	lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c, lib/x509/dn.h,
	lib/x509/dsa.h, lib/x509/extensions.c, lib/x509/extensions.h,
	lib/x509/mpi.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
	lib/x509/pkcs7.h, lib/x509/privkey.c, lib/x509/privkey.h,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/sign.h,
	lib/x509/verify.c, lib/x509/verify.h, lib/x509/x509.c,
	lib/x509/x509.h, lib/x509/x509_write.c, lib/x509_b64.c,
	libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openssl.c, libextra/lzoconf.h, libextra/minilzo.c,
	libextra/minilzo.h, libextra/openpgp/compat.c,
	libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
	libextra/openpgp/openpgp.h, libextra/openpgp/pgpverify.c,
	libextra/openssl_compat.c, libextra/openssl_compat.h,
	src/certtool-cfg.h, src/certtool.c, src/common.c, src/common.h,
	src/list.h, src/serv.c, src/tests.c, src/tests.h: Indent.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Add indent target.

2004-10-28  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am: Update.

2004-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* buildconf: Mention --enable-gtk-doc.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix release target for new GTK-DOC.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.21.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* buildconf: Run gtkdocize.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* doc/reference/.cvsignore: Rewrite.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.tmpl: Remove.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: Add
	opencdk and libtasn1 to GTK-DOC manual.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Rewrite, GTK-DOC from CVS (plus
	patches) seem to work reasonably well now.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls-docs.sgml: Add.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* lib/x509/common.c: Make it compile.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Dist *.p12.

2004-10-27  Simon Josefsson <simon@josefsson.org>

	* doc/reference/.cvsignore: [no log message]

2004-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12_encr.c: allow for NULL and empty passwords in
	pkcs12 string to key

2004-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12_encr.c: [no log message]

2004-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12_encr.c, lib/x509/privkey_pkcs8.c: [no log message]

2004-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: some minor fixes.

2004-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-25  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-25  Simon Josefsson <simon@josefsson.org>

	* configure.in: Move LIBS (i.e., -lz) to end of LIBGNUTLS_LIBS, to
	fix libgnutls*-config --libs output, reported by Yoann
	Vandoorselaere <yoann@prelude-ids.org>.

2004-10-25  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Revert to my own Makefile.am for now.

2004-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Resign PGP key.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Fix.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Fix.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Rewrite, align with upstream
	recommendations.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* doc/reference/gnutls.types: Add.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am, tests/pkcs12_neon: Add.  Test vectors from Joe
	Orton <joe@manyfish.co.uk>, by permission
	(<20041024155032.GB26275@manyfish.co.uk>).

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_x509.c: (gnutls_certificate_set_x509_trust): Fix memory bug, tiny patch by
	Aleix Conchillo Flaque <aleix@member.fsf.org>.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* lib/.cvsignore, libextra/.cvsignore: [no log message]

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, configure.in, lib/Makefile.am, lib/gnutls.pc.in,
	libextra/Makefile.am, libextra/gnutls-extra.pc.in: Add pkg-config
	meta files, suggested by Stéphane LOEUILLET
	<stephane.loeuillet@tiscali.fr>.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Generated.

2004-10-24  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, lib/libgnutls-config.in,
	libextra/libgnutls-extra-config.in: Add parameter --la-file to
	libgnutls-config and libgnutls-extra-config, tiny patch contributed
	by Joe Orton <joe@manyfish.co.uk>.

2004-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: print teletex strings if they contain only
	ASCII characters.

2004-10-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/dn.c: corrected bug in _gnutls_x509_get_dn_oid().

2004-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/common.c: [no log message]

2004-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c,
	lib/x509/dn.h: print the hex value of the name in certificates with
	unknown character sets.

2004-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/rfc2253.txt: added the LDAP string rfc.

2004-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, src/certtool.c: some fixes

2004-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsusers, AUTHORS: [no log message]

2004-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, lib/x509/common.c: Increased the
	precision in ASN.1 time to seconds from minutes.  In certificate
	names disallow non UTF8 strings such as UCS-2 and UCS-4.

2004-10-12  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2004-10-12  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2004-10-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.20.

2004-10-12  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-12  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump versions.

2004-10-12  Simon Josefsson <simon@josefsson.org>

	* gl/getpass.c, gl/snprintf.c, gl/snprintf.h: Update gnulib.

2004-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-07  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2004-10-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.19.

2004-10-07  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: (HIGNORE): Add.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Look for memmem, for lib/memmem.c test.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* gl/.cvsignore: [no log message]

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/alloca_.h, gl/asnprintf.c,
	gl/m4/alloca.m4, gl/m4/eoverflow.m4, gl/m4/gnulib.m4,
	gl/m4/intmax_t.m4, gl/m4/snprintf.m4, gl/m4/vasnprintf.m4,
	gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
	gl/printf-parse.h, gl/snprintf.c, gl/snprintf.h, gl/vasnprintf.c,
	gl/vasnprintf.h, gl/xsize.h: Add GNULib module, for missing snprintf
	on OSF1 V4.0, reported by Yoann Vandoorselaere
	<yoann@prelude-ids.org>.  Note that lib/ does not yet use it.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h, lib/gnutls_ui.h: (gnutls_certificate_verify_peers): Fix prototype.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h: Fix warning.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Don't use exit.h (not needed, EXIT_* is C89).

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* gl/exit.h, gl/m4/extensions.m4, gl/m4/gnulib.m4,
	gl/m4/unlocked-io.m4: Update Gnulib.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/memmem.m4,
	lib/Makefile.am, {gl => lib}/memmem.c, {gl => lib}/memmem.h: Don't
	link to gnulib in lib/ until issues are solved (see bug-gnulib).
	Move memmem from gl/ to lib/, since it is the only gnulib module
	lib/ needs.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-10-05  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/error.c, gl/getndelim2.c,
	gl/getpass.c, gl/m4/gnulib.m4, gl/m4/{memstr.m4 => memmem.m4},
	gl/memmem.c, gl/{memstr.h => memmem.h}, gl/memstr.c,
	gl/unlocked-io.h, lib/defines.h, lib/gnutls_x509.c, lib/x509_b64.c: 
	Update Gnulib.  Replace memstr with memmem, see continued discussion
	on bug-gnulib.

2004-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-10-04  Simon Josefsson <simon@josefsson.org>

	* : Add.

2004-10-01  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/compat.h: (gnutls_certificate_verify_peers): Add.

2004-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-09-30  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/{strnstr.m4
	=> memstr.m4}, gl/{strnstr.c => memstr.c}, gl/{strnstr.h =>
	memstr.h}, lib/defines.h, lib/gnutls_x509.c, lib/x509_b64.c: Replace
	strnstr with memstr.  See discussion on bug-gnulib list.

2004-09-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-09-29  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Link with gnulib.  Currently only minmax.h and
	strnstr are used, which are under LGPL.  The license templates in
	gl/ will be fixed as soon as gnulib-tool support combined GPL/LGPL
	projects.

2004-09-29  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/strnstr.m4,
	gl/minmax.h, gl/progname.c, gl/progname.h, gl/strnstr.c,
	gl/strnstr.h, lib/Makefile.am, lib/defines.h, lib/strnstr.c: Use
	strnstr from gnulib.  Gnulib sync.

2004-09-26  Simon Josefsson <simon@josefsson.org>

	* gl/minmax.h: Use version from Lesser GNULib.

2004-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-09-21  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2004-09-21  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am, libextra/opencdk/main.c: Use gnulib getpass
	in opencdk.

2004-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-09-19  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-rfc2818.c: Fix.

2004-09-19  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-rfc2818.c, doc/gnutls.texi: Add.

2004-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-09-17  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-09-17  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am, src/Makefile.am: Fix objdir != srcdir in -I,
	reported by "Gerrit P. Haase" <gp@familiehaase.de>.

2004-09-17  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Fix objdir != srcdir in -I, reported by "Gerrit
	P. Haase" <gp@familiehaase.de>.

2004-09-17  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2004-09-17  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/Makefile.am: Fix objdir != srcdir in -I, reported by
	"Gerrit P. Haase" <gp@familiehaase.de>.

2004-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-09-11  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-09-10  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: (load_cert): Fix crash in `certtool --to-p12 --load-privkey foo'.

2004-09-09  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/decoding.c: Sync with libtasn1 0.2.11.

2004-09-02  Simon Josefsson <simon@josefsson.org>

	* : New version, solve the S/MIME bugs I reported.  Downloaded from
	http://csrc.nist.gov/pki/testing/x509paths.html on 2004-09-03 with
	SHA1 ada0f267e0ff4eb16a0e19964cf518a833f00093.

2004-09-02  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2004-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-31  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-31  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2004-08-31  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cert.c, lib/x509/x509.c: Fix mem leak (tiny patch).
	From Simon Posnjak <simon.posnjak@cetrtapot.si>.

2004-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-27  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_state.c: Typo.

2004-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-26  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-srp-08.txt: Add.

2004-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Update.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h, lib/gnutls.h.in.in: Move remaining SRP
	functions to lib/.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h, lib/gnutls_anon_cred.c,
	lib/gnutls_dh_primes.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
	lib/gnutls_ui.h: Doc fix.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h, lib/gnutls_alert.c,
	libextra/gnutls_extra.c, libextra/gnutls_openpgp.c: Doc fix.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/Makefile.am: Hack to fix texinfo docs.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/extra.h, libextra/gnutls_openpgp.c: Fix
	prototypes.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Add.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: (release): Copy gtk-doc.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.h.in.in, lib/gnutls_global.c, lib/gnutls_ui.c,
	lib/gnutls_ui.h: Fix prototypes.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* doc/reference/Makefile.am: Clean more.

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_ui.h,
	lib/x509/pkcs12.c, lib/x509/privkey.c: Fix prototypes. (Unfinished,
	there should be a tool to do this...)

2004-08-25  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-psk-01.txt: Add.

2004-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* doc/TODO, doc/protocol/draft-badra-tls-express-00.txt,
	doc/protocol/draft-salowey-tls-ticket-00.txt: Add.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* NEWS, configure.in: Bump version.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.18.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* nettle/arctwo-meta.c, nettle/arctwo.c, nettle/arctwo.h,
	nettle/des-compat.c, nettle/des-compat.h, nettle/macros.h,
	nettle/nettle-meta.h, nettle/tests/arctwo-test.c,
	nettle/tests/des-compat-test.c, nettle/tests/md5-test.c,
	nettle/tests/testutils.c: Sync Nettle with CVS.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* nettle/Makefile.am: Build libnettle.la before self tests.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* configure.in, nettle/Makefile.am, nettle/knuth-lfib.c,
	nettle/knuth-lfib.h, nettle/tests/.cvsignore,
	nettle/tests/Makefile.am, nettle/tests/aes-test.c,
	nettle/tests/arcfour-test.c, nettle/tests/arctwo-test.c,
	nettle/tests/cbc-test.c, nettle/tests/des-compat-test.c,
	nettle/tests/des-test.c, nettle/tests/des3-test.c,
	nettle/tests/hmac-test.c, nettle/tests/knuth-lfib-test.c,
	nettle/tests/md4-test.c, nettle/tests/md5-compat-test.c,
	nettle/tests/md5-test.c, nettle/tests/run-tests,
	nettle/tests/sha1-test.c, nettle/tests/testutils.c,
	nettle/tests/testutils.h: Add Nettle self tests.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* doc/README.CVS: Add.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* doc/reference/.cvsignore: [no log message]

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* m4/gtk-doc.m4: Update.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* configure.in, doc/Makefile.am, doc/README.CVS,
	doc/reference/.cvsignore, doc/reference/Makefile.am,
	doc/reference/gnutls-docs.tmpl, m4/gtk-doc.m4: Generate GTK-DOC
	manuals (libextra/openpgp/ part doesn't work yet).

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_algorithms.c: Make gtk-doc happy.

2004-08-24  Simon Josefsson <simon@josefsson.org>

	* includes/gnutls/openssl.h, lib/gnutls.h.in.in: Make gtk-doc happy.

2004-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-23  Simon Josefsson <simon@josefsson.org>

	* src/cfg/platon/str/strdyn.c: Fix.  Reported by Dimitri
	Papadopoulos-Orfanos <papadopo@shfj.cea.fr>.

2004-08-23  Simon Josefsson <simon@josefsson.org>

	* configure.in: Check for ctype.h to shut up Sun CC warnings in
	src/cfg/shared.c.  Reported by Dimitri Papadopoulos-Orfanos
	<papadopo@shfj.cea.fr>.

2004-08-23  Simon Josefsson <simon@josefsson.org>

	* tests/chain: Fix.

2004-08-23  Simon Josefsson <simon@josefsson.org>

	* tests/pkits: Add.

2004-08-23  Simon Josefsson <simon@josefsson.org>

	* nettle/arctwo-meta.c, nettle/arctwo.c, nettle/arctwo.h,
	nettle/macros.h, nettle/nettle-meta.h: Update.

2004-08-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: ISO certify.

2004-08-23  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-23  Simon Josefsson <simon@josefsson.org>

	* m4/gc_random.m4: Fix.

2004-08-23  Simon Josefsson <simon@josefsson.org>

	* configure.in, m4/gc_random.m4: Move /dev/*random stuff to separate
	m4 file.

2004-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* AUTHORS: Add copying conditions, and PGP release key.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* README, THANKS: Add copying conditions.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add copying conditions.  Markup.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* tests/pkits_pkcs12, tests/pkits_smime: Typo.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/int.h: Bump version.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Remove stale -I.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/libtasn1.h: Bump version.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* configure.in: Need newer libtasn1.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* lib/minitasn1/decoding.c: Only apply BER indefinite logic when we
	have actually encountered BER indefinite lengths.  Pending upstream
	review.  Triggered by PKITS test case
	pkcs12/CPSPointerQualifierTest20EE.p12 (and others) as invoked by
	tests/pkits_pkcs12.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* tests/pkits_crl, tests/pkits_crt, tests/pkits_pkcs12,
	tests/pkits_smime: Fix.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: (print_certificate_info): Don't crash on large X.509 extensions
	(thanks to PKITS test suite).  Also output ASCII representation of
	printable extension data (some extension contain humanly readable
	strings).

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* tests/pkits_crl, tests/pkits_crt, tests/pkits_smime: Add.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: (smime_to_pkcs7): Make sure PKCS#7 output use LF EOL.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* tests/pkits_pkcs12: Add.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: (smime_to_pkcs7): Handle LF EOF.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Fix --password.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* : Add NIST's Public Key Interoperability Test Suite.  Taken from
	<http://csrc.nist.gov/pki/testing/x509paths.html>.
	c8b1230c34f175f0fe479692e65c7ecc04117dfc  PKITS_data.zip
	e823aa3a8ece752aa7211153312b364dc578e789  PKITS.pdf

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Handle different #include's for PKCS12
	functions.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* .cvsignore: [no log message]

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* configure.in: Want gzip too.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in: Use bz2.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* doc/scripts/gdoc: Support -include.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Add man pages for lib/x509/, libextra/,
	and libextra/openpgp/.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Add man pages for API.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/.cvsignore: [no log message]

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h,
	crypto/test-gc.c: Mem alloca stuff for libgcrypt.  Indent.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* crypto/.cvsignore, crypto/Makefile.am, crypto/test-gc.c,
	crypto/utils.c, crypto/utils.h: Add self test of generic crypto.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* crypto/pkcs5.c: Doc fix.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/gnutls.h.in.in: Revert ssize_t change.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/gnutls.h.in.in: Assume POSIX system (which we
	already do), so it has ssize_t.  Redefining ssize_t locally, if it
	doesn't exist, already handled by gnulib.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Simplify further.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Simplify further.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Move things from EXTRA_DIST, to improve
	dependency tracking.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Move things from EXTRA_DIST to *_SOURCES, to
	improve dependency tracking.  Simplify.

2004-08-22  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c: Fix warnings.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-nettle.c: Add checks.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/x509/Makefile.am: Remove pkcs5.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* lib/x509/pkcs5.c, lib/x509/pkcs5.h, lib/x509/privkey_pkcs8.c: 
	Replace PKCS5 with GC.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* crypto/Makefile.am, crypto/gc.h, crypto/pkcs5.c: Add pkcs5 stuff,
	replacing lib/x509/pkcs5.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* crypto/gc.h: Typo.

2004-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h: (gc_hmac_sha1): Add (for PKCS5 KDF).

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-nettle.c, nettle/arctwo-meta.c, nettle/arctwo.c,
	nettle/arctwo.h, nettle/nettle-meta.h: Change name of arctwo variant
	from 'pkcs12' to 'gutmann'.  Seems PKCS12 code uses pure rfc 2268
	(who uses the variant then?!).

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/rrc2.doc: Add.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* nettle/arctwo.c: Typo.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* nettle/arctwo.c: Support plain RFC 2268 too.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2004-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey.c: Corrected a memory leak. Patch got from debian
	bug report logs.  Reported by Modestas Vainius
	<geromanas@mailas.com>.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* nettle/arctwo.c: Fix.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* nettle/arctwo.c: Fix.

2004-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: corrected bug with generalTime ASN.1 encoding.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-nettle.c, nettle/Makefile.am, nettle/arctwo-meta.c,
	nettle/arctwo.c, nettle/arctwo.h, nettle/nettle-meta.h: Add arctwo.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* crypto/gc.h: (GC_SHA1_LEN): Add.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* lib/x509/pkcs12_encr.c: Fix.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* lib/x509/pkcs12_encr.c: Use gc.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h: (gc_hash_buffer): Add.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* tests/chain: Cleanup.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* tests/chain: Add CRL's.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* NEWS, tests/Makefile.am, tests/anonself.c: Add.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add examples.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* doc/examples/.cvsignore: [no log message]

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client2.c, doc/examples/ex-serv1.c: Doc fix.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-client1.c, doc/examples/ex-serv-anon.c: Add.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Markup.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* configure.in: Enable gnits in automake.

2004-08-21  Simon Josefsson <simon@josefsson.org>

	* configure.in: Allow AC_PROG_CC to modify CFLAGS (why not?).  Don't
	check for install (handled by automake).

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* configure.in: Simplify shared library versioning.

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* libextra/gnutls_extra.c: Use automake VERSION.

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am, libextra/opencdk/armor.c: Fix version
	number.

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: Use automake VERSION instead of
	GNUTLS_VERSION.

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* configure.in: Use modern AC_INIT.  Remove GNUTLS_*VERSION.
	Separate libtool versioning from package versioning.

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Remove, all are dist'ed by automake automatically.

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* configure.in: Typo.

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* lib/defines.h: Remove size_t, time_t, ptrdiff_t definitions.

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* configure.in: Assume time_t and ptrdiff_t (ANSI C89).

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.h.in.in: Assume time_t is in time.h (ANSI C89).

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/gnutls.h.in.in: Assume size_t is in stddef.h
	(C89).

2004-08-20  Simon Josefsson <simon@josefsson.org>

	* configure.in: (T_CPU, T_VENDOR, T_OS): Remove (unused).

2004-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-18  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2004-08-18  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.17.

2004-08-18  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix, suggested by Stepan Kasal <kasal@ucw.cz>.

2004-08-18  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_mpi.h: Reorder, to get config.h included before
	gcrypt.h.

2004-08-18  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Revert.

2004-08-18  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix example indentation.

2004-08-18  Simon Josefsson <simon@josefsson.org>

	* nettle/Makefile.am: Don't dist nettle-types.h.

2004-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-17  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h: Add
	one-call interface.

2004-08-17  Simon Josefsson <simon@josefsson.org>

	* src/cli.c: Fix mem leak.

2004-08-17  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pk.c: Typo.

2004-08-17  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS: Add.

2004-08-17  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_pk.c: Simplify computation of PKCS#1 version 1.5 type 2
	non-zero pad bytes, reported by Robey Pointer <robey@danger.com>.

2004-08-17  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/minmax.h,
	lib/Makefile.am, lib/auth_srp_passwd.c, lib/ext_srp.c,
	lib/gnutls_buffers.c, lib/gnutls_num.h, lib/gnutls_pk.c,
	lib/gnutls_str.c, lib/x509/dn.c, lib/x509/pkcs12.c,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
	libextra/Makefile.am: Use minmax.h from gnulib instead of GMIN/GMAX.

2004-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Oops, revert DES, not supported.

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* src/common.c: Support AES-256 and DES in --ciphers too.

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* NEWS, README: Fix.

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* README: Add.

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h: Indent.

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-nettle.c: Fix.

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Move hashing to
	generic crypto API.  Implement hashing for nettle/libgcrypt in
	generic crypto API.

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* configure.in, crypto/gc-libgcrypt.c, crypto/gc-nettle.c,
	crypto/gc.h, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_random.c, lib/gnutls_random.h: Move randomness calls to
	generic crypto API.  Implement randomness for libgcrypt and nettle
	wrappers.

2004-08-16  Simon Josefsson <simon@josefsson.org>

	* gl/Makefile.am, gl/m4/gnulib.m4: Update.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-nettle.c: Doc fix.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Typo.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-nettle.c: Implement.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c: Reorder.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* crypto/gc.h: Add.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* nettle/nettle-meta.h: Add des(3).

2004-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in, crypto/gc-nettle.c,
	m4/ax_create_stdint_h.m4, nettle/.cvsignore, nettle/Makefile.am,
	nettle/aes-decrypt-table.c, nettle/aes-decrypt.c,
	nettle/aes-encrypt-table.c, nettle/aes-encrypt.c,
	nettle/aes-internal.h, nettle/aes-meta.c,
	nettle/aes-set-decrypt-key.c, nettle/aes-set-encrypt-key.c,
	nettle/aes.c, nettle/aes.h, nettle/arcfour-crypt.c,
	nettle/arcfour-meta.c, nettle/arcfour.c, nettle/arcfour.h,
	nettle/cbc.c, nettle/cbc.h, nettle/des-compat.c,
	nettle/des-compat.h, nettle/des.c, nettle/des.h, nettle/des3.c,
	nettle/desCode.h, nettle/descore.README, nettle/desinfo.h,
	nettle/hmac-md5.c, nettle/hmac-sha1.c, nettle/hmac.c,
	nettle/hmac.h, nettle/keymap.h, nettle/macros.h,
	nettle/md5-compat.c, nettle/md5-compat.h, nettle/md5-meta.c,
	nettle/md5.c, nettle/md5.h, nettle/memxor.c, nettle/memxor.h,
	nettle/nettle-internal.c, nettle/nettle-internal.h,
	nettle/nettle-meta.h, nettle/parity.h, nettle/rotors.h,
	nettle/sha.h, nettle/sha1-compress.c, nettle/sha1-meta.c,
	nettle/sha1.c: Add Nettle.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* crypto/gc-libgcrypt.c, lib/gnutls_cipher_int.c,
	lib/gnutls_global.c: Fix warnings.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_cipher_int.c: Fix.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in, crypto/.cvsignore, crypto/Makefile.am,
	crypto/gc-libgcrypt.c, crypto/gc.h, lib/Makefile.am,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_errors_int.h, lib/gnutls_global.c, lib/gnutls_mpi.h,
	libextra/Makefile.am: Initiate move of all libgcrypt calls to
	crypto/gc* wrapper.  Currently only encryption/decryption goes
	through generic API.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: (release): Fix tag name.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/getpass.c, gl/getpass.h,
	gl/m4/getpass.m4, gl/m4/gnulib.m4, gl/m4/stdbool.m4, gl/stdbool_.h,
	src/Makefile.am, src/certtool-cfg.c, src/certtool.c, src/crypt.c,
	src/getpass.c, src/getpass.h: Replace ad-hoc 'read_pass' with gnulib
	module 'getpass-gnu'.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Improve markup.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* src/errcodes.c: Fix.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Use @finalout, to avoid ugly black boxes.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fixes.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
	doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
	doc/examples/ex-client2.c, doc/examples/ex-crq.c,
	doc/examples/ex-pkcs12.c, doc/examples/ex-serv-export.c,
	doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
	doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
	doc/examples/ex-verify.c, doc/examples/ex-x509-info.c: Indent.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: (release): Abort if tag exists.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: (release): Fix tag name.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.16.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* gl/.cvsignore: [no log message]

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* src/certtool.c: Use progname.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/progname.c, gl/progname.h: Add
	progname gnulib module.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Fix -I's, for srcdir != objdir builds (e.g.,
	'make distcheck').

2004-08-15  Simon Josefsson <simon@josefsson.org>

	* configure.in, lib/Makefile.am, libextra/Makefile.am,
	src/Makefile.am: Fix -I's, for srcdir != objdir builds (e.g., 'make
	distcheck').

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am: Link gnulib.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: (release): Fix.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.15.

2004-08-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS: Reorder.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* config.rpath: Add, needed by gnulib.  When we support gettext,
	this will be generated.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* src/certtool-gaa.c, src/certtool-gaa.h: Generated.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* NEWS, src/Makefile.am, src/certtool.c, src/certtool.gaa: Add
	--smime-to-p7.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* configure.in, gl/Makefile.am, gl/error.c, gl/error.h, gl/exit.h,
	gl/gettext.h, gl/m4/codeset.m4, gl/m4/error.m4, gl/m4/gettext.m4,
	gl/m4/glibc21.m4, gl/m4/gnulib.m4, gl/m4/iconv.m4,
	gl/m4/intdiv0.m4, gl/m4/intmax.m4, gl/m4/inttypes-pri.m4,
	gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/isc-posix.m4,
	gl/m4/lcmessage.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/longdouble.m4, gl/m4/longlong.m4,
	gl/m4/nls.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
	gl/m4/progtest.m4, gl/m4/signed.m4, gl/m4/size_max.m4,
	gl/m4/stdint_h.m4, gl/m4/strerror_r.m4, gl/m4/uintmax_t.m4,
	gl/m4/ulonglong.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4,
	gl/m4/xsize.m4: Add error and exit gnulib modules.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* gl/.cvsignore: [no log message]

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add gl/Makefile.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Recurse into gl/.

2004-08-14  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, configure.in, gl/Makefile.am, gl/getline.c,
	gl/getline.h, gl/getndelim2.c, gl/getndelim2.h,
	gl/m4/extensions.m4, gl/m4/getline.m4, gl/m4/getndelim2.m4,
	gl/m4/gnulib.m4, gl/m4/onceonly_2_57.m4, gl/m4/ssize_t.m4,
	gl/m4/unlocked-io.m4, gl/unlocked-io.h: Set up GnuTLS to use gnulib
	for portability files.  Initially only adding "getline", I will need
	it for S/MIME parsing.

2004-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-12  Simon Josefsson <simon@josefsson.org>

	* tests/chain: Be nicer.

2004-08-12  Simon Josefsson <simon@josefsson.org>

	* tests/.cvsignore: [no log message]

2004-08-12  Simon Josefsson <simon@josefsson.org>

	* tests/chain: Add.

2004-08-12  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-badra-tls-key-exchange-00.txt: Add.

2004-08-12  Simon Josefsson <simon@josefsson.org>

	* : Add NIST X.509 Path Validation Test Suite, Version 1.07.  See
	http://csrc.nist.gov/pki/testing/x509paths_old.html.  Taken from
	http://csrc.nist.gov/pki/testing/x509tests.tgz, with MD5sum
	5e6c15b7920e33a3e171258828c980f5.

2004-08-11  Simon Josefsson <simon@josefsson.org>

	* doc/protocol/draft-ietf-tls-rfc2246-bis-08.txt: Add.

2004-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-11  Simon Josefsson <simon@josefsson.org>

	* configure.in: Typo.

2004-08-11  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix direntry.

2004-08-11  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2004-08-11  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/gnutls-cli.1: Update.

2004-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-10  Simon Josefsson <simon@josefsson.org>

	* m4/autobuild.m4: Update.

2004-08-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-10  Simon Josefsson <simon@josefsson.org>

	* libextra/opencdk/keyserver.c: Need sys/types.h, for FreeBSD 4.10.

2004-08-10  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-10  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: (release): Remove ChangeLog stuff.

2004-08-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2004-08-10  Simon Josefsson <simon@josefsson.org>

	* configure.in: If socklen_t doesn't exist, use size_t (needed for
	Darwin).

2004-08-10  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Add.

2004-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-09  Simon Josefsson <simon@josefsson.org>

	* configure.in: Move AB_INIT to where it actually works.

2004-08-09  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: [no log message]

2004-08-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.14.

2004-08-09  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Add release target.

2004-08-09  Simon Josefsson <simon@josefsson.org>

	* NEWS, THANKS, configure.in, m4/autobuild.m4: Add.

2004-08-09  Simon Josefsson <simon@josefsson.org>

	* NEWS: Add.

2004-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-07  Simon Josefsson <simon@josefsson.org>

	* THANKS: Add.

2004-08-07  Simon Josefsson <simon@josefsson.org>

	* tests/Makefile.am: Typo, reported by Michael Heironimus
	<mkh01@earthlink.net>.

2004-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-06  Simon Josefsson <simon@josefsson.org>

	* NEWS: Terminology consistency.

2004-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* tests/simple.c: Fix warning.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am, lib/x509/Makefile.am, libextra/Makefile.am,
	libextra/openpgp/Makefile.am: Remove *.tex stuff.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/manpages/Makefile.am: Simplify.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am, src/retcodes.c: Remove retcodes.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Fix last commit.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* configure.in, doc/Makefile.am, doc/examples/Makefile.am,
	doc/{tex/ex-alert.tex => examples/ex-alert.c},
	doc/{tex/ex-cert-select.tex => examples/ex-cert-select.c},
	doc/{tex/ex-client-resume.tex => examples/ex-client-resume.c},
	doc/{tex/ex-client-srp.tex => examples/ex-client-srp.c},
	doc/{tex/ex-client2.tex => examples/ex-client2.c},
	doc/{tex/ex-crq.tex => examples/ex-crq.c}, doc/{tex/ex-pkcs12.tex
	=> examples/ex-pkcs12.c}, doc/{tex/ex-serv-export.tex =>
	examples/ex-serv-export.c}, doc/{tex/ex-serv-pgp.tex =>
	examples/ex-serv-pgp.c}, doc/{tex/ex-serv-srp.tex =>
	examples/ex-serv-srp.c}, doc/{tex/ex-serv1.tex =>
	examples/ex-serv1.c}, doc/{tex/ex-session-info.tex =>
	examples/ex-session-info.c}, doc/{tex/ex-verify.tex =>
	examples/ex-verify.c}, doc/{tex/ex-x509-info.tex =>
	examples/ex-x509-info.c}, doc/scripts/Makefile.am,
	doc/scripts/sort1.pl, doc/tex/.cvsignore, doc/tex/Makefile.am,
	doc/tex/alert.tex, doc/tex/appendix.tex, doc/tex/auth.tex,
	doc/tex/callbacks.tex, doc/tex/cert_auth.tex,
	doc/tex/certificate.tex, doc/tex/ciphers.tex,
	doc/tex/ciphersuites.tex, doc/tex/compression.tex,
	doc/tex/cover.tex.in, doc/tex/errors.tex, doc/tex/examples.tex,
	doc/tex/fdl.tex, doc/tex/funcs.tex, doc/tex/gnutls-logo.ps,
	doc/tex/gnutls.bib, doc/tex/gnutls.tex, doc/tex/handshake.tex,
	doc/tex/howto.tex, doc/tex/internals.eps, doc/tex/layers.eps,
	doc/tex/layers.tex, doc/tex/library.tex, doc/tex/macros.tex,
	doc/tex/memory.tex, doc/tex/openssl.tex, doc/tex/pgp-fig1.eps,
	doc/tex/pgpcert.xml.tex, doc/tex/preface.tex,
	doc/tex/preparation.tex, doc/tex/programs.tex, doc/tex/record.tex,
	doc/tex/record_weaknesses.tex, doc/tex/srp.tex,
	doc/tex/supported_ciphersuites.tex, doc/tex/tls_extensions.tex,
	doc/tex/tlsintro.tex, doc/tex/translayer.tex, doc/tex/x509-1.eps,
	doc/tex/x509cert.xml.tex: Remove old manual.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* configure.in, doc/gnutls.texi: Fix copyright.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* buildconf, doc/README.CVS: Revert.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* NEWS: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/TODO: Done.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/README.CVS: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Save gnutls.bib.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix deps.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Reorder.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix HTML.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gendocs.sh, doc/gendocs_template, doc/gnutls-logo.eps: Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add logo.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix image size.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Fix deps.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Build more.  Dist ps/pdf/html.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* : Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/.cvsignore: [no log message]

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/gnutls.texi, doc/scripts/sort2.pl: Add
	Texinfo API documentation.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* libextra/openpgp/Makefile.am: Build pgp-api.texi.  Dist
	pgp-api.tex{,i}.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/.cvsignore, lib/.cvsignore, lib/x509/.cvsignore,
	libextra/.cvsignore, libextra/openpgp/.cvsignore: [no log message]

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* libextra/Makefile.am: Build gnutls-extra-api.texi.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* lib/Makefile.am: Build gnutls-api.texi.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* lib/x509/Makefile.am: Build x509-api.texi.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls.h.in.in: (gnutls_is_secure_function): Add.  (gnutls_global_set_mem_functions): Use it.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_global.c: (gnutls_global_set_mem_functions): Use typedefs in prototype, for
	gdoc.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* lib/gnutls_mem.h: (gnutls_is_secure_function): Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Dist more.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* NEWS, doc/internals.eps, doc/layers.eps, doc/pgp1.eps,
	doc/x509-1.eps: Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/.cvsignore: [no log message]

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi, src/errcodes.c: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add error_codes.texi.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* src/errcodes.c: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am: Build error_codes.texi using errcodes.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* src/Makefile.am, src/errcodes.c: (errcodes): Add, same as retcodes, but for texinfo.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* src/.cvsignore: [no log message]

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Fix.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/.cvsignore: [no log message]

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2004-08-05  Simon Josefsson <simon@josefsson.org>

	* doc/gnutls.texi: Add.

2004-08-04  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, acinclude.m4, libgcrypt.m4 => m4/libgcrypt.m4,
	libtasn1.m4 => m4/libtasn1.m4, opencdk.m4 => m4/opencdk.m4: Move
	*.m4's to m4/.

2004-08-04  Simon Josefsson <simon@josefsson.org>

	* buildconf: Simplify.

2004-08-04  Simon Josefsson <simon@josefsson.org>

	* configure.in: Add copying condition.  Remove useless prefix
	setting.

2004-08-04  Simon Josefsson <simon@josefsson.org>

	* buildconf, configure.in: Don't use maintainer mode (see Autoconf
	manual for rationale).

2004-08-04  Simon Josefsson <simon@josefsson.org>

	* doc/Makefile.am, doc/fdl.texi, doc/gnutls.texi: Start Texinfo
	manual.

2004-08-04  Simon Josefsson <simon@josefsson.org>

	* doc/.cvsignore: [no log message]

2004-08-04  Simon Josefsson <simon@josefsson.org>

	* ChangeLog: ChangeLog

2004-08-04  Simon Josefsson <simon@josefsson.org>

	* Makefile.am: Fix cvs2cl target.

2004-08-04  Simon Josefsson <simon@josefsson.org>

	* NEWS: Version 1.1.13.

2004-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-08-02  Simon Josefsson <simon@josefsson.org>

	* .cvsusers: Fix.

2004-08-02  Simon Josefsson <simon@josefsson.org>

	* configure.in: Bump version.

2004-08-02  Simon Josefsson <simon@josefsson.org>

	* Makefile.am, NEWS, configure.in, tests/Makefile,
	tests/Makefile.am, tests/simple.c, tests/utils.c, tests/utils.h: Add
	(start of) self test suite.

2004-08-02  Simon Josefsson <simon@josefsson.org>

	* .cvsignore, doc/examples/.cvsignore, doc/manpages/.cvsignore,
	doc/tex/.cvsignore, includes/.cvsignore,
	includes/gnutls/.cvsignore, libextra/.cvsignore,
	libextra/opencdk/.cvsignore, libextra/openpgp/.cvsignore,
	src/.cvsignore, src/cfg/.cvsignore, src/cfg/platon/.cvsignore,
	src/cfg/platon/str/.cvsignore, src/openpgp/.cvsignore,
	tests/.cvsignore: Ignore more.

2004-08-02  Simon Josefsson <simon@josefsson.org>

	* buildconf: Use autoreconf.

2004-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/gnutls_cert.c, lib/gnutls_srp.c,
	lib/gnutls_srp.h: _gnutls_calc_srp_u() has been modified to be
	better.

2004-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2004-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_int.h: [no log message]

2004-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: print the number of bits of the public key in a
	certificate.

2004-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/examples.tex: [no log message]

2004-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/auth_cert.h, lib/gnutls.h.in.in,
	lib/gnutls_cert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_int.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, libextra/gnutls_extra.h,
	libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/gnutls_openpgp.h: Added some default limits in the
	verification of certificate chains, to avoid denial of service
	attacks. Also added gnutls_certificate_set_verify_limits() to
	override them.

2004-07-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-cert-select.tex, lib/gnutls_cert.c: corrected
	documentation.

2004-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: [no log message]

2004-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/extra.h, lib/Makefile.am, {libextra =>
	lib}/auth_srp.c, {libextra => lib}/auth_srp.h, {libextra =>
	lib}/auth_srp_passwd.c, {libextra => lib}/auth_srp_passwd.h,
	{libextra => lib}/auth_srp_rsa.c, {libextra =>
	lib}/auth_srp_sb64.c, {libextra => lib}/ext_srp.c, {libextra =>
	lib}/ext_srp.h, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_extensions.c, {libextra => lib}/gnutls_srp.c, {libextra
	=> lib}/gnutls_srp.h, libextra/Makefile.am,
	libextra/gnutls_extra.c, libgcrypt.m4, opencdk.m4: SRP ciphersuites
	were moved to the gnutls (lgpl) library.

2004-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2004-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsusers: added Simon

2004-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, libextra/gnutls_openpgp.c,
	libextra/openpgp/extras.c, libextra/openpgp/pgp.c,
	libextra/openpgp/privkey.c, libextra/openpgp/xml.c: [no log message]

2004-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, libextra/auth_srp.c, libextra/gnutls_srp.c,
	libextra/gnutls_srp.h: * Updated the SRP authentication to conform to the   latest (yet unreleased) draft. Unfortunately this breaks   compatibility with previous versions.

2004-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/minitasn1/Makefile.am, lib/x509/Makefile.am,
	libextra/Makefile.am, libextra/opencdk/Makefile.am,
	libextra/openpgp/Makefile.am, libextra/openpgp/{openpgp.c =>
	pgp.c}, libextra/openpgp/{verify.c => pgpverify.c}: avoid using
	libtool's convenience libraries since they are buggy and cause
	conflicts in linking.

2004-07-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/opencdk/encrypt.c, libextra/opencdk/main.c,
	libextra/opencdk/misc.c: removed the malloc.h include.

2004-07-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-compression-07.txt => rfc3749.txt},
	doc/tex/gnutls.bib: added the tls compression rfc.

2004-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cert_auth.tex: [no log message]

2004-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2004-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2004-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c, lib/gnutls_x509.c, lib/x509/x509.c: eliminated
	some memory leaks. Reported by Yoann Vandoorselaere
	<yoann@prelude-ids.org>.

2004-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-ssl-mods-00.txt: added
	draft-ietf-tls-ssl-mods

2004-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/Makefile.am: [no log message]

2004-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2004-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c, libextra/auth_srp.h,
	libextra/auth_srp_passwd.c, libextra/gnutls_srp.c: Do not free the
	SRP (n/g) parameters from the callback if they are the static ones
	defined in extra.h

2004-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/auth_anon.h, lib/auth_cert.h,
	lib/auth_dh_common.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_record.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/gnutls_x509.c, libextra/gnutls_openpgp.c,
	libextra/openpgp/verify.c, src/serv.c: The ephemeral DH and RSA
	parameters are no longer stored in the session resume DB. This saves
	space, but will cause resumed sessions not to be able to access the
	original session parameters (which is ok).

2004-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Reject hello packets with major version
	higher than 3.

2004-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/x509/ca.pem, src/x509/cert-dsa.pem, src/x509/cert.pem,
	src/x509/clicert-dsa.pem, src/x509/clicert.pem,
	src/x509/key-dsa.pem, src/x509/key.pem: added some new certificates.

2004-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, includes/gnutls/x509.h, lib/x509/verify.c,
	lib/x509/verify.h, libextra/gnutls_srp.c, libextra/openpgp/verify.c: * Corrected a bug in certificate verification. Pointed out by   Yoann Vandoorselaere <yoann@prelude-ids.org> * Added the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flags to the   verification functions.

2004-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/gnutls.bib, doc/tex/tlsintro.tex: 
	added links to gpgme and to Rescola's book.

2004-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c: Corrected bug in PKCS #1 encryption.

2004-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/TODO, doc/tex/auth.tex,
	doc/tex/certificate.tex, doc/tex/ex-alert.tex,
	doc/tex/ex-cert-select.tex, doc/tex/ex-client-resume.tex,
	doc/tex/ex-client-srp.tex, doc/tex/ex-client2.tex,
	doc/tex/ex-crq.tex, doc/tex/ex-pkcs12.tex,
	doc/tex/ex-serv-export.tex, doc/tex/ex-serv-pgp.tex,
	doc/tex/ex-serv-srp.tex, doc/tex/ex-serv1.tex,
	doc/tex/ex-session-info.tex, doc/tex/ex-verify.tex,
	doc/tex/ex-x509-info.tex, includes/Makefile.am,
	includes/gnutls/Makefile.am, includes/gnutls/compat.h,
	includes/gnutls/extra.h, includes/gnutls/openpgp.h,
	includes/gnutls/openssl.h, includes/gnutls/pkcs12.h,
	includes/gnutls/x509.h, lib/auth_anon.c, lib/auth_anon.h,
	lib/auth_cert.c, lib/auth_cert.h, lib/auth_dh_common.c,
	lib/auth_dh_common.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/debug.c, lib/debug.h,
	lib/ext_cert_type.c, lib/ext_cert_type.h, lib/ext_max_record.c,
	lib/ext_max_record.h, lib/ext_server_name.c, lib/ext_server_name.h,
	lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_alert.h,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_auth_int.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_compress_int.c,
	lib/gnutls_compress_int.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mpi.c,
	lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_priority.c, lib/gnutls_priority.h, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session.c,
	lib/gnutls_session.h, lib/gnutls_session_pack.c,
	lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_str.c,
	lib/gnutls_str.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
	lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/x509/common.c, lib/x509/common.h,
	lib/x509/compat.c, lib/x509/compat.h, lib/x509/crl.c,
	lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/crq.h,
	lib/x509/dn.c, lib/x509/extensions.c, lib/x509/extensions.h,
	lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/pkcs12.c,
	lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
	lib/x509/pkcs7.h, lib/x509/privkey.c, lib/x509/privkey.h,
	lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
	lib/x509/sign.c, lib/x509/sign.h, lib/x509/verify.c,
	lib/x509/verify.h, lib/x509/x509.c, lib/x509/x509.h,
	lib/x509/x509_write.c, lib/x509/xml.c, lib/x509_b64.c,
	libextra/auth_srp.c, libextra/auth_srp.h,
	libextra/auth_srp_passwd.c, libextra/auth_srp_passwd.h,
	libextra/auth_srp_rsa.c, libextra/auth_srp_sb64.c,
	libextra/ext_srp.c, libextra/ext_srp.h, libextra/gnutls_extra.h,
	libextra/gnutls_openpgp.c, libextra/gnutls_openssl.c,
	libextra/gnutls_srp.c, libextra/gnutls_srp.h,
	libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.c,
	libextra/openpgp/openpgp.h, libextra/openpgp/privkey.c,
	libextra/openpgp/verify.c, libextra/openpgp/xml.c,
	libextra/openssl_compat.c, libextra/openssl_compat.h: Added the '_t'
	suffix to all exported symbols.

2004-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-srp-06.txt =>
	draft-ietf-tls-srp-07.txt}: added new srp draft

2004-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-verify.tex, lib/gnutls_ui.c: [no log message]

2004-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/openpgp.c: [no log message]

2004-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/openpgp.h, libextra/openpgp/extras.c,
	libextra/openpgp/openpgp.h, libextra/openpgp/verify.c: [no log
	message]

2004-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/verify.c: Added gnutls_openpgp_keyring_check_id()

2004-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/Makefile.am, doc/tex/Makefile.am,
	doc/tex/certificate.tex, doc/tex/ex-rfc2818.tex,
	doc/tex/ex-verify.tex, doc/tex/examples.tex,
	includes/gnutls/x509.h, lib/x509/verify.c, lib/x509/verify.h,
	lib/x509/x509.c, lib/x509/x509.h, libextra/openpgp/Makefile.am: 
	added an improved verification example.

2004-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-rescorla-dtls-00.txt: added datagram tls draft.

2004-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_state.c: 
	some fixes in the session resuming code.

2004-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, includes/gnutls/openpgp.h,
	includes/gnutls/pkcs12.h, includes/gnutls/x509.h, lib/auth_anon.c,
	lib/auth_anon.h, lib/auth_cert.c, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/auth_rsa.c, lib/auth_rsa_export.c, lib/debug.c, lib/debug.h,
	lib/defines.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
	lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_server_name.c,
	lib/ext_server_name.h, lib/gnutls.h.in.in, lib/gnutls_alert.c,
	lib/gnutls_alert.h, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c,
	lib/gnutls_asn1_tab.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_auth_int.h, lib/gnutls_buffer.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_compress_int.c,
	lib/gnutls_compress_int.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_errors_int.h, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_int_compat.c, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
	lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
	lib/gnutls_priority.h, lib/gnutls_random.c, lib/gnutls_random.h,
	lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session.c,
	lib/gnutls_session.h, lib/gnutls_session_pack.c,
	lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_str.c,
	lib/gnutls_str.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
	lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/io_debug.h, lib/pkix_asn1_tab.c,
	lib/strfile.h, lib/strnstr.c, lib/x509/common.c, lib/x509/compat.c,
	lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/dsa.c, lib/x509/extensions.c,
	lib/x509/mpi.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs5.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509_write.c, lib/x509/xml.c,
	lib/x509_b64.c, lib/x509_b64.h, libextra/auth_srp.c,
	libextra/auth_srp_passwd.c, libextra/auth_srp_rsa.c,
	libextra/auth_srp_sb64.c, libextra/ext_srp.c,
	libextra/gnutls_extra.c, libextra/gnutls_openpgp.c,
	libextra/gnutls_openssl.c, libextra/gnutls_srp.c,
	libextra/minilzo.c, libextra/openpgp/compat.c,
	libextra/openpgp/extras.c, libextra/openpgp/openpgp.c,
	libextra/openpgp/openpgp.h, libextra/openpgp/privkey.c,
	libextra/openpgp/verify.c, libextra/openpgp/xml.c,
	libextra/openssl_compat.c, src/certtool-cfg.c, src/certtool-gaa.c,
	src/certtool.c, src/cli-gaa.c, src/cli.c, src/common.c,
	src/crypt-gaa.c, src/crypt.c, src/getpass.c, src/prime.c,
	src/retcodes.c, src/serv-gaa.c, src/serv.c, src/tests.c,
	src/tls_test-gaa.c, src/tls_test.c: changed indentation to 4 spaces
	instead of tabs.

2004-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cover.tex.in, lib/gnutls_record.c, lib/x509/x509.c: [no
	log message]

2004-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/gnutls.bib, doc/tex/howto.tex: 
	[no log message]

2004-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, doc/tex/certificate.tex, doc/tex/compression.tex,
	doc/tex/programs.tex: [no log message]

2004-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_datum.c, lib/gnutls_ui.c, lib/x509/pkcs12_bag.c,
	src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa, src/common.c,
	src/gnutls-http-serv, src/serv-gaa.c, src/serv-gaa.h, src/serv.c,
	src/serv.gaa, src/tests.c, src/tests.h, src/tls_test.c: several
	improvements

2004-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tls_test-gaa.c, src/tls_test.gaa: [no log
	message]

2004-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_cert.h, lib/auth_dh_common.h,
	lib/gnutls_compress_int.c, lib/gnutls_state.c, src/cli.c,
	src/common.c, src/common.h, src/tests.c, src/tests.h,
	src/tls_test.c: updated gnutls-cli-debug to print DHE and RSA-EXPORT
	information if verbose is set. Some other minor fixes.

2004-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE, lib/auth_anon.c, lib/auth_anon.h,
	lib/auth_cert.h, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/auth_rsa.c, lib/auth_rsa_export.c, lib/debug.c, lib/debug.h,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_auth_int.h,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress_int.c,
	lib/gnutls_compress_int.h, lib/gnutls_constate.c, lib/gnutls_db.c,
	lib/gnutls_dh_primes.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c, libextra/auth_srp.c,
	libextra/auth_srp_rsa.c, libextra/ext_srp.c,
	libextra/gnutls_extra.c: some other changes to the internal types
	names.

2004-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
	lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c, lib/debug.c,
	lib/debug.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_dh.c,
	lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_int.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session_pack.c,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
	lib/gnutls_x509.h, libextra/auth_srp.c, libextra/auth_srp.h,
	libextra/auth_srp_rsa.c, libextra/gnutls_srp.c: several internal
	types fix.

2004-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/auth_rsa_export.c,
	lib/gnutls_mpi.h, lib/x509/common.c, lib/x509/common.h,
	lib/x509/dsa.c, lib/x509/dsa.h, lib/x509/mpi.c, lib/x509/mpi.h,
	lib/x509/pkcs12_encr.c, lib/x509/privkey.c, lib/x509/sign.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509.h: Added the
	functions gnutls_x509_crt_get_pk_rsa_raw() and
	gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from
	certificates.

2004-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_cert.h, lib/auth_dh_common.c,
	lib/auth_dh_common.h, lib/auth_dhe.c, lib/auth_rsa_export.c,
	lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
	lib/gnutls_ui.h: Allow access to the RSA-EXPORT parameters.

2004-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dh_common.c, lib/auth_dh_common.h,
	lib/gnutls_compress_int.c, lib/gnutls_mpi.c, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h: added function
	to access the DH (peer's) public key.

2004-06-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/gnutls_auth.c, lib/gnutls_cipher_int.c, lib/gnutls_int.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h, src/serv.c: 
	Added news functions to allow access to the ephemeral Diffie Hellman
	parameters.

2004-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_pk.c: [no log message]

2004-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/gnutls.bib: [no log message]

2004-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: ciphers are sorted according to a strength order.

2004-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, libextra/auth_srp.c, libextra/gnutls_srp.c: Updated to
	conform to the latest srp draft (draft-ietf-tls-srp-07).

2004-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_handshake.c, lib/gnutls_mpi.h,
	libextra/auth_srp.c, libextra/openpgp/compat.c, libtasn1.m4: [no log
	message]

2004-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_v2_compat.c: added some extra
	checks in hello packet parsing.

2004-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/x509/Makefile.am,
	libextra/Makefile.am, libextra/openpgp/Makefile.am,
	src/Makefile.am, src/certtool-cfg.h, src/retcodes.c: some libtasn1
	related compilation fixes

2004-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2004-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acinclude.m4, lib/gnutls_handshake.c: [no log message]

2004-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/opencdk/keydb.c, libextra/opencdk/main.h,
	libextra/opencdk/opencdk.h, libextra/opencdk/pubkey.c,
	libextra/opencdk/read-packet.c, libextra/opencdk/sig-check.c,
	libextra/openpgp/verify.c: added new opencdk

2004-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/README.autoconf, doc/certtool.cfg,
	lib/gnutls_handshake.c, lib/pkix.asn, lib/pkix_asn1_tab.c,
	libextra/libgnutls-extra.m4: Corrected session resuming in SRP
	ciphersuites.

2004-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/programs.tex, lib/gnutls_state.c, lib/libgnutls.m4: [no
	log message]

2004-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_state.c: _gnutls_deinit() is
	no longer used. Sessions are not automatically removed any more, on
	abnormal termination.

2004-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_record.c: some cleanups and better
	handling of EOF in record_recv.

2004-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c: [no log message]

2004-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/int.h: [no log message]

2004-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acinclude.m4, configure.in, lib/minitasn1/libtasn1.h, libtasn1.m4: 
	added proper libtasn1 version detection.

2004-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c: Applied patch by Max Vozeler
	<max@hinterhof.net>, sent by Ivo Timmermans.

2004-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/certtool.cfg, lib/pkix.asn,
	libextra/Makefile.am, src/certtool-cfg.c, src/certtool.c: certtool
	has now support for more X.520 DN attribute types.

2004-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/certtool.cfg: [no log message]

2004-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: certtool
	can now read and set the UID field to a DN.

2004-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h: [no log message]

2004-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pkcs12.tex, doc/tex/examples.tex,
	includes/gnutls/pkcs12.h, lib/gnutls.h.in.in, lib/gnutls_int.h,
	lib/x509/pkcs12_bag.c, src/certtool.c: removed gnutls_const_datum
	type.

2004-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2004-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/opencdk/Makefile.am, libextra/opencdk/README,
	libextra/opencdk/opencdk.h, libextra/opencdk/sig-check.c,
	libextra/openpgp/verify.c: updated opencdk to report if any key
	signer was found.

2004-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, libextra/Makefile.am, libextra/gnutls_extra.c,
	libextra/openpgp/Makefile.am, libextra/openpgp/compat.c,
	libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
	libextra/openpgp/openpgp.c, libextra/openpgp/openpgp.h,
	libextra/openpgp/privkey.c, libextra/openpgp/verify.c,
	libextra/openpgp/xml.c: [no log message]

2004-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/prime.c: [no log message]

2004-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_compress_int.c, lib/gnutls_handshake.c,
	lib/gnutls_priority.c, libextra/Makefile.am,
	libextra/gnutls_extra.c, libextra/gnutls_openpgp.c, src/cli.c,
	src/common.c, src/serv.c: some fixes in the compilation system.

2004-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, libextra/Makefile.am: [no log message]

2004-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, libextra/Makefile.am, libextra/gnutls_extra.c: Added
	configure option to disable lzo completely.

2004-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/certtool.cfg, doc/tex/srp.tex,
	lib/Makefile.am, libextra/Makefile.am,
	libextra/opencdk/Makefile.am, libextra/opencdk/armor.c,
	libextra/opencdk/cipher.c, libextra/opencdk/cipher.h,
	libextra/opencdk/compress.c, libextra/opencdk/context.h,
	libextra/opencdk/encrypt.c, libextra/opencdk/filters.h,
	libextra/opencdk/kbnode.c, libextra/opencdk/keydb.c,
	libextra/opencdk/keygen.c, libextra/opencdk/keylist.c,
	libextra/opencdk/keyserver.c, libextra/opencdk/main.c,
	libextra/opencdk/main.h, libextra/opencdk/md.c,
	libextra/opencdk/md.h, libextra/opencdk/misc.c,
	libextra/opencdk/new-packet.c, libextra/opencdk/opencdk.h,
	libextra/opencdk/packet.h, libextra/opencdk/plaintext.c,
	libextra/opencdk/pubkey.c, libextra/opencdk/read-packet.c,
	libextra/opencdk/seskey.c, libextra/opencdk/sig-check.c,
	libextra/opencdk/sign.c, libextra/opencdk/stream.c,
	libextra/opencdk/stream.h, libextra/opencdk/sym-cipher.c,
	libextra/opencdk/trustdb.c, libextra/opencdk/types.h,
	libextra/opencdk/verify.c, libextra/opencdk/write-packet.c,
	libextra/openpgp/Makefile.am: opencdk is being included if not
	found.

2004-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
	src/crypt-gaa.c, src/crypt.gaa: certtool can now add ip address SAN
	extension.

2004-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: the TLS hello message random values no
	longer use strong random data.

2004-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: [no log message]

2004-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/{README.srpcrypt => README.srptool}: [no log
	message]

2004-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_v2_compat.c, libextra/auth_srp_passwd.c,
	libextra/gnutls_openpgp.c, libextra/gnutls_srp.c: Fixed some things
	in the random number usage. Weak levels are used where possible to
	avoid emptying the strong random pool.

2004-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, doc/manpages/{gnutls-srpcrypt.1 =>
	srptool.1}, doc/protocol/draft-eronen-tls-psk-00.txt,
	doc/tex/ex-x509-info.tex, doc/tex/srp.tex: [no log message]

2004-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cert_auth.tex, doc/tex/certificate.tex,
	doc/tex/ciphers.tex: some additions to certificate stuff.

2004-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_auth.c, lib/gnutls_handshake.c, lib/gnutls_kx.c,
	lib/gnutls_pk.c, lib/gnutls_ui.h: Added
	gnutls_auth_client_get_type() and gnutls_auth_server_get_type().

2004-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_cert_type.c, lib/gnutls_cert.c, lib/gnutls_state.c: Fixes
	in the automatic disabling of certificate types.

2004-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_cert.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_state.c: Automatically disable certificate types that do
	not have corresponding certificates.

2004-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: added xml exporting capabilities to certtool
	utility.

2004-04-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_cert.c: [no log message]

2004-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_cert.c, src/cli.c: [no log message]

2004-04-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2004-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/TODO, lib/gnutls_global.c,
	lib/gnutls_record.c: [no log message]

2004-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: [no log message]

2004-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/gnutls_random.h, src/common.c: [no log
	message]

2004-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: [no log message]

2004-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/ex-serv-srp.tex, doc/tex/programs.tex,
	doc/tex/srp.tex, src/Makefile.am: Renamed gnutls-srpcrypt to srptool

2004-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/openpgp.h, lib/auth_cert.c: Corrected bug in
	OpenPGP key loading using a callback.

2004-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_record.c, lib/gnutls_str.c: Corrected bug in TLS
	renegotiation.

2004-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: [no log message]

2004-04-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/ex-rfc2818.tex, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.c, src/certtool.c, src/crypt-gaa.c,
	src/crypt-gaa.h: Added gnutls_sign_algorithm_get_name() and
	gnutls_pk_algorithm_get_name().

2004-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_auth.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_state.c,
	lib/gnutls_v2_compat.c, lib/x509/verify.c, libextra/ext_srp.c,
	src/certtool-cfg.c, src/certtool-gaa.c, src/certtool-gaa.h,
	src/cli-gaa.c, src/cli-gaa.h, src/serv-gaa.c, src/serv-gaa.h,
	src/tls_test-gaa.c, src/tls_test-gaa.h: Some updates in order to
	compile with tcc.

2004-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/structure.c: added the new libtasn1.

2004-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: some
	cleanups in the parsing code.

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-rfc2246-bis-05.txt =>
	draft-ietf-tls-rfc2246-bis-06.txt}: [no log message]

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: [no log message]

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/extensions.c, src/certtool.c: minor bugfixes.

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/extensions.c, lib/x509/x509_write.c: [no log message]

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/certtool.cfg: [no log message]

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/certtool.cfg, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: [no log message]

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, {src => doc}/certtool.cfg,
	doc/manpages/certtool.1, doc/tex/programs.tex, src/tests.c: [no log
	message]

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: [no log message]

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, src/Makefile.am: certtool will use the system's
	libcfg if available.

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/TODO, src/Makefile.am,
	src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.cfg,
	src/certtool.gaa, src/cfg/Makefile.am, src/cfg/cfg+.c,
	src/cfg/cfg+.h, src/cfg/cfgfile.c, src/cfg/cfgfile.h,
	src/cfg/cmdline.c, src/cfg/cmdline.h, src/cfg/parse.c,
	src/cfg/platon/Makefile.am, src/cfg/platon/str/Makefile.am,
	src/cfg/platon/str/dynfgets.c, src/cfg/platon/str/dynfgets.h,
	src/cfg/platon/str/strctype.c, src/cfg/platon/str/strctype.h,
	src/cfg/platon/str/strdyn.c, src/cfg/platon/str/strdyn.h,
	src/cfg/platon/str/strplus.c, src/cfg/platon/str/strplus.h,
	src/cfg/props.c, src/cfg/shared.c, src/cfg/shared.h, src/getpass.c,
	src/getpass.h: Added batch support to certtool. Now can use
	templates.

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cipher_int.c, lib/gnutls_global.c,
	lib/x509/Makefile.am, lib/x509/rc2.c, lib/x509/rc2.h: The RC2 cipher
	is no more included. The one in libgcrypt is now used.

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/extensions.c, lib/x509/extensions.h,
	lib/x509/x509_write.c, src/certtool.c: updated the extensions
	handling.

2004-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, includes/gnutls/x509.h, lib/x509/extensions.c,
	lib/x509/extensions.h, lib/x509/x509.c, lib/x509/x509_write.c,
	src/certtool.c: - Added support for authority key identifier X.509 extension   field.  - Added support for the extended key usage X.509 extension field.

2004-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_cipher.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_state.c: The record receive buffer
	is now stored in the session data, to avoid memory allocations per
	receive.

2004-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, configure.in: [no log message]

2004-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_rsa_export.c, lib/x509/privkey.c, lib/x509/x509.h: 
	Optimized (a bit) the rsa_parameter copying. I don't like it.

2004-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_compress_int.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h: [no log message]

2004-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls_state.c: - Corrected bug in RSA parameters handling which could cause   unexpected crashes.

2004-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/library.tex, lib/auth_cert.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h: [no log message]

2004-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c: implemented all the check for SRP group
	parameters from the latest SRP draft.

2004-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.h, libextra/auth_srp_passwd.c,
	libextra/gnutls_srp.c: [no log message]

2004-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2004-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/examples.tex,
	doc/tex/gnutls.bib, doc/tex/gnutls.tex: [no log message]

2004-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_handshake.c, lib/gnutls_x509.c: some improvements that
	lead to fewer calls to malloc().

2004-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/gnutls.bib, doc/tex/howto.tex, doc/tex/tls_extensions.tex: 
	[no log message]

2004-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, includes/gnutls/extra.h, lib/auth_cert.c,
	lib/gnutls_cert.c, lib/gnutls_global.c, lib/gnutls_int.h,
	lib/gnutls_ui.h, libextra/auth_srp_passwd.c, libextra/gnutls_srp.c,
	src/cli.c, src/tests.c: Deprecated:
	gnutls_srp_server_set_select_function(),
	gnutls_certificate_client_set_select_function(),
	gnutls_srp_server_set_select_function().

2004-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, src/Makefile.am, src/certtool.c, src/crypt.c,
	src/getpass.c, src/getpass.h: replaced the getpass() call with an
	internal one.

2004-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, doc/tex/Makefile.am,
	doc/tex/ex-pgp-keyserver.tex, doc/tex/examples.tex: removed the
	openpgp key retrieval example.

2004-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/Makefile.am, libextra/openpgp/openpgp.c,
	libextra/openpgp/xml.c: Finally corrected a compilation issue when
	opencdk was installed in a non-base directory. Some other minor
	fixes.

2004-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libgcrypt.m4, src/serv.c: [no log message]

2004-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/auth.tex, includes/gnutls/x509.h,
	lib/gnutls.h.in.in, lib/gnutls_anon_cred.c, lib/gnutls_cert.c,
	lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_int.h,
	lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
	lib/gnutls_state.c, lib/gnutls_ui.h, lib/x509/privkey.c,
	lib/x509/privkey.h: * Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy()   and gnutls_x509_privkey_cpy().

2004-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/preparation.tex,
	lib/gnutls_handshake.c, lib/gnutls_state.c: * Added some preliminary documentation for the new libgcrypt locking
	interface.  * Added some documentation for the parameters setting using
	callback.

2004-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.h,
	lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/gnutls.h.in.in, lib/gnutls_anon_cred.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/gnutls_ui.h, src/serv.c: Added
	gnutls_certificate_set_params_function() and
	gnutls_anon_set_params_function() that set the RSA or DH parameters
	using a callback.

2004-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/openpgp.h: [no log message]

2004-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/openpgp.h: [no log message]

2004-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/int.h, lib/minitasn1/libtasn1.h: added new libtasn1
	(0.2.7)

2004-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_hash_int.c: some bugfixes. No
	longer allow sending client hello if a TLS version is not set.

2004-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
	lib/gnutls_hash_int.c, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_sig.c: patch to fix the bug in mutual certificate
	authentication in SSL 3.0

2004-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h: added new minitasn1.

2004-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-compression-06.txt =>
	draft-ietf-tls-compression-07.txt},
	doc/protocol/{draft-ietf-tls-srp-05.txt =>
	draft-ietf-tls-srp-06.txt}: [no log message]

2004-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/openpgp.c: [no log message]

2004-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/alert.tex, doc/tex/ciphers.tex, doc/tex/howto.tex,
	doc/tex/srp.tex, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/x509/Makefile.am, lib/x509/rfc2818_hostname.c, opencdk.m4: 
	Corrected the return values of gnutls_x509_crt_check_hostname().

2004-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/preface.tex: [no log message]

2004-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/Makefile.am: [no log message]

2004-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.h: [no log message]

2004-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c: fixed CRLDistpoints ASN.1
	definitions.

2004-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, libextra/auth_srp.c: [no log message]

2004-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/structure.c, src/common.c: [no log message]

2004-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c: [no log message]

2004-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/compression.tex, lib/ext_server_name.c,
	lib/gnutls.h.in.in, lib/gnutls_extensions.c, src/cli.c,
	src/common.c: Fixed a bug where 'server name' extension was always
	sent.

2004-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c: Fixed some bugs. Patch by Brieuc Jeunhomme
	<bbp@via.ecp.fr>.

2004-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, src/certtool.c: added getpass() check.

2004-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/cert_auth.tex,
	doc/tex/ex-x509-info.tex, doc/tex/library.tex,
	doc/tex/programs.tex, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cert.c, lib/gnutls_cipher.c,
	lib/gnutls_constate.c, lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/gnutls_state.c, lib/x509/crl.c, lib/x509/crq.c,
	lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/x509.c,
	lib/x509/x509_write.c, lib/x509/xml.c, lib/x509_b64.c,
	libextra/gnutls_extra.c, libextra/gnutls_srp.c, src/certtool-gaa.c,
	src/certtool.c, src/cli-gaa.c, src/common.c, src/crypt-gaa.c,
	src/serv-gaa.c, src/serv.c, src/tls_test-gaa.c: Several bug fixes
	and cleanups by Arne Thomassen.

2004-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/pkix.asn, lib/pkix_asn1_tab.c: [no log
	message]

2004-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, includes/gnutls/x509.h, lib/gnutls.h.in.in,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/mpi.c,
	lib/x509/pkcs12.c, lib/x509/sign.c, lib/x509/x509.c, src/certtool.c: * Added the gnutls_sign_algorithm type.  * Improved the DN parser.

2004-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, doc/protocol/rfc3039.txt, lib/gnutls_handshake.c: [no
	log message]

2004-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509/common.c, lib/x509/privkey_pkcs8.c: 
	[no log message]

2004-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: [no log message]

2004-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: the -D_REENTRANT is now used.

2004-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: [no log message]

2004-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2004-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2004-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c,
	lib/x509/dn.c, src/certtool.c: Corrected problem printing the DC
	attributes in a DN.

2004-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: [no log message]

2004-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls_handshake.c, lib/gnutls_int.h,
	src/certtool.c, src/common.c: [no log message]

2004-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/x509/compat.c, libextra/gnutls_openpgp.c,
	libextra/openpgp/gnutls_openpgp.h, src/cli.c: [no log message]

2004-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl_write.c: [no log message]

2004-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/compat.h, lib/x509/rfc2818_hostname.c, src/cli.c: Updated
	gnutls-cli's SRP behaviour. Some other fixes.

2003-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: [no log message]

2003-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.h, src/certtool.c, src/common.c: [no log message]

2003-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/auth.tex, lib/gnutls_algorithms.c, lib/gnutls_ui.h,
	lib/x509/rfc2818_hostname.c, lib/x509/x509.c, src/certtool.c: [no
	log message]

2003-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/x509/rfc2818_hostname.c, libextra/openpgp/openpgp.c: [no log
	message]

2003-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/gnutls_cipher.c: [no log message]

2003-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: added TLS 1.1 protocol
	detection.

2003-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/x509/rfc2818_hostname.c: [no log message]

2003-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: added arcfour 40 cipher
	detection.

2003-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/library.tex, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/extensions.c: [no log message]

2003-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex-cert-select.tex, doc/tex/macros.tex,
	doc/tex/record_weaknesses.tex, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.c, lib/gnutls_cipher.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_state.c, src/common.c, src/serv.c: 
	Added support for TLS 1.1

2003-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_cert.c,
	lib/gnutls_random.c, lib/gnutls_ui.h: updated the client retrieval
	certificate callback.

2003-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cert_auth.tex, doc/tex/certificate.tex,
	doc/tex/ex-x509-info.tex, includes/gnutls/x509.h, lib/x509/x509.c,
	lib/x509/x509_write.c, src/certtool.c: Added
	gnutls_x509_crt_cpy_crl_dist_points()

2003-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/certificate.tex, doc/tex/gnutls.bib,
	includes/gnutls/extra.h, includes/gnutls/x509.h,
	lib/gnutls.h.in.in, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/extensions.c, lib/x509/x509.c, lib/x509/x509.h,
	src/certtool.c: Corrected the CRL distribution point extension
	handling.

2003-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/x509/compat.h, libextra/gnutls_extra.c,
	libextra/openpgp/compat.c, libextra/openpgp/gnutls_openpgp.h: [no
	log message]

2003-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, NEWS, configure.in, doc/tex/cover.tex.in,
	includes/Makefile.am, includes/gnutls/Makefile.am,
	includes/gnutls/openssl.h, lib/auth_anon.c, lib/auth_cert.c,
	lib/auth_dh_common.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/debug.c, lib/ext_cert_type.c,
	lib/ext_max_record.c, lib/ext_server_name.c, lib/gnutls_alert.c,
	lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_compress.c,
	lib/gnutls_compress_int.c, lib/gnutls_constate.c,
	lib/gnutls_datum.c, lib/gnutls_db.c, lib/gnutls_dh.c,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_kx.c,
	lib/gnutls_mem.c, lib/gnutls_mpi.c, lib/gnutls_num.c,
	lib/gnutls_pk.c, lib/gnutls_priority.c, lib/gnutls_random.c,
	lib/gnutls_record.c, lib/gnutls_rsa_export.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
	lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/gnutls_x509.c, lib/strnstr.c, lib/x509/common.c,
	lib/x509/compat.c, lib/x509/compat.h, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/dsa.c,
	lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs5.c,
	lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/rc2.c, lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
	lib/x509/xml.c, lib/x509_b64.c, libextra/Makefile.am,
	libextra/auth_srp.c, libextra/auth_srp_passwd.c,
	libextra/auth_srp_rsa.c, libextra/auth_srp_sb64.c,
	libextra/ext_srp.c, libextra/gnutls_extra.c,
	libextra/gnutls_openpgp.c, libextra/gnutls_openssl.c,
	libextra/gnutls_srp.c, libextra/openpgp/compat.c,
	libextra/openpgp/extras.c, libextra/openpgp/openpgp.c,
	libextra/openpgp/privkey.c, libextra/openpgp/verify.c,
	libextra/openpgp/xml.c, libextra/openssl_compat.c,
	includes/gnutls/compat8.h => libextra/openssl_compat.h,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa, src/cli.c, src/crypt.c, src/prime.c, src/serv.c,
	src/tests.c, src/tls_test.c: * Added CRL verification functionality to certtool.  * Added the FSF copyright notices.  * Moved all the compatibility interface to the openssl   compatibility library.

2003-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c, lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/sign.c,
	lib/x509/verify.c: corrected signing and verifying with DSA keys.

2003-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/certificate.tex, includes/gnutls/x509.h,
	lib/Makefile.am, lib/x509/Makefile.am, lib/x509/crl.c,
	lib/x509/sign.c, lib/x509/sign.h, lib/x509/x509_write.c,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: Added support for generating CRLs in the library
	and the certtool utility.

2003-12-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls_mpi.h, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/extensions.c, lib/x509/extensions.h,
	lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509.h,
	lib/x509/x509_write.c, src/certtool.c: Added support for the Subject
	Key ID PKIX extension.

2003-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_server_name.c, libextra/gnutls_srp.c: [no log message]

2003-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, includes/gnutls/x509.h, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/common.c, lib/x509/dsa.c,
	lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
	lib/x509/x509_write.c, src/certtool.c: Added support for reading and
	generating CRL distribution points extensions in certificates (not
	working yet).

2003-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mpi.h, libextra/auth_srp.c: Added checks (in SRP) for
	A%n==0,1,-1 in server side.

2003-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/TODO, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added PKCS #7
	support to certtool utility.

2003-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/examples/Makefile.am, doc/manpages/certtool.1,
	doc/tex/ex-cert-select.tex, doc/tex/examples.tex, lib/auth_cert.c,
	lib/auth_cert.h, lib/gnutls_cert.c, lib/gnutls_int.h,
	lib/gnutls_ui.h, lib/x509/compat.c, libextra/gnutls_openssl.c: [no
	log message]

2003-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: [no log message]

2003-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, includes/Makefile.am,
	includes/gnutls/Makefile.am, includes/gnutls/compat4.h,
	includes/gnutls/compat8.h, includes/gnutls/openpgp.h,
	includes/gnutls/x509.h, lib/dh_compat.c, lib/gnutls_ui.h,
	lib/rsa_compat.c, libextra/gnutls_openpgp.c,
	libextra/openpgp/openpgp.c, libextra/openpgp/verify.c,
	libextra/openpgp/xml.c: Added gnutls_openpgp_key_get_key_usage(),
	and removed several compatibility functions.

2003-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/openpgp.h, lib/Makefile.am, lib/auth_cert.c,
	lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/x509/common.c, lib/x509/mpi.c,
	lib/x509/rfc2818_hostname.c, libextra/Makefile.am,
	libextra/auth_srp_rsa.c, libextra/gnutls_extra.c,
	libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
	libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.h,
	libextra/openpgp/privkey.c: several cleanups.

2003-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Corrected bug which disallowed
	ciphersuites other than the CERTIFICATE ones to work.

2003-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/privkey.c: [no log message]

2003-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, includes/gnutls/compat8.h, includes/gnutls/openpgp.h,
	lib/auth_cert.c, lib/gnutls_cert.c, lib/gnutls_int.h,
	lib/gnutls_ui.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
	libextra/Makefile.am, libextra/gnutls_extra.h,
	libextra/gnutls_openpgp.c, libextra/openpgp/Makefile.am,
	libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.c,
	libextra/openpgp/openpgp.h: Improved
	gnutls_certificate_client_retrieve_function() and
	gnutls_certificate_server_retrieve_function() so that the parsing
	time spent within them is minimized. Also added
	gnutls_openpgp_privkey struct. No testing yet.

2003-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls_cert.h, lib/x509/extensions.c,
	lib/x509/x509_write.c: [no log message]

2003-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls_cert.h,
	lib/x509/extensions.c, lib/x509/extensions.h,
	lib/x509/x509_write.c, src/certtool.c, src/tests.c, src/tests.h,
	src/tls_test.c: Added gnutls_x509_crt_set_key_usage() and certtool
	can now set the certificate's key usage.

2003-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/protocol/draft-ietf-tls-emailaddr-00.txt,
	doc/tex/auth.tex: [no log message]

2003-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cert_auth.tex, doc/tex/ciphersuites.tex, src/serv.c: [no
	log message]

2003-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/cert_auth.tex,
	doc/tex/certificate.tex, doc/tex/ciphers.tex,
	doc/tex/ciphersuites.tex, doc/tex/compression.tex,
	doc/tex/handshake.tex, doc/tex/openpgp.tex,
	doc/tex/preparation.tex, doc/tex/record_weaknesses.tex,
	doc/tex/tls_extensions.tex, doc/tex/x509.tex: some updated in
	documentation

2003-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_int.h, lib/gnutls_record.c,
	src/cli.c, src/serv.c: Corrected bug in gnutls_bye() which made it
	return an error code of INVALID_REQUEST instead of success.

2003-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, includes/gnutls/x509.h, lib/Makefile.am,
	lib/gnutls_pk.c, lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
	lib/gnutls_sig.c, lib/gnutls_ui.h, lib/rsa_compat.c,
	lib/x509/Makefile.am, lib/x509/common.c, lib/x509/crq.c,
	lib/x509/dsa.c, lib/x509/dsa.h, lib/x509/mpi.c, lib/x509/mpi.h,
	lib/x509/privkey.c, lib/x509/sign.c, lib/x509/x509.c,
	lib/x509/x509_write.c, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa: Added support for generating and
	exporting DSA private keys. Exporting to PKCS #8 is still not
	supported due to lack of standards.

2003-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_cert.c, lib/auth_cert.h, lib/auth_dhe.c,
	lib/auth_rsa.c, lib/auth_rsa_export.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/gnutls_ui.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
	libextra/auth_srp_rsa.c, libextra/gnutls_extra.c,
	libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
	libextra/openpgp/gnutls_openpgp.h: Added the callbacks
	gnutls_certificate_client_retrieve_function() and
	gnutls_certificate_server_retrieve_function(), to allow a client or
	a server to specify certificates for the handshake without storing
	them to the credentials structure.

2003-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/auth_anon.c, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/dh_compat.c, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_rsa_export.c, lib/gnutls_ui.c,
	lib/libgnutls.vers, lib/x509/common.c, libextra/auth_srp_rsa.c,
	libextra/gnutls_extra.c, libextra/libgnutls-extra.vers, opencdk.m4: * The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and
	  GNUTLS_E_NO_TEMPORARY_RSA_PARAMS are no longer returned by the
	  handshake function. Ciphersuites that require temporary parameters
	are removed when such parameters do not exist.  * Several internal changes to allow adding the callback function to
	  retrieve the certificate and the private key.

2003-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_dh_primes.c,
	lib/gnutls_rsa_export.c, lib/gnutls_state.c: Included
	gnutls_1_0_0_patches.

2003-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, lib/Makefile.am, lib/gnutls_handshake.c,
	lib/gnutls_record.c, libextra/Makefile.am,
	libextra/openpgp/Makefile.am, src/cli.c, src/tests.c, src/tests.h,
	src/tls_test.c: Included gnutls_1_0_0_patches.

2003-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, doc/tex/ciphers.tex, lib/gnutls_dh_primes.c,
	lib/gnutls_mpi.c, src/prime.c: some minor fixes and cleanups.

2003-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/common.c: [no log message]

2003-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: some cleanups in the
	record protocol processing.

2003-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/srp.tex, includes/gnutls/extra.h,
	lib/gnutls.h.in.in, lib/gnutls_errors.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_state.c, libextra/auth_srp.c,
	libextra/auth_srp.h, libextra/ext_srp.c, libextra/ext_srp.h,
	libextra/gnutls_srp.c, src/cli.c: Improved the support for
	draft-ietf-tls-srp-05. The two-phase handshake is now fully
	supported without any interaction with the application layer (except
	for a callback).

2003-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/manpages/Makefile.am, doc/manpages/certtool.1,
	doc/manpages/gnutls-cli-debug.1, doc/manpages/gnutls-cli.1,
	doc/manpages/gnutls-serv.1, doc/manpages/gnutls-srpcrypt.1: Added
	new manpages by Ivo.

2003-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ciphersuites.tex: [no log message]

2003-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_hash_int.c, lib/gnutls_random.c,
	lib/x509/dn.c, src/common.c: eliminated some memory leaks and other
	fixes.

2003-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-serv-export.tex, doc/tex/ex-serv-srp.tex,
	doc/tex/preface.tex: [no log message]

2003-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: added detection for ZLIB
	compression.

2003-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tls_test.c: improved srp detection.

2003-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/srp.tex, lib/gnutls_cipher.c, libextra/auth_srp.c,
	src/cli.c: Some fixes in the certificate authenticated SRP
	ciphersuites.

2003-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.autoconf, lib/gnutls_alert.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
	libextra/auth_srp.c, src/serv-gaa.c, src/serv.c: some fixes to
	comply with the SRP draft. The handshake is now repeated if an empty
	SRP username is received.

2003-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/srp.tex, includes/gnutls/extra.h,
	lib/gnutls_anon_cred.c, lib/gnutls_cert.c, lib/gnutls_x509.c,
	lib/libgnutls.vers, lib/x509_b64.c, libextra/auth_srp.c,
	libextra/auth_srp_sb64.c, libextra/gnutls_openpgp.c,
	libextra/gnutls_srp.c, libextra/libgnutls-extra.vers,
	libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.c,
	libextra/openpgp/verify.c, src/common.c, src/crypt.c: several
	corrections in the documentation.

2003-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/libgnutls.vers, libextra/libgnutls-extra.vers: 
	[no log message]

2003-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/examples.tex, doc/tex/gnutls.bib,
	doc/tex/gnutls.tex, doc/tex/handshake.tex, doc/tex/library.tex,
	doc/tex/preface.tex, doc/tex/programs.tex, doc/tex/srp.tex: [no log
	message]

2003-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/Makefile.am, doc/tex/appendix.tex,
	doc/tex/ciphers.tex, doc/tex/ciphersuites.tex,
	doc/tex/supported_ciphersuites.tex, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c, lib/gnutls_int.h,
	lib/gnutls_state.c: Removed the TWOFISH cipher. Documented the
	supported ciphersuites.

2003-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-benaloh-pct-00.txt,
	doc/protocol/draft-benaloh-pct-01.txt,
	doc/protocol/draft-hickman-netscape-ssl-00.txt: Added historical
	documents. Got from
	http://www21.ocn.ne.jp/~k-west/SSLandTLS/index-e.html

2003-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, doc/tex/preface.tex: [no log message]

2003-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/preface.tex: [no log message]

2003-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/Makefile.am, lib/auth_cert.c,
	lib/auth_rsa_export.c, lib/gnutls.h.in.in, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_mem.h, lib/gnutls_mpi.c,
	lib/gnutls_mpi.h, lib/gnutls_x509.c, libextra/gnutls_openpgp.c,
	src/serv.c: corrected some bugs that affected openpgp
	authentication.

2003-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ciphersuites.tex, doc/tex/gnutls.bib, doc/tex/gnutls.tex,
	doc/tex/handshake.tex, doc/tex/library.tex, doc/tex/openpgp.tex,
	doc/tex/preface.tex: [no log message]

2003-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/protocol/rfc3279.txt, doc/tex/cover.tex.in,
	doc/tex/gnutls.bib, doc/tex/library.tex, includes/gnutls/x509.h,
	lib/gnutls_pk.c, lib/x509/privkey.c, lib/x509/verify.c,
	lib/x509/verify.h, lib/x509/x509.c: Exported the
	gnutls_x509_privkey_sign_data(), gnutls_x509_privkey_verify_data()
	and gnutls_x509_crt_verify_data().

2003-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: only generate v3 certificates, since we always use
	the CA (basicConstraints) extension.

2003-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/privkey.c: ensure that the leading
	zero is there on RSA keys.

2003-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c, lib/x509/sign.c, lib/x509/x509_write.c: [no log
	message]

2003-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-x509-info.tex: [no log message]

2003-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c: added crq_get_version().

2003-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/ex-crq.tex, doc/tex/gnutls.bib,
	doc/tex/openssl.tex, lib/x509/crq.c, lib/x509/x509_write.c,
	src/certtool.c: Some documentation fixes. Changed
	gnutls_x509_*_set_version() to have a compatible input with
	gnutls_x509_*_get_version().

2003-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/rfc2459.txt, doc/protocol/rfc3280.txt: added the
	newest PKIX rfc.

2003-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-cert-select.tex, doc/tex/ex-client-resume.tex,
	doc/tex/ex-client-srp.tex, doc/tex/ex-client2.tex,
	doc/tex/ex-serv-export.tex, doc/tex/ex-serv-pgp.tex,
	doc/tex/examples.tex: [no log message]

2003-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: [no log message]

2003-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.autoconf, includes/gnutls/x509.h, lib/x509/pkcs5.c,
	src/common.c, src/serv.c: [no log message]

2003-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-compression-05.txt =>
	draft-ietf-tls-compression-06.txt},
	doc/protocol/{draft-ietf-tls-ecc-03.txt =>
	draft-ietf-tls-ecc-04.txt}: [no log message]

2003-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: generated certificates by certtool now have
	version 1 if they do not include extensions.

2003-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext_server_name.c, lib/gnutls.h.in.in, opencdk.m4,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c: [no log
	message]

2003-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS, lib/gnutls_session.c, lib/x509/pkcs12.c,
	libextra/gnutls_openssl.c, src/certtool.gaa, src/serv-gaa.c,
	src/serv.c, src/serv.gaa: Some fixes pointed out by Dimitri
	Papadopoulos-Orfanos <papadopo@shfj.cea.fr>

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-client-resume.tex, doc/tex/ex-client-srp.tex,
	doc/tex/ex-client2.tex, doc/tex/ex-rfc2818.tex,
	doc/tex/examples.tex: [no log message]

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/ex-client-resume.tex,
	doc/tex/ex-client-srp.tex, doc/tex/ex-client2.tex,
	doc/tex/examples.tex: Simplified a bit the client examples.

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-client1.tex: [no log message]

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs5.c, src/certtool-gaa.c, src/certtool.gaa,
	src/serv.c, src/tests.c: [no log message]

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: some changes in password reading.

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs5.c: some corrections in the pkcs5 module by Simon
	Josefsson.

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_server_name.c, lib/gnutls_int.h: [no log message]

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_session_pack.c,
	lib/gnutls_session_pack.h: [no log message]

2003-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/auth_cert.c, lib/defines.h,
	lib/ext_server_name.c, lib/gnutls.h.in.in, lib/gnutls_cert.c,
	lib/gnutls_record.c, lib/gnutls_session.c, lib/gnutls_state.c,
	lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_ui.h, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
	lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
	lib/x509/pkcs5.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
	lib/x509_b64.c, libextra/gnutls_srp.c, src/certtool.c,
	src/common.c, src/serv.c: Several minor fixes in code and function
	documentation.

2003-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-crq.tex: [no log message]

2003-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/common.c, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/x509.c, lib/x509/x509_write.c: [no log
	message]

2003-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/dn.h, lib/x509/extensions.c,
	lib/x509/extensions.h, lib/x509/x509.c, src/certtool.c: * Added gnutls_x509_*_get_dn_oid() and
	  gnutls_x509_crt_get_extension_oid() functions which return the
	available OIDs.  * The certtool utility now prints all available extension OIDs and   values.

2003-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls_str.c, lib/gnutls_str.h,
	lib/x509/common.c, lib/x509/compat.c, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c, lib/x509/dn.h,
	lib/x509/rfc2818_hostname.c, lib/x509/x509.c, lib/x509/x509.h,
	libextra/openpgp/openpgp.h: gnutls_x509_*_get_*_dn_by_oid()
	functions have a raw_flag parameter added.  Several other fixes.

2003-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, includes/gnutls/compat8.h,
	includes/gnutls/openpgp.h, includes/gnutls/pkcs12.h,
	includes/gnutls/x509.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/x509/compat.c, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/dn.h, lib/x509/pkcs12.c,
	lib/x509/pkcs7.c, lib/x509/pkcs7.h, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509.h,
	lib/x509/x509_write.c, libextra/openpgp/openpgp.c, src/certtool.c,
	src/cli.c, src/common.c, src/tests.c: gnutls_x509_*_set_dn_by_oid()
	functions have a raw_flag parameter added. Some other fixes in
	function types.

2003-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, includes/gnutls/compat8.h, includes/gnutls/x509.h,
	lib/gnutls.h.in.in, lib/x509/crq.c, lib/x509/crq.h,
	lib/x509/x509.c, lib/x509/x509.h: Compatibility header for gnutls4
	is no longer included in gnutls.h. Added deprecated warnings to
	gnutls8 stuff.

2003-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/openssl.h: [no log message]

2003-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c, lib/x509/x509.c: [no log message]

2003-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/common.c, lib/x509/crq.c,
	lib/x509/x509_write.c: added gnutls_x509_oid_known() to report known
	OIDs.

2003-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_write.c: added gnutls_x509_oid_known() to report
	known OIDs.

2003-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/defines.h, lib/gnutls.h.in.in,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.gaa,
	src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.gaa, src/prime.c,
	src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.gaa: [no log
	message]

2003-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/ext_max_record.c, lib/gnutls_extensions.c,
	lib/gnutls_int.h, src/cli.c: [no log message]

2003-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2003-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/auth_cert.c, lib/debug.c,
	lib/ext_server_name.c, lib/gnutls_buffers.c, lib/gnutls_constate.c,
	lib/gnutls_dh_primes.c, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_mem.c,
	lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
	lib/x509/crl.c, lib/x509_b64.c, libextra/auth_srp.c,
	libextra/auth_srp_sb64.c, libextra/gnutls_openpgp.c,
	libextra/gnutls_openssl.c, libextra/openpgp/gnutls_openpgp.h,
	libextra/openpgp/verify.c, src/common.h: Some bugfixes, and type
	corrections.

2003-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: [no log message]

2003-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/x509/common.c, src/cli.c, src/common.c, src/serv.c: Added the
	RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04.

2003-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.m4, libextra/libgnutls-extra.m4: [no log message]

2003-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/openssl.tex, includes/Makefile.am,
	lib/minitasn1/mem.h, libextra/Makefile.am,
	libextra/libgnutls-extra.vers: The openssl compatibility layer was
	moved to gnutls-openssl to allow the extension of it without
	bloating the libgnutls-extra.

2003-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/defines.h: [no log message]

2003-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: [no log message]

2003-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Prints certificate information before signing.

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_random.h: [no log message]

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_random.c, src/crypt.c: Patch by Werner
	Koch: * configure.in: Check for gcry_create_nonce.  * lib/gnutls_random.c (_gnutls_get_random): Ditto.  * src/crypt.c (_srp_crypt): Use gcry_create_nonce if available.  Also removed some unneeded code in random.c.

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, configure.in: [no log message]

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa: Added capability to read CRLs to
	certtool.

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls_x509.c, lib/x509/compat.c,
	lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
	lib/x509/x509.c, lib/x509/x509.h: Renamed several pkcs #7 related
	functions. That is to allow future extensions to the API.

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: [no log message]

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12_bag.c,
	lib/x509/x509.c, lib/x509/x509_write.c: [no log message]

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: [no log message]

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: [no log message]

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h: [no log message]

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, includes/gnutls/x509.h, lib/gnutls.h.in.in,
	lib/gnutls_dh_primes.c, lib/gnutls_ui.h, lib/x509/pkcs7.c,
	lib/x509_b64.c, src/cli-gaa.c: Added gnutls_pkcs7_set_certificate2()
	and gnutls_pkcs7_set_crl2() functions.

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12_bag.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c: added some check for the
	input parameters.

2003-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, libgcrypt.m4: [no log message]

2003-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/x509/common.c, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/x509.c: Removed the
	gnutls_handshake_set_rsa_pms_check() prototype from gnutls.h.
	Corrected the *_get_dn() functions to return the data size if the
	data argument is NULL, and *data_size == 0. Bugs reported by Gergely
	Nagy <algernon@bonehunter.rulez.org>.

2003-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/ext_cert_type.c, lib/ext_cert_type.h,
	lib/gnutls_constate.c, lib/gnutls_extensions.c,
	lib/gnutls_session_pack.c: some fixes to have the correct cert_type
	on resumed sessions.

2003-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool.c: The certtool utility can now generate PKCS
	#12 structures without specifying a certificate.

2003-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/gnutls.bib: [no log message]

2003-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/errors.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/mem.h,
	lib/minitasn1/structure.c: Included the new libtasn 0.2.6.

2003-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-openpgp-keys-03.txt =>
	draft-ietf-tls-openpgp-keys-04.txt}: [no log message]

2003-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.gaa,
	src/cli.c, src/common.c, src/common.h, src/crypt-gaa.c,
	src/crypt-gaa.h, src/crypt.gaa, src/prime.c, src/serv.c,
	src/tests.c, src/tls_test-gaa.c, src/tls_test-gaa.h,
	src/tls_test.c, src/tls_test.gaa: some code cleanups.

2003-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, libextra/gnutls_srp.c: [no log message]

2003-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.gaa,
	src/common.c, src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.gaa,
	src/tests.c, src/tests.h, src/tls_test-gaa.c, src/tls_test-gaa.h,
	src/tls_test.c, src/tls_test.gaa: [no log message]

2003-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/certtool-gaa.c, src/certtool.gaa, src/cli.c,
	src/common.c, src/common.h, src/crypt-gaa.c, src/crypt.gaa,
	src/serv.c, src/tls_test.c: [no log message]

2003-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.gaa, src/crypt-gaa.c,
	src/crypt-gaa.h, src/crypt.c, src/crypt.gaa: [no log message]

2003-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: Corrected the types in
	gnutls_anon_free_client_credentials() and
	gnutls_anon_allocate_client_credentials(). Reported by Ivo.

2003-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, src/crypt.c, src/tests.c, src/tls_test.c: [no log
	message]

2003-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_buffers.c, libextra/auth_srp_passwd.c,
	libextra/gnutls_openpgp.c, libgcrypt.m4, src/Makefile.am,
	src/certtool.c, src/cli-gaa.c, src/cli.c, src/crypt.c, src/serv.c,
	src/tests.c, src/tests.h, src/tls_test-gaa.c, src/tls_test.c: some
	changes to compile in mingw32.

2003-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: added the new gdoc by Simon.

2003-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_compress.c, lib/gnutls_handshake.c, lib/gnutls_ui.c,
	lib/x509/privkey.c: [no log message]

2003-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/pkcs12.h, lib/ext_server_name.c,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
	lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
	lib/gnutls_db.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/dn.h,
	lib/x509/extensions.h, lib/x509/pkcs12.c, lib/x509/pkcs5.c,
	lib/x509/pkcs5.h, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509_b64.c, lib/x509_b64.h: 
	some type fixes. Based on build logs sent by Dimitri
	Papadopoulos-Orfanos <papadopo@shfj.cea.fr>.

2003-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: preserve the flags from the last certificate
	verification, in a chain.

2003-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/verify.c: added gnutls_openpgp_key_verify_self()
	which verifies the self signature in the key.

2003-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/openpgp.h, libextra/gnutls_openpgp.c,
	libextra/openpgp/compat.c, libextra/openpgp/openpgp.c,
	libextra/openpgp/verify.c, src/common.c: added
	gnutls_openpgp_key_export() function.

2003-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: [no log message]

2003-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/library.tex,
	includes/gnutls/openpgp.h, includes/gnutls/x509.h: [no log message]

2003-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/compat.c, libextra/openpgp/openpgp.h,
	libextra/openpgp/verify.c: [no log message]

2003-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_int.h, lib/x509/pkcs12_bag.c,
	lib/x509/privkey.h, lib/x509/privkey_pkcs8.c: Some changes to
	preserve binary compatibility.

2003-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: Added option to certtool to use export-grade
	algorithms. If password is set in pkcs8 mode, then the output
	structure will be encrypted.

2003-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/verify.c, libextra/openpgp/verify.c,
	src/certtool-gaa.c, src/certtool.gaa, tests/test25.pem: [no log
	message]

2003-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/prime-gaa.c, src/prime-gaa.h, src/prime.gaa: [no log message]

2003-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/Makefile.am: gdoc and sort1.pl are now included in the
	distribution.

2003-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/certificate.tex, doc/tex/cover.tex.in,
	doc/tex/ex-rfc2818.tex, lib/gnutls.h.in.in, lib/gnutls_cert.c,
	lib/gnutls_int.h, lib/x509/compat.c, lib/x509/verify.c,
	libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/verify.c, src/Makefile.am, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/common.c,
	src/prime.c: * Several changes in certificate and key verification.  * GNUTLS_CERT_NOT_TRUSTED was replaced by GNUTLS_CERT_INVALID, to
	  avoid having two flags for the same thing.  * Updated documentation for openpgp key verification.  * The prime tool was combined with the certtool.

2003-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	libextra/gnutls_openpgp.c, libextra/openpgp/extras.c: [no log
	message]

2003-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, src/certtool.gaa, src/common.c: [no log message]

2003-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/.cvsignore, libextra/openpgp/openpgp.c,
	libextra/openpgp/openpgp.h: [no log message]

2003-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/pkcs12.h, libextra/gnutls_openpgp.c,
	src/certtool.c, src/common.c: more openpgp related changes.

2003-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12_bag.c: Added gnutls_pkcs12_bag_set_crl() and
	gnutls_pkcs12_bag_set_crt() functions.

2003-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: [no log message]

2003-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pgp-keyserver.tex, lib/Makefile.am, lib/gnutls_x509.c,
	lib/strfile.h, libextra/gnutls_openpgp.c,
	libextra/openpgp/openpgp.h, src/serv.c: some openpgp related
	changes.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crypt.c: [no log message]

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_global.c: added version check against libtasn1

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool.c, src/certtool.gaa,
	src/common.c: [no log message]

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, src/cli.c, src/crypt.c, src/serv.c: Added error
	checking to global_init() calls.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/handshake.tex, doc/tex/howto.tex: 
	Corrected some things in documentation. Got from Debian bug tracking
	system, Reported by Ivan Nestlerode <nestler@speakeasy.net>

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/x509/pkcs12_bag.c,
	libextra/openpgp/compat.c, libextra/openpgp/extras.c,
	libextra/openpgp/verify.c: [no log message]

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/pkcs12.h, lib/gnutls.h.in.in,
	lib/x509/pkcs12_bag.c, lib/x509/verify.c, src/certtool.c: introduced
	gnutls_const_datum for gnutls_pkcs12_bag_get_data(). Some other
	cleanups in the verification functions.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: corrected some bugs in the verification
	functions.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test22.pem: [no log message]

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c, src/certtool.c, tests/test23.pem: [no log
	message]

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_int.h,
	lib/x509/compat.c, lib/x509/verify.c, src/certtool.c, src/common.c,
	tests/test1.pem, tests/test10.pem, tests/test13.pem,
	tests/test2.pem, tests/test20.pem, tests/test21.pem,
	tests/test22.pem, tests/test23.pem, tests/test24.pem,
	tests/test25.pem, tests/test26.pem, tests/test3.pem: Improved the
	certificate verification functions and the certtool program's
	verification capability.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, src/crypt.c: Certtool is only compiled when
	ENABLE_PKI is defined.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/Makefile.am: [no log message]

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509_b64.c, lib/x509_b64.h: Made the
	B64FSIZE to return an accurate value.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/programs.tex, lib/x509/common.c,
	lib/x509_b64.c, src/certtool.c: some fixes.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: [no log message]

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/programs.tex: [no log message]

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: added capability to print pkcs12 structures.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/libgnutls-extra.vers: exported OpenSSL* symbols.

2003-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818.h: added missing file.

2003-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex-pkcs12.tex, includes/gnutls/pkcs12.h,
	lib/x509/common.c, src/certtool-gaa.c, src/certtool-gaa.h,
	src/certtool.c, src/certtool.gaa: added pkcs #12 support to
	certtool. Corrected some bugs in the export functions.

2003-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-sharedkeys-01.txt =>
	draft-ietf-tls-sharedkeys-02.txt}: [no log message]

2003-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: [no log message]

2003-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool.c, src/certtool.gaa: [no log
	message]

2003-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_dh_primes.c: Used the new gcrypt API for
	generating primes and groups.

2003-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: added the --der option to certtool.

2003-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/programs.tex,
	includes/gnutls/openpgp.h, lib/x509/x509.c, lib/x509/x509_write.c,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: several improvements for the certtool utility.

2003-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: [no log message]

2003-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am,
	doc/manpages/gnutls-cli-debug.1, doc/manpages/gnutls-cli.1,
	doc/manpages/gnutls-serv.1, doc/manpages/gnutls-srpcrypt.1: Added
	manpages created by Ivo Timmermans <ivo@o2w.nl>

2003-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c, src/cli-gaa.c, src/cli-gaa.h, src/cli.c,
	src/cli.gaa, src/common.c: Added the --print-cert option to
	gnutls-cli.

2003-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/Makefile.am: [no log message]

2003-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509/common.c, lib/x509/mpi.c,
	lib/x509/mpi.h, lib/x509/privkey.c, lib/x509/privkey.h,
	lib/x509/x509.c, lib/x509_b64.c, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added
	capability to print the keyid of a certificate or a private key to
	certtool. Updated the key_id functions to return the hash of the
	SubjectPublicKey.

2003-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Added fingerprint calculation to certtool.

2003-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, libextra/gnutls_openssl.c: added configure option to
	disable the openssl compatibility layer.

2003-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c: a fix in the get_subject_alt_name, to return
	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when finished reading.

2003-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: Added capability to decode some X.509v3
	extensions.

2003-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: Added certificate chain verification capability to
	certtool

2003-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c: [no log message]

2003-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c,
	lib/x509/crq.c, lib/x509/privkey_pkcs8.c, src/Makefile.am,
	src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
	src/certtool.gaa: Several improvments in the certtool.

2003-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/privkey_pkcs8.c, src/Makefile.am, src/certtool-gaa.c,
	src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/common.c: 
	Added a certtool primitive command line utility

2003-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/dn.c, lib/x509/extensions.c,
	lib/x509/extensions.h, lib/x509/mpi.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/x509.h, lib/x509/x509_write.c: Improved
	the certificate generation stuff.

2003-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, includes/gnutls/x509.h, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/common.c, lib/x509/common.h,
	lib/x509/dn.c, lib/x509/dn.h, lib/x509/sign.c,
	lib/x509/x509_write.c: Almost finished the X.509 certificate
	generation.

2003-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, configure.in, includes/gnutls/x509.h,
	lib/Makefile.am, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c, lib/x509/dn.h,
	lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
	lib/x509/x509_write.c, libgcrypt.m4: Added some support for writable
	gnutls_x509_crt structures. Not ready yet.

2003-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_mem.h, lib/minitasn1/mem.h: some
	alloca-related fixes. Patch by Philip Brown <phil@bolthole.com>.

2003-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/rfc2818_hostname.c: The hostname verification in the
	certificate is now case insensitive.

2003-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2003-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2003-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c: corrected a bug in the debugging
	output of handshake. Pointed out by Mark McLoughlin
	<mark@skynet.ie>.

2003-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.h: 
	Corrected issue in openpgp code, which did not allow compilation
	when opencdk was not present.

2003-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2003-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cover.tex.in: [no log message]

2003-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: opencdk is now mandatory in the base installation.

2003-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/openpgp.h, includes/gnutls/x509.h,
	lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_rsa_export.c,
	lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
	lib/x509/common.c, lib/x509/pkcs5.c, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509.h,
	libextra/openpgp/openpgp.c: Some changes in types.

2003-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h: [no log message]

2003-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/extensions.c, lib/x509/x509.c, lib/x509/x509.h: [no log
	message]

2003-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/gnutls_int.h, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c,
	lib/x509/pkcs7.c, lib/x509/pkcs7.h, lib/x509/privkey.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509.h,
	lib/x509_b64.c, libextra/auth_srp_sb64.c: Corrected some of the
	return types. Several other minor corrections.

2003-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/README.autoconf, doc/tex/gnutls.bib,
	lib/gnutls_pk.c: [no log message]

2003-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/fdl.tex, doc/tex/gnutls.bib: [no log message]

2003-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/fdl.tex, doc/tex/funcs.tex, doc/tex/gnutls.bib: 
	Documentation is now under FDL 1.2.

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am: [no log message]

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/funcs.tex, libextra/Makefile.am,
	libextra/gnutls_openpgp.c, libextra/openpgp/Makefile.am,
	libextra/openpgp/gnutls_openpgp.c: [no log message]

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: [no log message]

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, libextra/Makefile.am, src/cli.c,
	src/common.c, src/serv.c: [no log message]

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/Makefile.am, doc/tex/funcs.tex,
	includes/Makefile.am, includes/gnutls/openpgp.h, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
	lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/x509.c,
	libextra/Makefile.am, libextra/gnutls_extra.c,
	libextra/openpgp/Makefile.am, libextra/openpgp/gnutls_openpgp.h,
	libextra/openpgp/openpgp.c, libextra/openpgp/openpgp.h,
	src/common.c: Updated the openpgp key API.

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/Makefile.am: [no log message]

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, includes/gnutls/openpgp.h, libextra/Makefile.am,
	libextra/openpgp/Makefile.am, libextra/openpgp/gnutls_openpgp.c,
	libextra/{ => openpgp}/gnutls_openpgp.h,
	libextra/openpgp/openpgp.c, libextra/openpgp/openpgp.h: Converted
	the pgp verification functions to the new API.

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, includes/gnutls/openpgp.h,
	libextra/openpgp/gnutls_openpgp.c: [no log message]

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/xml.c: the place where the XML stuff were moved.

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/openpgp/Makefile.am, libextra/openpgp/gnutls_openpgp.c,
	libextra/openpgp/openpgp.c, libextra/openpgp/openpgp.h: Updated the
	old opencdk code and moved the XML stuff. Based on patch by Mikhail
	Teterin <mi+mx@aldan.algebra.com>.

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/Makefile.am, lib/gnutls_alert.c,
	lib/gnutls_algorithms.c, lib/x509/Makefile.am,
	lib/x509/rfc2818_hostname.c, libextra/Makefile.am, src/cli.c,
	src/common.c, src/common.h, src/serv.c: Applied patch by Arne that
	fixes several possible NULL pointer dereferences.

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: Disable buffering.  Clear FD set.  Patch by Simon
	Josefsson  <jas@extundo.com>

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: [no log message]

2003-10-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/Makefile.am, libextra/gnutls_openpgp.c,
	libextra/openpgp/Makefile.am, libextra/openpgp/gnutls_openpgp.c,
	libextra/openpgp/openpgp.c, libextra/openpgp/openpgp.h: started some
	rewrite of the openpgp stuff.

2003-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli.gaa: [no log message]

2003-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.h, src/serv.c: Rolled back some of Arne's
	changes. Now the ciphers can be set in the client/server.

2003-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc, doc/tex/Makefile.am, lib/gnutls_errors.c: Patch
	by Arne.  Fixes a linking problem with _gnutls_handshake2str() and
	_gnutls_packet2str().  Some other fixes in the documentation creation.

2003-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_record.c,
	lib/gnutls_state.c, lib/minitasn1/structure.c, src/cli.c,
	src/common.c, src/serv.c: A new patch by Arne. More bug fixes and
	optimizations.

2003-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: Corrected some unaligned accesses in IA64.
	Initial patch by Ian Wienand <ianw@gelato.unsw.edu.au>.

2003-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_srp.c: Corrected a bug in the SRP U calculation.
	Reported by Casey Marshall <rsdio@metastatic.org>.

2003-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c: Applied Simos' patch for the SIGALRM
	triggered handshake.

2003-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_pk.c, lib/x509/rfc2818_hostname.c: 
	some cleanups.

2003-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex-serv-pgp.tex, includes/gnutls/x509.h, src/cli.c,
	src/common.c, src/common.h, src/serv.c, src/tests.c: Added a
	hostname check with the certificate in the gnutls-cli.

2003-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	libextra/gnutls_openssl.c, src/cli.c, src/serv.c, src/tests.c: 
	RIJNDAEL ciphersuites were renamed to AES.

2003-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2003-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: [no log message]

2003-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c, lib/gnutls_errors.c,
	lib/gnutls_handshake.c, lib/gnutls_v2_compat.c, src/cli.c,
	src/serv.c: some more cleanups.

2003-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, src/cli.c, src/serv.c: Corrected the
	client's behaviour in the handshake handling. Some fixes in the
	documentation.

2003-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/crypt.c: [no log message]

2003-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, src/cli.c: [no log message]

2003-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.vers, libextra/libgnutls-extra.vers: [no log
	message]

2003-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/libgnutls.vers,
	libextra/Makefile.am, libextra/libgnutls-extra.vers: Some additions
	to export only the documented API, and some support for versioning.

2003-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/.cvsignore, doc/tex/library.tex, lib/debug.c,
	lib/debug.h, lib/gnutls_errors.c, src/cli.c: cleanups.

2003-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c, src/crypt-gaa.c, src/crypt-gaa.h,
	src/crypt.c, src/crypt.gaa, src/srp/tpasswd, src/srp/tpasswd.conf: 
	Corrected and improved SRP support. The gnutls-srpcrypt now
	generates several primes.

2003-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c: added a size check in the group generator
	received by the server.

2003-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/README.autoconf, doc/TODO,
	doc/tex/ex-pkcs12.tex, includes/gnutls/x509.h,
	lib/x509/privkey_pkcs8.c, src/cli.c: Improved the error handling in
	the gnutls-cli.

2003-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	libextra/auth_srp.c: [no log message]

2003-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_alert.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, libextra/auth_srp.c, src/crypt.c,
	src/srp/tpasswd, src/srp/tpasswd.conf: Updated the SRP
	implementation to follow the latest draft.

2003-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tls_test.c: corrected bug which made some tests
	now to be compiled.

2003-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/x509_b64.c, src/retcodes.c: More more fixes by Arne.

2003-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: [no log message]

2003-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_server_name.c: [no log message]

2003-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c, src/tests.c, src/tls_test-gaa.c, src/tls_test-gaa.h,
	src/tls_test.c, src/tls_test.gaa: corrected bug in the session
	resumption detection in the gnutls-cli-debug, and other minor fixes.

2003-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/programs.tex, src/tls_test.c: [no log message]

2003-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/openssl.h, lib/gnutls_compress_int.c,
	src/tls_test.c: minor cleanups.

2003-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: [no log message]

2003-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509_b64.c: CR is now allowed in the base64 decoder.

2003-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/README.CVS: [no log message]

2003-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: _gnutls_bin2hex function was removed from
	gnutls_errors.c

2003-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: [no log message]

2003-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_global.c, lib/x509/Makefile.am, lib/{
	=> x509}/rc2.c, lib/{ => x509}/rc2.h: RC2 is not included when
	PKCS#12 is disabled.

2003-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/README.CODING_STYLE, doc/README.CVS: [no log
	message]

2003-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: [no log message]

2003-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/defines.h, lib/rc2.c: RC2 was made reentrant.
	The stddef.h is now included if found.

2003-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_global.c: [no log message]

2003-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_global.c: 
	added better check for gcrypt library.

2003-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_global.c, lib/gnutls_handshake.c,
	lib/gnutls_record.c, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
	libextra/ext_srp.c: Arne: - gcry_check_version() _must_ be called nowadays, says
	libgcrypt-1.1.42/NEWS.  - configure.in: the respective test in configure.in included
	<sys/stddef.h> (which doesn't exist) instead of the usual
	<stddef.h>.  - lib/gnutls_errors.c: declaration of function _gnutls_bin2hex()
	doesn't match prototype from file lib/gnutls_str.h, causing
	compilation failure - configure.in: -Wsign-compare removed.

2003-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/dh_compat.c, lib/gnutls_cipher_int.c,
	lib/gnutls_compress.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_mem.c, lib/gnutls_record.c,
	lib/gnutls_rsa_export.c, lib/rsa_compat.c, lib/x509/common.c,
	lib/x509_b64.c, libextra/ext_srp.c: more fixes by Arne.

2003-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/rc2.c: Cleaned up the RC2 cipher.

2003-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/alert.tex, doc/tex/ciphersuites.tex,
	doc/tex/ex-cert-select.tex, doc/tex/howto.tex, doc/tex/record.tex,
	doc/tex/record_weaknesses.tex, doc/tex/srp.tex,
	doc/tex/translayer.tex, lib/auth_cert.c, lib/auth_cert.h,
	lib/auth_dh_common.c, lib/auth_rsa_export.c, lib/dh_compat.c,
	lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_cert.c, lib/gnutls_compress_int.c,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_mem.c,
	lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_record.c,
	lib/gnutls_state.c, lib/gnutls_x509.c, lib/io_debug.h,
	lib/x509/compat.c, lib/x509/verify.c, libextra/auth_srp_sb64.c,
	src/retcodes.c: still more patches by Arne Thomassen

2003-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_compress_int.c,
	lib/gnutls_record.c: some more cleanups.

2003-08-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/record_weaknesses.tex, lib/gnutls_anon_cred.c,
	lib/gnutls_auth.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
	lib/gnutls_compress_int.c, lib/gnutls_db.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_record.c,
	lib/x509/pkcs7.c, lib/x509_b64.c, libextra/auth_srp_passwd.h,
	libextra/auth_srp_sb64.c, libextra/ext_srp.c: more patches by Arne
	Thomassen.

2003-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mpi.c: [no log
	message]

2003-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_anon_cred.c: [no log message]

2003-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/README.CODING_STYLE, doc/README.CVS,
	doc/protocol/{draft-ietf-tls-rfc2246-bis-04.txt =>
	draft-ietf-tls-rfc2246-bis-05.txt}, includes/gnutls/x509.h,
	lib/auth_anon.c, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/gnutls_alert.c, lib/gnutls_anon_cred.c,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_compress_int.c,
	lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_random.c,
	lib/gnutls_state.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
	lib/minitasn1/errors.c, lib/rc2.c, libextra/auth_srp.c,
	libextra/auth_srp_passwd.c, libextra/auth_srp_rsa.c,
	libextra/gnutls_extra.c, libextra/gnutls_openssl.c,
	libextra/gnutls_srp.h, src/common.c, src/serv.c, tests/x509_test.c: 
	Applied patch from Arne Thomassen <arne@arne-thomassen.de>, which
	corrects several things in the library.

2003-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/debug.c, lib/gnutls_algorithms.c,
	lib/gnutls_cert.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_dh.h, lib/gnutls_global.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
	lib/gnutls_pk.h, lib/gnutls_rsa_export.c, lib/rc2.c, lib/rc2.h,
	lib/x509/pkcs12.c, lib/x509/pkcs12.h, lib/x509/pkcs12_encr.c,
	lib/x509/pkcs5.c, lib/x509/privkey.c, lib/x509/privkey.h,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.h: Ported to the new
	libgcrypt (still unstable). Also added the RC2 cipher and improved
	the PKCS #12 stuff in order to support it.

2003-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/Makefile.am, lib/minitasn1/coding.c,
	lib/minitasn1/decoding.c, lib/minitasn1/element.c: * Added the new libtasn1.  * the tex files are included in the distribution.

2003-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: added missing rfc2818_hostname.lo object.

2003-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12_encr.c: Removed the salt size restriction
	(multiple of 8) to allow parsing IE5 generated structures.

2003-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/compat4.h: [no log message]

2003-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/ex-client-srp.tex,
	doc/tex/ex-client1.tex, doc/tex/ex-serv1.tex, doc/tex/handshake.tex: 
	[no log message]

2003-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-client-resume.tex, doc/tex/ex-client-srp.tex,
	doc/tex/ex-client1.tex, doc/tex/ex-client2.tex,
	doc/tex/ex-serv-export.tex, doc/tex/ex-serv-pgp.tex,
	doc/tex/ex-serv-srp.tex, doc/tex/ex-serv1.tex: added the
	(gnutls_transport_ptr) cast to example programs.

2003-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/openssl.h, libextra/gnutls_openssl.c: [no log
	message]

2003-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls.h.in.in: [no log message]

2003-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, doc/tex/ex-pkcs12.tex, lib/x509/pkcs12_encr.c: [no log
	message]

2003-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex-pkcs12.tex, includes/Makefile.am,
	includes/gnutls/Makefile.am, includes/gnutls/pkcs12.h,
	includes/gnutls/x509.h: [no log message]

2003-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12_encr.c: [no log message]

2003-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, doc/tex/Makefile.am,
	doc/tex/certificate.tex, doc/tex/ex-crq.tex, doc/tex/ex-pkcs12.tex,
	doc/tex/examples.tex, doc/tex/gnutls.tex: some reorganization on the
	documentation. Added also stuff about PKCS #12 structures.

2003-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: Corrected a null pointer dereference in
	gnutls_certificate_get_ours(). Report and Patch by Steve Langasek.

2003-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/dn.c, lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: 
	some cleanups.

2003-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls_buffers.c,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_pk.c, lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/pkcs12.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: Added function to do
	the MAC verification in the PKCS #12 structure.

2003-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/common.h, lib/x509/dn.c,
	lib/x509/dn.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h: Added stuff
	needed to read PKCS #12 bag attributes.

2003-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c,
	lib/x509/dn.c, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
	lib/x509/pkcs12_bag.c: Added ability to write Bag attributes
	LocalKeyId and friendlyName, in order for browsers to be able to
	import our structures.

2003-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls_state.c, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/pkcs12_encr.c,
	lib/x509/privkey_pkcs8.c: some cleanups.

2003-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c, lib/minitasn1/element.c: added new
	Fabio's fixes.

2003-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: PKCS #12 generation,
	finaly can interoperate with openssl even in the encrypted case.

2003-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs12.c,
	lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c: 
	Some more improvements in the PKCS #12 part. Now it interoperates
	with openssl pkcs12, in the unencrypted case.

2003-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/x509/common.c,
	lib/x509/common.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs5.c, lib/x509/privkey.h,
	lib/x509/privkey_pkcs8.c: Several more additions to PKCS #12 to
	allow encrypting bags. Still not interoperable.

2003-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, includes/gnutls/x509.h, lib/gnutls_algorithms.c,
	lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_int.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_session.c,
	lib/gnutls_state.c, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs12.c,
	lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
	lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c: More PKCS #12 additions.
	Now the code can generate PKCS #12 files. Also added the ability to
	decrypt plain DES encrypted PKCS #8 keys.

2003-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls_cert.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
	lib/x509/pkcs12_encr.c, lib/x509/pkcs5.c: Passwords in PKCS5 and
	PKCS12 are now restricted to ASCII ones.

2003-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c: Some changes in
	PKCS12 to allow a bag to hold more than one elements.

2003-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/x509/common.h, lib/x509/pkcs12.c,
	lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c: 
	some pkcs12 improvements.

2003-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/Makefile.am, lib/x509/common.h, lib/x509/pkcs12.h,
	lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
	lib/x509/privkey_pkcs8.c: Some additions to allow decrypting PKCS #5
	encrypted data, with PKCS #12 schema OIDs.

2003-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-cert-select.tex, doc/tex/ex-client2.tex,
	doc/tex/ex-serv-srp.tex, doc/tex/layers.tex, doc/tex/record.tex,
	doc/tex/tlsintro.tex, includes/gnutls/x509.h, lib/Makefile.am,
	lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
	lib/x509/pkcs12.c, lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c,
	lib/x509/privkey.h: Some improvements in PKCS12 parser. Now it can
	extract private keys from the structure.

2003-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/protocol/draft-ietf-tls-extensions-06.txt,
	doc/protocol/rfc3546.txt, doc/tex/gnutls.bib: new extensions RFC

2003-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-srp-04.txt,
	doc/protocol/draft-ietf-tls-srp-05.txt, doc/tex/gnutls.bib: new srp
	draft.

2003-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/gnutls.bib, doc/tex/library.tex: corrected a typo.

2003-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c: [no log message]

2003-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: added the most compatible ciphers in
	default priorities.

2003-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/cli.c, src/crypt.c: Corrected bug in SRP where a non
	allocated value was freed.  Reported by Hiroshi Hayakawa
	<deuva@rapid.ocn.ne.jp>.  Also the SRP programs are now build by default (they weren't due to
	a bug).

2003-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-ecc-01.txt,
	doc/protocol/draft-ietf-tls-ecc-03.txt: [no log message]

2003-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-rfc2246-bis-03.txt =>
	draft-ietf-tls-rfc2246-bis-04.txt}: [no log message]

2003-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h: [no log message]

2003-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dh_common.c, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
	lib/gnutls_dh.c, lib/x509/privkey.c, lib/x509/x509.c: [no log
	message]

2003-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-compression-04.txt =>
	draft-ietf-tls-compression-05.txt},
	doc/protocol/draft-ietf-tls-sharedkeys-01.txt: [no log message]

2003-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_buffers.c: Corrected a bug in the record layer
	buffering, which affected the case where external pull function was
	used. Report and a patch by Sergey Poznyakoff
	<gray@Mirddin.farlep.net>.

2003-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_server_name.c, lib/ext_server_name.h, lib/gnutls.h.in.in: 
	[no log message]

2003-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/defines.h, lib/minitasn1/decoding.c, lib/minitasn1/element.c,
	lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs12.c,
	lib/x509/pkcs12.h: some more stuff about PKCS12. Still on early
	stage and incomplete.

2003-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c: [no log message]

2003-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/defines.h: [no log message]

2003-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/openssl.h: [no log message]

2003-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cipher.c, lib/minitasn1/decoding.c,
	lib/minitasn1/der.h, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/x509/privkey.c, lib/x509/x509.c, libextra/gnutls_openssl.c,
	libextra/gnutls_srp.c, src/serv-gaa.c, src/serv.c, src/serv.gaa: 
	Several fixes in several places. Patch by Sean Gao
	<sean.gao@sun.com>.

2003-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: Corrections in the TLS layer openpgp certificate
	packet parser.

2003-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: [no log message]

2003-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls_x509.c,
	lib/x509/privkey.c, lib/x509/privkey.h, lib/x509/x509.c, src/serv.c: * Added gnutls_x509_privkey_get_key_id() and
	  gnutls_x509_crt_get_key_id() functions which return a unique (per
	  public key) ID. These can be used to check if the private key
	corresponds to a given certificate.

2003-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c: [no log message]

2003-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/x509guide.txt: [no log message]

2003-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c: The PEM header for certificate requests is now
	BEGIN NEW CERTIFICATE REQUEST.

2003-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_x509.c, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509/crq.c, lib/x509/pkcs7.c: Renamed all of the PKCS #xx stuff
	names, to pkcs-x-name.

2003-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/x509/Makefile.am, lib/x509/common.h,
	lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c: [no log message]

2003-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c: added definitions for pkcs12

2003-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: Corrected a bug in gnutls-cli while resuming sessions.
	Reported by Ivo Timmermans, patch by Gergely Nagy
	<algernon@boszorka.mad.hu>.

2003-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_server_name.c: Corrected bug in server_name extension
	which made the client to send the wrong size of data.

2003-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c, src/serv.c: [no log message]

2003-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: Increased the default DH bits limit.

2003-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/verify.c: some prototype fixes.

2003-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-openpgp-keys-02.txt =>
	draft-ietf-tls-openpgp-keys-03.txt}: [no log message]

2003-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_extra.c, src/cli.c, src/common.c, src/crypt.c,
	src/serv.c, src/tests.c, src/tls_test.c: Some fixes to allow proper
	compiling when --disable-srp-authentication and
	--disable-anon-authentication are specified. Patch by Paul Sheer.

2003-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_cert.c, lib/gnutls_x509.c,
	lib/x509/common.c, lib/x509/common.h, lib/x509/compat.c,
	lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs5.c, lib/x509/pkcs7.c,
	lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
	lib/x509/x509.c, lib/x509/xml.c, src/cli.c, src/common.c,
	src/serv.c: Added the --disable-extra-pki configure option, which
	disables all extra PKI stuff like PKCS #7, PKCS #10 etc. To be used
	in constraint systems.

2003-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/x509.c: [no log message]

2003-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_mpi.c, lib/minitasn1/decoding.c, lib/x509/crl.c,
	lib/x509/x509.c, libextra/gnutls_openpgp.c: several bug fixes in the
	certificate parsing, and some in the asn1 parser.

2003-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_x509.c, lib/x509/crl.c,
	lib/x509/x509.c: More fixes to eliminate constants.

2003-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_dh_primes.c,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
	lib/x509/mpi.c, lib/x509/privkey.c, lib/x509/x509.h: Eliminated the
	need for a hard coded max MPI parameter size.

2003-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.sym, libextra/gnutls-extra.sym: [no log message]

2003-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/common.h, lib/x509/xml.c,
	src/common.c: Some fixes in the gnutls_x509_crt_to_xml() function.

2003-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/x509/pkcs7.c, libextra/Makefile.am: [no log
	message]

2003-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c: some cleanups.

2003-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, includes/gnutls/x509.h, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/crl.c, lib/x509/pkcs7.c: Several
	improvments in the PKCS #7 handling. Added capability to delete
	certificates, and handle CRLs.

2003-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_alert.h,
	lib/x509/common.c, lib/x509/common.h, lib/x509/privkey_pkcs8.c,
	lib/x509/x509.c, lib/x509/x509.h: several cleanups.

2003-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_b64.c, lib/x509_b64.h: [no log message]

2003-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs7.c,
	lib/x509/x509.c, lib/x509_b64.c, lib/x509_b64.h: Several fixes to
	allow exporting the PKCS #7 structures.

2003-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c: [no log message]

2003-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_handshake.c,
	lib/gnutls_v2_compat.c: Some improvements in the version detection
	in the client hello.

2003-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/x509/pkcs7.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509.h: Added
	functionality to generate PKCS #7 structures. Currently only
	certificates can be put there. (untested)

2003-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: Added
	the --debug option to the gnutls-serv.

2003-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/minitasn1/coding.c, lib/minitasn1/element.c,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c, lib/pkix.asn, src/tests.c, src/tests.h,
	src/tls_test.c: Added bogus TLS record version check in the
	gnutls-cli-debug tool.

2003-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/ext_server_name.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_session_pack.c,
	lib/gnutls_sig.c, lib/x509/crl.c, lib/x509/crq.c, lib/x509/mpi.c,
	lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/sign.c,
	lib/x509/verify.c, lib/x509/x509.c: Several
	GNUTLS_E_UNIMPLEMENTED_FEATURE errors were replaced with meaningful
	error values.

2003-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Added the
	--debug option in the client.

2003-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_cert.c, lib/gnutls_buffers.c, lib/gnutls_global.c,
	lib/gnutls_kx.c: * Corrected behaviour when a certificate request message is
	  received.  Now a certificate packet is always sent, and in SSL 3.0
	  cipher suites a no_certificate alert is sent instead.

2003-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: Corrected a parsing error in the Certificate
	request message.

2003-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509/Makefile.am: last changes for 0.9.3 release.

2003-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509/mpi.c, lib/x509/pkcs7.c,
	lib/x509/verify.c: reduced the FIXMEs.

2003-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/privkey.h,
	lib/x509/privkey_pkcs8.c, src/cli-gaa.c, src/cli.gaa: Allow for
	unencrypted PKCS #8 private keys.

2003-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: [no log message]

2003-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_rsa_export.c: 
	The functions that return the pkix_asn and gnutls_asn types were
	converted to macros.

2003-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c, lib/x509/common.h, lib/x509/privkey_pkcs8.c,
	lib/x509/xml.c: Some cleanups.

2003-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/Makefile.am,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_constate.c, lib/gnutls_errors.c,
	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509.h: * Added support for encoding and decoding PKCS #8 2.0 encrypted   RSA private keys.

2003-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/funcs.tex, lib/gnutls_cert.c, lib/x509/Makefile.am: 
	the idea of using a separate library for x509 stuff was dropped for
	now.

2003-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: more cleanups.

2003-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_x509.c: [no log message]

2003-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls.h.in.in,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_x509.c,
	lib/minitasn1/coding.c, lib/pkix.asn, lib/x509/crl.c,
	lib/x509/x509.c, lib/x509/x509.h: * Added the new functions: gnutls_certificate_set_x509_key()   gnutls_certificate_set_x509_trust(),
	  gnutls_certificate_set_x509_crl(), gnutls_x509_crt_export(),
	gnutls_x509_crl_export().

2003-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/privkey_pkcs8.c: [no log
	message]

2003-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/Makefile.am,
	lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs5.c,
	lib/x509/pkcs5.h, lib/x509/privkey.c, lib/x509/privkey.h,
	lib/x509/privkey_pkcs8.c: Added ability to import PKCS8 encrypted
	keys.

2003-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex-serv-export.tex, includes/gnutls/compat8.h,
	lib/gnutls.h.in.in, lib/gnutls_ui.c, src/prime-gaa.c, src/prime.gaa: * The gnutls_certificate_set_rsa_params() was renamed to   gnutls_certificate_set_rsa_export_params().

2003-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-serv-export.tex, doc/tex/ex-serv1.tex: [no log message]

2003-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_int.h, lib/gnutls_pk.c: [no log
	message]

2003-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_rsa.c, lib/gnutls.h.in.in, lib/gnutls_alert.c,
	lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_pk.c, lib/gnutls_state.c, src/tests.c, src/tests.h,
	src/tls_test.c: * The RSA premaster secret version check can no longer be disabled.  * Implemented the counter measure discussed in the paper "Attacking   RSA-based Sessions in SSL/TLS", against the attack discussed in
	  the same paper.  * Added the functions: gnutls_handshake_get_last_in(),   gnutls_handshake_get_last_out().

2003-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_priority.c, lib/minitasn1/coding.c,
	lib/minitasn1/decoding.c, lib/minitasn1/element.c,
	lib/minitasn1/errors.c, lib/minitasn1/errors_int.h,
	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
	lib/minitasn1/structure.c, lib/x509/dn.c: * The diffie Hellman ciphersuites are now of higher priority than   the plain RSA.  * Added the new libtasn1.

2003-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/auth_rsa.c, lib/debug.c, lib/debug.h,
	lib/dh_compat.c, lib/gnutls.h.in.in, lib/gnutls_alert.c,
	lib/gnutls_alert.h, lib/gnutls_buffers.c, lib/gnutls_constate.c,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_pk.c, lib/gnutls_sig.c, lib/rsa_compat.c, lib/x509/dn.c,
	lib/x509/x509.c, libextra/auth_srp.c, libextra/gnutls_openpgp.c,
	src/cli.c: * Improved the error logging functions, by adding a level, and   by allowing debugging messages just by increasing the level.

2003-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, doc/tex/Makefile.am,
	doc/tex/ex-session-info.tex, doc/tex/{ex-info.tex =>
	ex-x509-info.tex}, doc/tex/examples.tex: [no log message]

2003-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2003-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/funcs.tex, lib/Makefile.am, lib/x509/Makefile.am: 
	some of the extra X.509 functionality was moved to libgnutls-x509
	library.

2003-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_pk.c,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/mpi.c, lib/x509/sign.c,
	lib/x509/verify.c, lib/x509/x509.c: better use of asn1_der_coding()
	to avoid using static buffers.

2003-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c: [no log message]

2003-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/x509/common.c,
	lib/x509/verify.c, lib/x509/x509.h: MD2 support was dropped this is
	an algorithm we cannot use.

2003-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c, lib/x509/common.c, lib/x509/common.h,
	lib/x509/sign.c, lib/x509/verify.c: some cleanups.

2003-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/crq.c, lib/x509/x509.c: Added
	gnutls_x509_crq_get_challenge_password().

2003-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CVS: [no log message]

2003-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, doc/tex/Makefile.am,
	doc/tex/ex-crq.tex, doc/tex/examples.tex: added an example about
	certificate request and private key generation.

2003-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_int.h, lib/x509/crq.c, lib/x509/x509.c: [no log
	message]

2003-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, includes/gnutls/x509.h, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/common.c, lib/x509/common.h,
	lib/x509/crq.c, lib/x509/dn.c, lib/x509/dn.h, lib/x509/x509.c,
	libextra/auth_srp_rsa.c: Added support for PKCS#10 certificate
	requests generation.

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/rfc2985.txt: added pkcs9 rfc.

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/crq.c: several other additions and fixes for the
	certificate request stuff.

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
	lib/x509/dn.c, lib/x509/dn.h, lib/x509/mpi.c, lib/x509/mpi.h,
	lib/x509/sign.c, lib/x509/sign.h: several other additions and fixes
	for the certificate request stuff.

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile, tests/openpgp_test.c: [no log message]

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/rfc2986.txt: added rfc for certificate requests.

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/pkix.asn,
	lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/crl.c,
	lib/x509/crq.c, lib/x509/crq.h, lib/x509/pkcs7.c,
	lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509.h: Added some
	stuff needed in PKCS#10 certificate request generation. Some other
	fixes as well.

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: [no log message]

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/auth_rsa_export.c, lib/gnutls_int.h,
	lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
	lib/x509/privkey.c, lib/x509/x509.h: The RSA parameters handling
	functions, are now implemented using the rsa privkey functions.

2003-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/privkey.c: added flags to
	privkey_generate()

2003-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: unmap data and close the file descriptor after
	the mmap().

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, libextra/gnutls_srp.c: [no log message]

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_srp.c: fixed a memory leak. Reported by Rupert
	Kittinger <r.kittinger@efkon.com>

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls_dh_primes.c, lib/gnutls_x509.c,
	src/cli.c: Use mmap() if available to read files.

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/Makefile.am, lib/defines.h,
	lib/gnutls_dh_primes.c, lib/gnutls_x509.c, lib/strnstr.c,
	lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
	lib/x509_b64.c: * Added an strnstr() function and the requirement in some functions
	  to use null terminated PEM structures is no more.

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: [no log message]

2003-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/auth_cert.c, lib/auth_cert.h,
	lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_mpi.h,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_x509.c,
	lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509.h, libextra/auth_srp_rsa.c, libextra/gnutls_openpgp.c: * Added ability to generate RSA keys.  * Increased the maximum parameter size in order to read some large
	  keys by some CAs. Patch by Ian Peters <itp@ximian.com>.  * Rolled back some of yesterdays changes. The gnutls_x509_privkey,
	  was replaced (again) by the gnutls_privkey.

2003-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_cert.c, lib/auth_cert.h,
	lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_int.h,
	lib/gnutls_privkey.c, lib/gnutls_privkey.h, lib/gnutls_sig.c,
	lib/gnutls_sig.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/x509/privkey.c, lib/x509/x509.h: some improvements in the
	private key handling api. It is now used internally.

2003-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_ui.c: [no log message]

2003-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_ui.c: The fingerprint now accepts a
	pointer to an int instead of a ptr to a size_t.

2003-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-info.tex, src/common.c: [no log message]

2003-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS: [no log message]

2003-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-rfc2246-bis-02.txt =>
	draft-ietf-tls-rfc2246-bis-03.txt}: added the new tls 1.1 draft

2003-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2003-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/gnutls_buffers.c,
	lib/x509/Makefile.am, libextra/Makefile.am: the documentation is now
	created on dist time.

2003-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_buffers.c: Corrected a broken buffer check in
	_gnutls_io_read_buffered()

2003-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/Makefile.am: [no log message]

2003-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE, doc/tex/certificate.tex,
	doc/tex/ex-rfc2818.tex, doc/tex/ex-serv-export.tex,
	doc/tex/ex-serv1.tex: some documentation fixes.

2003-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/record_weaknesses.tex: Documented the last timing attack.

2003-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/defines.h, lib/gnutls.h.in.in,
	lib/gnutls_alert.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
	lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/gnutls_num.c,
	lib/gnutls_num.h, lib/gnutls_ui.c, lib/gnutls_x509.c, src/serv.c: * Corrected a bug in 64 bit architectures, which affected the   serial number calculation in the record layer.  * Added gnutls_certificate_free_keys() which deletes all the   private keys and certificates from the credentials structure.

2003-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c: updated to the
	new libtasn1.

2003-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: Added
	protection against the new TLS 1.0 record layer timing attack.

2003-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/auth_cert.h, lib/gnutls.h.in.in,
	lib/gnutls_ui.c, lib/gnutls_x509.c, lib/x509/verify.c,
	lib/x509/verify.h, src/cli.c, src/common.c: Added a flag to allow
	signing by v1 X.509 certificates. Also added a function to allow
	setting the verification flags in the credentials structure.

2003-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tls_test.c: some fixes in tests

2003-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/x509/verify.c: Added
	support for MD2 signature verification in X.509 certificates.

2003-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/tests.c, src/tls_test.c: Added option to disable all TLS 1.0
	extensions.

2003-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: [no log message]

2003-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/Makefile.am, lib/Makefile.am: some fixes in
	makefiles.

2003-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_cipher.c, lib/gnutls_dh_primes.c,
	lib/gnutls_global.c: [no log message]

2003-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: [no log message]

2003-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, doc/tex/Makefile.am,
	doc/tex/ex-cert-select.tex, doc/tex/ex-info.tex,
	doc/tex/examples.tex: Added a small example on how to use the
	certificate selection callback in client side.

2003-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_auth.c, lib/gnutls_mpi.c, lib/gnutls_pk.c,
	libextra/auth_srp.c, libextra/gnutls_srp.c: some fixes in types.

2003-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_cert.c, src/cli.c, src/tests.c: The
	client certificate selection callback is no longer called twice. It
	is called once if it is set.

2003-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c, lib/gnutls_record.c, lib/gnutls_session.c: 
	[no log message]

2003-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: [no log message]

2003-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: [no log message]

2003-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tls_test.c: works better in buggy servers.

2003-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2003-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex-serv-export.tex, doc/tex/ex-serv1.tex,
	includes/gnutls/compat8.h, includes/gnutls/x509.h, lib/Makefile.am,
	lib/dh_compat.c, lib/gnutls.h.in.in, lib/gnutls_dh_primes.c,
	lib/gnutls_int.h, lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
	lib/rsa_compat.c, lib/x509/mpi.c, libextra/Makefile.am,
	src/prime.c, src/serv.c: The RSA and DH parameter handling has been
	updated.

2003-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_x509.c, lib/x509/x509.c: Added a
	primitive function to load a file into memory, so that no
	certificate files are truncated. Also fixed a bug in the client
	certificate callback function.

2003-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c, lib/x509/dn.c, lib/x509/pkcs7.c,
	lib/x509/pkcs7.h, lib/x509/x509.c: Null, as the data value, is now
	an acceptable value in functions that may return the size of the
	data.

2003-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, src/common.c: [no log message]

2003-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls.h.in.in, lib/gnutls_cert.c,
	lib/gnutls_ui.h, lib/x509/dn.c, lib/x509/rfc2818_hostname.c,
	src/cli.c, src/common.c, src/tests.c, src/tests.h, src/tls_test.c: 
	Corrected bugs in gnutls_x509_rdn_get(). Added a test to print the
	server's trusted CAs in gnutls-cli-debug, and in gnutls-cli.

2003-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/prime.c: [no log message]

2003-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2003-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, includes/gnutls/x509.h, lib/gnutls_cert.c,
	lib/gnutls_dh_primes.c, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
	lib/gnutls_pk.c, lib/gnutls_privkey.c, lib/gnutls_x509.c,
	lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/element.c, lib/minitasn1/errors.c,
	lib/minitasn1/gstr.h, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
	lib/minitasn1/structure.c, lib/x509/common.c, lib/x509/compat.c,
	lib/x509/crl.c, lib/x509/dn.c, lib/x509/dn.h,
	lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/pkcs7.c,
	lib/x509/verify.c, lib/x509/x509.c, lib/x509/xml.c: ported to
	libtasn1 0.2.x. Also the included minitasn1 was replaced by the
	0.2.1 version of libtasn1.

2003-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_int.h,
	lib/x509/crl.c, lib/x509/dn.c, lib/x509/x509.c: gnutls_const_datum
	was removed from exported types, for the time being.

2003-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h: [no log message]

2003-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: [no log message]

2003-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, doc/TODO, lib/auth_cert.c, lib/gnutls_int.h,
	lib/gnutls_state.c, lib/gnutls_x509.c: Added option to allow an
	X.509 server not to send the trusted CA list to the peer.

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/appendix.tex, doc/tex/certificate.tex,
	doc/tex/ex-info.tex, doc/tex/ex-rfc2818.tex, doc/tex/funcs.tex,
	doc/tex/gnutls.bib, doc/tex/x509cert.xml.tex: [no log message]

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, src/cli.c, src/serv.c: [no log message]

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c: [no log message]

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, src/tests.c, src/tests.h, src/tls_test.c: Added
	test which prints the Diffie Hellman prime bits used.

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/compat8.h, includes/gnutls/x509.h,
	lib/gnutls.h.in.in, lib/gnutls_dh_primes.c, lib/gnutls_int.h,
	lib/gnutls_privkey.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
	lib/x509/Makefile.am, lib/x509/compat.c, lib/x509/crl.c,
	lib/x509/pkcs7.c, lib/x509/pkcs7.h, lib/x509/privkey.c,
	lib/x509/x509.c, lib/x509/x509.h: Added some private key handling
	functions. They are primitive enough for now.

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: some fixes
	to compile.

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-extensions-05.txt =>
	draft-ietf-tls-extensions-06.txt}: added new extensions draft.

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/compat8.h, includes/gnutls/x509.h,
	lib/auth_cert.c, lib/auth_cert.h, lib/gnutls.h.in.in,
	lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_int.h,
	lib/gnutls_ui.h, lib/gnutls_x509.c, lib/x509/compat.c,
	lib/x509/crl.c, lib/x509/extensions.c, lib/x509/extensions.h,
	lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
	lib/x509/rfc2818_hostname.c, lib/x509/verify.c, lib/x509/verify.h,
	lib/x509/x509.c, lib/x509/x509.h, lib/x509/xml.c, tests/x509_test.c: 
	gnutls_x509_certificate_* were renamed gnutls_x509_crt_*.

2003-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_int.h,
	lib/gnutls_ui.c, lib/x509/x509.c: added
	gnutls_x509_certificate_get_fingerprint(). Untested yet.

2003-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/compat8.h, lib/debug.c, lib/debug.h,
	lib/gnutls.h.in.in, lib/gnutls_errors.c, lib/gnutls_global.c,
	lib/gnutls_ui.c, lib/gnutls_ui.h, lib/x509/compat.h,
	lib/x509/rfc2818_hostname.c, lib/x509/x509.c: renamed
	gnutls_x509_fingerprint to gnutls_fingerprint.

2003-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c, src/prime.c: fixes in pkcs3 DH parameter
	generation.

2003-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp_rsa.c: [no log message]

2003-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/Makefile.am, includes/gnutls/Makefile.am,
	includes/gnutls/compat8.h, lib/Makefile.am, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/gnutls.h.in.in, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_dh_primes.c, lib/gnutls_handshake.c,
	lib/gnutls_rsa_export.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/x509/compat.c, lib/x509/extensions.c,
	lib/x509/pkcs7.h, lib/x509/x509.h, lib/x509_extensions.c,
	lib/x509_extensions.h, lib/x509_sig_check.c, lib/x509_verify.c,
	lib/x509_verify.h, libextra/auth_srp_rsa.c,
	libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openpgp.h, src/cli-gaa.c, src/cli-gaa.h, src/cli.c,
	src/cli.gaa, src/serv-gaa.c, src/serv-gaa.h, src/serv.c,
	src/serv.gaa: Several internal changes to use the new certificate
	API. CRL support is complete.

2003-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/Makefile.am, lib/x509/common.c,
	lib/x509/crl.c, lib/x509/crl.h, lib/x509/dn.c, lib/x509/dn.h,
	lib/x509/pkcs7.c, lib/x509/verify.c, lib/x509/x509.c,
	lib/x509/x509.h, tests/test20.pem, tests/test21.pem,
	tests/x509_test.c: Certificate revocation support is almost
	complete.

2003-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_int.h,
	lib/x509/crl.c, lib/x509/crl.h, lib/x509/verify.c,
	lib/x509/verify.h, lib/x509/x509.c, lib/x509/x509.h: added a crl
	verification function (untested yet).

2003-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c, src/common.c: [no log message]

2003-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_x509.c,
	lib/x509/Makefile.am, lib/x509/compat.c, lib/x509/compat.h,
	lib/x509/crl.c, lib/x509/dn.c, lib/x509/dn.h,
	lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/mpi.c,
	lib/x509/mpi.h, lib/x509/rfc2818_hostname.c, lib/x509/verify.c,
	lib/x509/verify.h, lib/x509/x509.c, lib/x509/x509.h,
	lib/x509_b64.c, tests/test2.pem, tests/x509_test.c: Added some new
	certificate verification functions.

2003-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/gnutls_cert.c, lib/x509/dn.c: 
	[no log message]

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_privkey.c: removed the raw part in the gnutls_privkey
	internal structure..

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/compat.c, lib/x509/extensions.c,
	lib/x509/extensions.h, lib/x509/rfc2818_hostname.c,
	lib/x509/x509.c, lib/x509/x509.h: Criticality of an X.509 extension
	can now be extracted.

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/x509/.cvsignore,
	lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
	lib/x509_extensions.c: Added function to extract the key usage
	extension from an X.509 certificate, and combined some code.

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: [no log message]

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/Makefile.am, doc/tex/certificate.tex,
	doc/tex/ex-info.tex, doc/tex/ex-rfc2818.tex, doc/tex/funcs.tex,
	includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_dh_primes.c,
	lib/gnutls_ui.h, lib/gnutls_x509.h, lib/x509/Makefile.am,
	lib/x509/compat.h, lib/x509/dn.h, lib/{ =>
	x509}/rfc2818_hostname.c, lib/x509/x509.h, lib/{x509_xml.c =>
	x509/xml.c}: More stuff for the new certificate API.

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_cert.c,
	lib/gnutls_errors.h, lib/gnutls_errors_int.h, lib/gnutls_x509.c,
	lib/x509/Makefile.am, lib/x509/compat.c, lib/x509/dn.c: The old
	certificate parsing API was reimplemented over the new one. It will
	stay in the 1.0.0 release for compatibility reasons.

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_x509.h,
	lib/x509/Makefile.am, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/pkcs7.c, lib/x509/pkcs7.h, lib/x509/x509.c: Added the new
	PKCS7 parsing functions.

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509.c, lib/x509/x509.h: Added the new certificate
	handling functions.

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-client-resume.tex, doc/tex/ex-client1.tex,
	doc/tex/ex-client2.tex, doc/tex/ex-serv-export.tex,
	doc/tex/ex-serv-pgp.tex, doc/tex/ex-serv1.tex,
	includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/x509/Makefile.am, lib/x509/common.c,
	lib/x509/common.h, lib/x509/crl.c, lib/x509/crl.h, lib/x509_xml.c: 
	Added the new certificate handling functions.

2003-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS, includes/gnutls/x509.h, lib/Makefile.am,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509/Makefile.am,
	lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
	lib/x509/dn.c, lib/x509/dn.h, lib/x509_extensions.c, lib/x509_xml.c: 
	More improvements in the CRL support, and the X.509 backend. Added a
	function to get some parts of the DN using an OID.

2003-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/x509/crl.c, lib/x509/crl.h: CRL parsing
	support is almost complete.

2003-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/x509.h, lib/debug.c, lib/debug.h,
	lib/gnutls_dh_primes.c, lib/gnutls_rsa_export.c, lib/gnutls_str.c,
	lib/gnutls_str.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/x509/crl.c, lib/x509/dn.c, lib/x509/dn.h: Several fixes and
	improvements in CRL support.

2003-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, includes/Makefile.am,
	includes/gnutls/Makefile.am, includes/gnutls/x509.h,
	lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_x509.c,
	lib/x509/Makefile.am, lib/x509/crl.c, lib/x509/crl.h,
	lib/x509/dn.c, lib/x509/dn.h: Added preliminary CRL support. This
	will be under the new X.509 API. Other x509 functions will be
	updated later.

2003-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c, lib/gnutls_pk.c: some fixes. There wasn't
	any limitation in libtasn1 code... just my lazyness.

2003-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/prime-gaa.c, src/prime-gaa.h, src/prime.c, src/prime.gaa: use
	options to print DH parameters.

2003-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/gnutls_ui.h,
	lib/minitasn1/coding.c, src/prime.c: * Added gnutls_pkcs3_extract_dh_params() and
	  gnutls_pkcs3_export_dh_params() which extracts and export parameters
	  from and to PKCS#3 encoded structures.  These were added to read
	parameters generated using the openssl dhparam tool.  * The prime program was modified to also print the generated prime
	  and generator using the PKCS#3 format.

2003-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/ex-serv-export.tex,
	doc/tex/ex-serv-pgp.tex, doc/tex/ex-serv1.tex, lib/Makefile.am,
	lib/auth_anon.c, lib/auth_dhe.c, lib/gnutls.asn,
	lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_anon_cred.c,
	lib/gnutls_asn1_tab.c, lib/gnutls_cert.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_global.c, lib/gnutls_int.h,
	lib/gnutls_mpi.c, lib/gnutls_rsa_export.c, lib/gnutls_state.c,
	lib/gnutls_ui.h, src/serv-gaa.c, src/serv-gaa.h, src/serv.c,
	src/serv.gaa: * gnutls_dh_params_generate() and gnutls_rsa_params_generate() now
	 use gnutls_malloc() to allocate the output parameters.  * Added gnutls_pkcs3_extract_dh_params() which extracts parameters
	 from PKCS#3 encoded structures. This was in order to read parameters
	 generated using the openssl dhparam tool.  * Several changes in the temporary (DH/RSA) parameter codebase. No
	 DH parameters are now included in the library. Also a credentials
	 structure can now hold only one temporary parameter.

2003-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: more doc for the gnutls_set_dh_prime_bits().

2003-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls.sym, lib/gnutls_alert.c,
	lib/gnutls_int_compat.c: removed backward compatibility functions
	for 0.9.0 version.

2003-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/.cvsignore: [no log message]

2003-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/compression.tex: [no log message]

2003-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/compression.tex: [no log message]

2003-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h, libextra/auth_srp.c: 
	use RECEIVED_ILLEGAL_PARAMETER instead of SRP_PROTOCOL_FAILURE, when
	the SRP protocol fails.

2003-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: The gcrypt log handler is only set when we
	are in debugging mode.

2003-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: [no log message]

2003-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_rsa.c, lib/debug.c, lib/gnutls_algorithms.c,
	lib/gnutls_compress_int.c, lib/gnutls_dh_primes.c,
	lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
	lib/gnutls_global.c, lib/gnutls_rsa_export.c, lib/gnutls_x509.c,
	src/cli.c: Added ability to send some messages back to the
	application using the gnutls_global_set_log_function(). This is
	quite experimental.

2003-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-client-resume.tex, doc/tex/ex-client-srp.tex,
	doc/tex/ex-client1.tex, doc/tex/ex-client2.tex,
	doc/tex/ex-rfc2818.tex: some minor bugfixes in the documentation.

2003-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_mpi.h,
	libextra/auth_srp.c: Added check and error code for some SRP fatal
	protocol failures.

2003-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tls_test.c: [no log message]

2003-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp_passwd.c, libextra/gnutls_srp.c: more cleanups.

2003-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h: 
	[no log message]

2003-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_alert.c, lib/gnutls_auth_int.h,
	lib/gnutls_handshake.c, libextra/auth_srp.c,
	libextra/auth_srp_passwd.c, libextra/ext_srp.c,
	libextra/gnutls_openpgp.c, src/cli.c: The library notifies the
	application on empty and illegal SRP usernames, so that proper
	notification (via an alert) is sent to the peer. Currently when the
	SRP ciphersuite is advertized but no username is sent by the peer,
	the library returns GNUTLS_E_EMPTY_SRP_USERNAME, and the alert
	associated with this is GNUTLS_A_ACCESS_DENIED (to be changed when
	the srp draft defines something more appropriate).

2003-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp_passwd.c: Some cleanups.

2003-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/Makefile.am, doc/scripts/Makefile.am,
	lib/gnutls_x509.c, libextra/auth_srp_passwd.c: [no log message]

2003-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2003-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tls_test.c: improved srp detection

2003-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
	libextra/auth_srp.c, libextra/auth_srp_passwd.c,
	libextra/auth_srp_passwd.h, libextra/gnutls_srp.c, src/cli.c,
	src/tests.c: Improved the SRP support, to prevent attackers guessing
	the available usernames by brute force. The g,n values sent are now
	obtained by the password conf file. (they were static ones)

2003-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cover.tex.in, lib/Makefile.am, lib/auth_anon.c,
	lib/auth_cert.c, lib/auth_dh_common.c, lib/auth_dhe.c,
	lib/auth_rsa.c, lib/auth_rsa_export.c, lib/debug.c,
	lib/ext_cert_type.c, lib/ext_server_name.c, lib/gnutls_alert.c,
	lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress_int.c,
	lib/gnutls_constate.c, lib/gnutls_datum.c, lib/gnutls_db.c,
	lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_extensions.c,
	lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_mem.c,
	lib/gnutls_mpi.c, lib/gnutls_pk.c, lib/gnutls_record.c,
	lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/gnutls_x509.c, lib/x509_extensions.c, lib/x509_sig_check.c,
	lib/x509_verify.c, lib/x509_xml.c: [no log message]

2003-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am: [no log message]

2003-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2003-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2003-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/patents.tex,
	includes/gnutls/compat4.h, libmcrypt.m4: [no log message]

2003-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_buffers.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_record.c, lib/gnutls_record.h: 
	Prefixed with underscore some internal functions.

2003-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/appendix.tex, doc/tex/library.tex, doc/tex/srp.tex: 
	[no log message]

2003-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/patents.tex, doc/tex/srp.tex, lib/Makefile.am,
	lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_x509.c,
	lib/x509_b64.c, libextra/auth_srp.c, libextra/auth_srp_passwd.c,
	libextra/gnutls_openpgp.c: GNUTLS_E_PARSING_ERROR error code was
	replaced by GNUTLS_E_BASE64_DECODING_ER and
	GNUTLS_E_SRP_PWD_PARSING_ERROR. GNUTLS_E_ASCII_ARMOR_ERROR was also
	replaced by GNUTLS_E_BASE64_DECODING_ERROR.

2003-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am, doc/tex/Makefile.am, doc/tex/appendix.tex,
	doc/tex/patents.tex: Added some information about the SRP patents in
	the documentation.

2003-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-serv-srp.tex: [no log message]

2003-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c: [no log message]

2003-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, acinclude.m4, configure.in, doc/README.CODING_STYLE,
	lib/Makefile.am, lib/defines.h, lib/gnutls.h.in.in, lib/gnutls.sym,
	lib/gnutls_auth.c, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_state.c, libextra/Makefile.am,
	libextra/gnutls-extra.sym: Only the documented symbols are now
	exported.

2003-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: If the certificate does not contain the
	basicConstraints extension GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
	will be returned by gnutls_x509_extract_certificate_ca_status().

2003-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509_extensions.c: [no log message]

2003-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_ui.h, lib/gnutls_x509.c: Added
	gnutls_x509_extract_certificate_ca_status() which returns the CA
	status of the given certificate.

2003-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-rfc2818.tex: [no log message]

2003-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2003-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: [no log message]

2003-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2003-01-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls_compress_int.c,
	lib/minitasn1/Makefile.am, libextra/Makefile.am: If liblzo is found
	in the system then libgnutls-extra will depend on it, instead of
	including minilzo.

2002-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mpi.c: Added a test for null (zero) integers in MPI
	scanning.

2002-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tls_test.c: some fixes in the gnutls-cli-debug
	program

2002-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: Added missing stub function.

2002-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile: [no log message]

2002-12-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/minitasn1/Makefile.am, lib/minitasn1/README: [no
	log message]

2002-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/Makefile.am: [no log message]

2002-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, NEWS, configure.in, doc/README.CVS, lib/Makefile.am,
	lib/defines.h, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
	lib/minitasn1/der.h, lib/minitasn1/element.c,
	lib/minitasn1/element.h, lib/minitasn1/errors.c,
	lib/minitasn1/errors.h, lib/minitasn1/errors_int.h,
	lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h,
	lib/minitasn1/libtasn1.h, lib/minitasn1/mem.h,
	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
	lib/minitasn1/structure.c, lib/minitasn1/structure.h: [no log
	message]

2002-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: depends on libgcrypt 1.1.11

2002-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/gnutls_auth.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
	libextra/auth_srp.c, libextra/auth_srp.h, libextra/auth_srp_rsa.c: 
	Dropped the support for the client key exchange message 0, and
	server key exchange message 2.

2002-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/debug.c, lib/gnutls_mpi.h,
	lib/gnutls_record.c, libextra/auth_srp.c: Finished SRP-6 stuff. It
	should work fine now.

2002-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c, libextra/auth_srp_rsa.c, libextra/ext_srp.c,
	libextra/gnutls_srp.c, libextra/gnutls_srp.h: First part of SRP-6
	support. Follows draft-ietf-tls-srp-04 and does not need the second
	key exchange part. Does not work yet.

2002-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-compression-03.txt =>
	draft-ietf-tls-compression-04.txt},
	doc/protocol/{draft-ietf-tls-srp-03.txt =>
	draft-ietf-tls-srp-04.txt}, doc/tex/gnutls.bib,
	doc/tex/programs.tex: [no log message]

2002-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/extra.h, libextra/gnutls_openpgp.c: Added
	gnutls_openpgp_extract_key_name_string() which returns a single
	string for a pgp user id.

2002-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-serv-export.tex, src/serv.c: updated some example and
	the server to use the new gnutls_malloc() in callbacks.

2002-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.h, lib/gnutls_x509.c: Added the
	gnutls_x509_extract_dn_string() function.

2002-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/README.CODING_STYLE: [no log message]

2002-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: [no log message]

2002-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, doc/TODO: [no log message]

2002-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, lib/gnutls_mem.c, libextra/gnutls_openpgp.c: [no log
	message]

2002-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2002-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: updated to include a callback for receiving openpgp
	keys, using libopencdk.

2002-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_cert_type.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_sig.c, lib/x509_b64.c,
	libextra/auth_srp_sb64.c: some cleanups

2002-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: minor cleanups

2002-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pgp-keyserver.tex: [no log message]

2002-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_server_name.c: some fixes in server_name extension

2002-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pgp-keyserver.tex, src/serv-gaa.c, src/serv-gaa.h,
	src/serv.c, src/serv.gaa: [no log message]

2002-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/callbacks.tex, lib/gnutls.h.in.in, lib/gnutls_db.c,
	lib/gnutls_global.c, lib/gnutls_mem.c, lib/x509_b64.c,
	libextra/auth_srp_sb64.c, libextra/gnutls_srp.c: Exported the more
	convenient gnutls_malloc() and gnutls_free() functions. Actually
	pointers to functions.

2002-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_global.c: [no log message]

2002-12-07  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Some bug fixes for the OpenPGP code.

2002-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c, libextra/gnutls_srp.c: [no log message]

2002-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/x509_b64.c, libextra/auth_srp_sb64.c: Changed the
	semantics of gnutls_pem_base64_encode_alloc() and
	gnutls_pem_base64_decode_alloc(). In the default case were the
	gnutls library is used with malloc/realloc/free, these are binary
	compatible.  They now require the returned data to be freed using the
	gnutls_global_get_free_function().

2002-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, lib/gnutls_int.h, lib/gnutls_ui.h,
	libextra/auth_srp_passwd.c, libextra/gnutls_srp.c,
	libextra/gnutls_srp.h: some cleanups.

2002-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/Makefile.am, doc/tex/callbacks.tex,
	doc/tex/library.tex, lib/gnutls.h.in.in, lib/gnutls_datum.c,
	lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_global.c,
	lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_state.c,
	lib/gnutls_str.c, lib/gnutls_str.h, libextra/auth_srp_passwd.c,
	libextra/auth_srp_passwd.h, libextra/gnutls_srp.c, src/cli.c,
	src/serv.c: Added the new functions gnutls_get_malloc_function(),
	gnutls_get_free_function(). Also changed the way callback functions
	must allocate data. They now need to use these functions, instead of
	just calling malloc().

2002-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c, libextra/auth_srp_passwd.c,
	libextra/auth_srp_passwd.h, libextra/gnutls_srp.c: more updates in
	the SRP parameter callback.

2002-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, includes/gnutls/extra.h: [no log message]

2002-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/ext_srp.c, libextra/gnutls_srp.c: Some updates in the srp
	codebase, to detect illegal usernames etc.

2002-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c: added error code to
	report illegal srp usernames. Some fixes in the extension parsing to
	report fatal errors.

2002-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_extensions.c, lib/x509_verify.c: some optimizations in
	string handling of the x.509 asn.1 parsers.

2002-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp_test.c: [no log message]

2002-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, doc/tex/ex-pgp-keyserver.tex: [no log message]

2002-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: [no log message]

2002-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/ex-pgp-keyserver.tex,
	doc/tex/examples.tex, doc/tex/macros.tex, doc/tex/preparation.tex: 
	Added a chapter for sources preparation. Based on the documenation
	of libksba.

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/ex-pgp-keyserver.tex: depends on opencdk
	0.3.5

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pgp-keyserver.tex, doc/tex/gnutls.bib,
	doc/tex/srp.tex, doc/tex/x509.tex: [no log message]

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c: Corrected bug in extension parsing.

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_extra.c: [no log message]

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/Makefile.am, doc/tex/srp.tex: [no log message]

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, includes/gnutls/extra.h, libextra/gnutls_srp.c: 
	some updates on srp documentation.

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pgp-keyserver.tex: [no log message]

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pgp-keyserver.tex: [no log message]

2002-12-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/ext_cert_type.c, lib/ext_server_name.c,
	lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
	lib/gnutls_compress_int.c, lib/gnutls_constate.c,
	lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_db.c,
	lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mem.c,
	lib/gnutls_mpi.c, lib/gnutls_num.c, lib/gnutls_pk.c,
	lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_random.c,
	lib/gnutls_record.c, lib/gnutls_rsa_export.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
	lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/gnutls_x509.c, lib/x509_extensions.c, lib/x509_sig_check.c,
	libextra/auth_srp.c, libextra/auth_srp_passwd.c,
	libextra/auth_srp_rsa.c, libextra/ext_srp.c,
	libextra/gnutls_extra.c, libextra/gnutls_openpgp.c,
	libextra/gnutls_srp.c: Cleanups. Prefixed some internal function
	with underscore.

2002-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: more fixes in
	gnutls_x509_extract_certificate_dn_string()

2002-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_dh_primes.c: [no log message]

2002-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex-pgp-keyserver.tex, includes/gnutls/extra.h,
	lib/gnutls_dh.h, lib/gnutls_dh_primes.c, libextra/auth_srp.c,
	libextra/auth_srp.h, libextra/auth_srp_passwd.c,
	libextra/auth_srp_passwd.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_srp.c, libextra/gnutls_srp.h, src/common.c: Added
	the function gnutls_srp_server_set_credentials_function() to allow
	retrieving SRP parameters from an external backend - other than
	password files.

2002-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex-pgp-keyserver.tex, lib/auth_cert.c,
	libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openpgp.h: Enabled the OpenPGP key retrieval
	callback function (untested yet).

2002-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/Makefile.am, libextra/crypt.c, libextra/crypt.h,
	libextra/crypt_srpsha1.c, libextra/crypt_srpsha1.h: removed all
	files related to srpsha1 encoding. The are not needed any more.

2002-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/gnutls/extra.h, lib/x509_b64.c,
	libextra/auth_srp_sb64.c, libextra/crypt.c,
	libextra/crypt_srpsha1.c, libextra/gnutls_srp.c,
	libextra/gnutls_srp.h, src/common.c, src/crypt-gaa.c, src/crypt.c,
	src/crypt.gaa: Added the functions:    gnutls_srp_verifier()    gnutls_srp_base64_encode()    gnutls_srp_base64_decode() and modified the gnutls-srpcrypt, to use the exported functions.

2002-12-01  Timo Schulz <twoaday@gnutls.org>

	* tests/openpgp_test.c: Some enhancements for the OpenPGP test
	program.

2002-12-01  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Some new code for the OpenPGP lib.

2002-12-01  Timo Schulz <twoaday@gnutls.org>

	* tests/openpgp_test.c: Some enhancements for the OpenPGP test
	program.

2002-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2002-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_x509.c: 
	gnutls_x509_extract_certificate_dn_string() now behaves as described
	in RFC2253.

2002-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE, includes/gnutls/extra.h,
	lib/gnutls_int.h: some changes in the callback function behaviour.

2002-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: linked against libgcrypt (I saw that in debian)

2002-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE, doc/README.CVS: [no log message]

2002-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CODING_STYLE: [no log message]

2002-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/alert.tex, doc/tex/certificate.tex, doc/tex/errors.tex,
	doc/tex/examples.tex, doc/tex/funcs.tex, doc/tex/gnutls.bib,
	doc/tex/handshake.tex, doc/tex/layers.tex, doc/tex/openpgp.tex,
	doc/tex/record.tex, doc/tex/record_weaknesses.tex,
	doc/tex/tls_extensions.tex: [no log message]

2002-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/compat.h: [no log message]

2002-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, libextra/auth_srp_rsa.c,
	libextra/gnutls_extra.c: Several cleanups and elimination of
	warnings.

2002-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/gnutls.bib, doc/tex/record.tex,
	doc/tex/record_weaknesses.tex, doc/tex/tls_extensions.tex,
	doc/tex/tlsintro.tex, includes/gnutls/compat4.h,
	lib/ext_server_name.c, lib/gnutls_int_compat.c: updated
	documentation to include record layer weaknesses and
	counter-measures, and the supported TLS extensions.

2002-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/Makefile.am, includes/gnutls/Makefile.am: [no log
	message]

2002-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/compat4.h, lib/gnutls.h.in.in: compat4.h was
	added, and is included by default in gnutls.h.

2002-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/compat.h, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cert.h, lib/gnutls_sig.c,
	lib/gnutls_ui.h, lib/gnutls_x509.c, lib/rfc2818_hostname.c,
	libextra/gnutls_extra.c: Moved the GNUTLS_X509KEY_* to gnutls_cert.h
	and renamed them to KEY_*. Improved the checking of key usage.

2002-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: added the AES ciphersuites for
	certificate srp authentication.

2002-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.autoconf, doc/TODO: [no log message]

2002-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex: [no log message]

2002-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_x509.c, libextra/auth_srp_rsa.c, libextra/ext_srp.c,
	libextra/gnutls_extra.c, src/cli.c, src/common.c, src/common.h,
	src/serv.c: Added support for the DSS certificate SRP authenticated
	cipher suites (currently only with 3DES cipher). Cleaned up the
	client and server code, which was duplicated.

2002-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_cert.c, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_auth.c, lib/gnutls_auth_int.h, lib/gnutls_cert.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_v2_compat.c,
	lib/gnutls_x509.c, libextra/Makefile.am, libextra/auth_srp.c,
	libextra/auth_srp.h, libextra/auth_srp_rsa.c, libextra/ext_srp.c,
	libextra/gnutls_extra.c, libextra/gnutls_extra.h, src/cli.c,
	src/common.c, src/serv.c: Added certificate authenticated SRP cipher
	suites.

2002-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/compression.tex, doc/tex/gnutls.bib,
	doc/tex/openpgp.tex, doc/tex/tlsintro.tex: [no log message]

2002-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/gnutls.bib: [no log message]

2002-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, lib/gnutls_x509.c: [no log message]

2002-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int_compat.c: added compatibility function for the
	openpgp_keyserver.

2002-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/appendix.tex, doc/tex/auth.tex,
	doc/tex/compression.tex, doc/tex/examples.tex, doc/tex/gnutls.bib,
	doc/tex/gnutls.tex, doc/tex/openpgp.tex, doc/tex/tlsintro.tex: added
	bibliography in documentation.

2002-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pgp-keyserver.tex: [no log message]

2002-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pgp-keyserver.tex: [no log message]

2002-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-pgp-keyserver.tex: [no log message]

2002-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/examples/Makefile.am, doc/tex/Makefile.am,
	doc/tex/ex-pgp-keyserver.tex, doc/tex/examples.tex,
	includes/gnutls/extra.h, lib/gnutls_int.h: updated pgp key retrieval
	callback and added example.

2002-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am: [no log message]

2002-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am: [no log message]

2002-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/Makefile.am, doc/examples/.cvsignore,
	doc/examples/Makefile.am, doc/tex/Makefile.am: example programs are
	now located in doc/examples directory.

2002-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_alert.h: Added
	some new alert codes from the extensions draft.

2002-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_ui.c: [no log message]

2002-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/.cvsignore: [no log message]

2002-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-client2.tex, doc/tex/examples.tex: updated the basic
	client to support OpenPGP certificate authentication.

2002-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/ex-serv-pgp.tex,
	doc/tex/examples.tex: added example with an openpgp server

2002-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2002-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_cert.c, lib/auth_dh_common.c,
	lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_session_pack.c,
	lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/gnutls_x509.c, libextra/auth_srp.c, libextra/auth_srp_passwd.c,
	libextra/ext_srp.c: The session->gnutls_key was renamed to
	session->key.

2002-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/compat.h, includes/gnutls/extra.h: added compat.h
	which has definitions for compatibility with older (0.4.x and 0.5.y,
	y<5) versions.

2002-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, includes/Makefile.am, includes/gnutls/Makefile.am,
	lib/gnutls_ui.h: [no log message]

2002-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, lib/gnutls_int.h: The
	gnutls_openpgp_recv_key_func() callback function now accepts a key
	fingerprint, instead of the key id.

2002-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.h, src/serv.c, src/tests.c, src/tests.h,
	src/tls_test.c: [no log message]

2002-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c, src/tests.c: cleanups

2002-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, lib/gnutls.h.in.in: dropped source
	backwards compatibility

2002-11-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, includes/gnutls/extra.h, lib/gnutls_int.h,
	libextra/gnutls_openpgp.c: Added callback for OpenPGP key retrieval.

2002-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-rfc2246-bis-01.txt =>
	draft-ietf-tls-rfc2246-bis-02.txt}: added new rfc2246bis draft

2002-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* opencdk.m4: updated url for opencdk

2002-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_buffers.c, lib/gnutls_db.c,
	lib/gnutls_global.c, lib/gnutls_state.c, lib/gnutls_x509.c: some
	updated in the documentation

2002-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-04  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Applied patch to make the error
	handling with keyservers more easier.

2002-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_alert.h,
	lib/gnutls_errors_int.h: Added new alert (certificate unobtainable)
	from draft-ietf-tls-extensions.

2002-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: depends on opencdk 0.3.2

2002-11-04  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Some debug code for the OpenPGP part.

2002-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: [no log message]

2002-11-03  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	libextra/gnutls_openpgp.c: Use the old error codes for OpenPGP
	again.

2002-11-03  Timo Schulz <twoaday@gnutls.org>

	* lib/auth_cert.c: Fixed an off-by-one bug for OpenPGP fingerprint
	handling.

2002-11-03  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_errors_int.h: Corrected error number (the old was
	reserved).

2002-11-03  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	libextra/gnutls_openpgp.c: Unification for the OpenPGP error code.

2002-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: corrected behaviour of verification in openpgp
	keys.

2002-11-03  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Set the OpenPGP certificate status to
	GNUTLS_CERT_NOT_TRUSTED if the function failed.

2002-11-03  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c, tests/openpgp_test.c: Bug fix for the
	OpenPGP secret key order.

2002-11-03  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	libextra/gnutls_openpgp.c: Add OpenPGP error description

2002-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_sig.c,
	lib/gnutls_x509.c: Renamed GNUTLS_E_X509_KEY_USAGE_VIOLATION to
	GNUTLS_E_KEY_USAGE_VIOLATION, in order to apply to PGP keys as well.

2002-11-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_pk.c,
	lib/gnutls_sig.c, lib/x509_sig_check.c, src/cli-gaa.c,
	src/cli-gaa.h, src/cli.c, src/cli.gaa, src/common.c: Added some new
	error codes and updated client.

2002-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: [no log message]

2002-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: [no log message]

2002-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: fixed stub

2002-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext_cert_type.c, lib/ext_max_record.c,
	lib/ext_server_name.c, lib/gnutls_alert.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
	lib/gnutls_record.c, lib/gnutls_rsa_export.c,
	lib/gnutls_session_pack.c, lib/gnutls_ui.c, lib/x509_b64.c,
	libextra/gnutls_openpgp.c, libextra/gnutls_srp.c: Combined
	GNUTLS_E_INVALID_PARAMETERS wich GNUTLS_E_INVALID_REQUEST.
	Introduced GNUTLS_E_SHORT_MEMORY_BUFFER.

2002-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509_xml.c: Fixed some memory leaks which
	may occured on error cases.

2002-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_x509.c, src/common.c: 
	gnutls_x509_extract_certificate_dn_string() was rewritten.

2002-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: [no log message]

2002-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: Added a check for dn extraction failure in
	gnutls_x509_extract_certificate_dn_string().

2002-11-01  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Adjust the
	keydb search code.

2002-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-10-29  Timo Schulz <twoaday@gnutls.org>

	* configure.in: Bump OpenCDK version to 0.3.0

2002-10-29  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_errors_int.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openpgp.h, tests/Makefile, tests/openpgp_test.c: Add
	new regression test for OpenPGP.  New code for the OpenCDK 0.3.0
	version.  A new error code for the OpenPGP part.

2002-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffer.h: added missing file

2002-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
	lib/gnutls_cipher_int.c, lib/gnutls_constate.c,
	lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_handshake.c, lib/gnutls_pk.c, lib/gnutls_record.c,
	lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/gnutls_x509.c, lib/x509_verify.c, lib/x509_xml.c,
	libextra/auth_srp_passwd.c, libextra/gnutls_openpgp.c: 
	GNUTLS_E_UNKNOWN_ERROR was removed, and was replaced by
	GNUTLS_E_INTERNAL_ERROR.

2002-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: [no log message]

2002-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/Makefile.am, doc/tex/auth.tex, doc/tex/tlsintro.tex,
	doc/tex/translayer.tex: [no log message]

2002-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_str.h: 
	Optimizations in buffering code, which reduce the number of
	malloc/realloc calls.

2002-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, src/retcodes.c: The error code table now
	contains all the error codes sorted.

2002-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/Makefile.am, doc/tex/appendix.tex,
	doc/tex/errors.tex, doc/tex/gnutls.tex, lib/gnutls_errors.c,
	lib/gnutls_pk.c, src/Makefile.am, src/retcodes.c: Documented error
	codes in an appendix. This documentation is generated automatically
	using the retcodes program.

2002-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: [no log message]

2002-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc, doc/scripts/sort1.pl, doc/tex/Makefile.am: Added
	script to sort function  names in function reference.

2002-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: [no log message]

2002-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
	lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_handshake.c, lib/gnutls_pk.c, lib/gnutls_v2_compat.c: 
	Added more descriptive error codes to be returned by
	gnutls_strerror(). Removed old and unused error codes.

2002-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.c,
	src/tls_test.gaa: gnutls-cli-debug now accepts one hostname only

2002-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: gnutls-cli
	now accepts one hostname only

2002-10-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-compression-02.txt =>
	draft-ietf-tls-compression-03.txt}: [no log message]

2002-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, doc/tex/Makefile.am, lib/Makefile.am, lib/auth_anon.c,
	lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
	lib/rfc2818_hostname.c: Merged common stuff in DHE and anonymous DH
	key exchange.

2002-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/examples.tex: [no log message]

2002-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/Makefile.am, doc/tex/{ex4.tex =>
	ex-client-resume.tex}, doc/tex/{srp1.tex => ex-client-srp.tex},
	doc/tex/{ex1.tex => ex-client1.tex}, doc/tex/{ex2.tex =>
	ex-client2.tex}, doc/tex/{ex3.tex => ex-info.tex},
	doc/tex/{serv-export.tex => ex-serv-export.tex},
	doc/tex/{serv-srp.tex => ex-serv-srp.tex}, doc/tex/{serv1.tex =>
	ex-serv1.tex}: Example programs found in the documentation can now
	be generated by running "make examples" in doc/tex directory.

2002-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS, libextra/Makefile.am: Fixed interlibrary dependencies. By
	Ivo Timmermans. This requires the debian libtool 1.4.2-7.1

2002-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/compression.tex, doc/tex/layers.tex,
	doc/tex/translayer.tex: [no log message]

2002-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_max_record.c, lib/ext_server_name.c: cleanups in the
	server name extension.

2002-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/cli.c: Some fixes in 'gnutls-cli' client program to
	prevent some segmentation faults at exit.

2002-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/funcs.tex: [no log message]

2002-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/alert.tex, doc/tex/auth.tex,
	doc/tex/certificate.tex, doc/tex/ciphersuites.tex,
	doc/tex/compression.tex, doc/tex/handshake.tex, doc/tex/howto.tex,
	doc/tex/memory.tex, doc/tex/record.tex, doc/tex/tlsintro.tex: 
	spelling corrections, and addition of a subsection for compression
	algorithms.

2002-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: ZLIB's number was changed according to
	draft-ietf-tls-compression-02

2002-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/auth_anon.c, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/defines.h, lib/ext_cert_type.c,
	lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h,
	lib/ext_server_name.c, lib/ext_server_name.h, lib/gnutls.h.in.in,
	lib/gnutls_alert.c, lib/gnutls_alert.h, lib/gnutls_algorithms.c,
	lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_compress_int.c,
	lib/gnutls_compress_int.h, lib/gnutls_db.c, lib/gnutls_dh_primes.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_mem.c,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_record.c,
	lib/gnutls_rsa_export.c, lib/gnutls_session_pack.c,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/rfc2818_hostname.c, lib/x509_b64.c,
	lib/x509_b64.h, lib/x509_sig_check.c, libextra/auth_srp.c,
	libextra/auth_srp.h, libextra/auth_srp_passwd.c,
	libextra/auth_srp_passwd.h, libextra/auth_srp_sb64.c,
	libextra/crypt.c, libextra/crypt_srpsha1.c, libextra/ext_srp.c,
	libextra/ext_srp.h, libextra/gnutls_openpgp.c: several fixes in the
	codebase, mostly in signed/unsigned checkings.

2002-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_max_record.c, lib/ext_max_record.h: Corrected some types,
	to work in 64 bits machines. Suggested by Ivo Timmermans
	<ivo@o2w.nl>.

2002-10-12  Andrew McDonald <admcd@gnutls.org>

	* includes/gnutls/openssl.h: Enclose in extern "C" (from Debian bug
	#163394).

2002-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: now does not require carriage return

2002-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_server_name.c: Fixes (or not) in server name extension
	parsing

2002-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/ex-rfc2818.tex, doc/tex/ex3.tex,
	doc/tex/examples.tex: updated documentation

2002-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext_server_name.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, src/serv.c: Improved the server name
	extension. Resumed sessions can now use it.

2002-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/ext_server_name.c,
	lib/ext_server_name.h, lib/gnutls.h.in.in, lib/gnutls_extensions.c,
	lib/gnutls_int.h, src/cli.c, src/common.c, src/serv.c: Added server
	name extension, from draft-ietf-tls-extension-05.

2002-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-compression-01.txt =>
	draft-ietf-tls-compression-02.txt},
	doc/protocol/draft-ietf-tls-rfc2246-bis-01.txt: [no log message]

2002-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-alert.tex, doc/tex/ex-rfc2818.tex,
	doc/tex/examples.tex, lib/rfc2818_hostname.c: more documentation
	updates

2002-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-rfc2818.tex: more documentation updates

2002-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex-alert.tex: [no log message]

2002-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/Makefile.am, doc/tex/ex-alert.tex,
	doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex4.tex,
	doc/tex/examples.tex, doc/tex/handshake.tex,
	doc/tex/serv-export.tex, doc/tex/serv-srp.tex, doc/tex/serv1.tex,
	src/serv.c: Separated alert checking from the example programs, to
	make them cleaner. Added an example which demonstrates the alert
	checking.

2002-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/examples.tex: last minute changes for 0.5.9 release.

2002-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/gnutls_ui.h, lib/rfc2818_hostname.c: 
	Added int gnutls_x509_check_certificates_hostname() which check
	whether the given hostname matches the owner of the given X.509
	certificate.

2002-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls_extensions.c, lib/x509_xml.c: 
	cleanups

2002-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: [no log message]

2002-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2002-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex4.tex, doc/tex/serv-export.tex,
	doc/tex/serv1.tex, lib/gnutls.h.in.in, lib/gnutls_priority.c,
	src/cli-gaa.c: Added gnutls_set_default_priority() and
	gnutls_set_default_export_priority() functions, to avoid calling all
	the *_priority() functions if the defaults are ok.

2002-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2002-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_ui.h, lib/gnutls_x509.c: Added
	gnutls_x509_extract_certificate_dn_string() which returns the peer's
	Distinguished name in a single string.

2002-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/gnutls.h.in.in, lib/gnutls_auth.c,
	lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_kx.c,
	src/cli.c, src/cli.gaa: several cleanups

2002-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Changes in
	gnutls-cli, to allow testing of starttls implementations.

2002-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_ui.c, lib/gnutls_ui.h: rolled back addition of
	certificate_get_our_issuer() function.

2002-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, libextra/gnutls_extra.c,
	libextra/libgnutls-extra.m4: Corrected the broken detection of
	libgnutls-extra. Bug reported by Ivo Timmermans.

2002-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/gnutls_state.c, lib/gnutls_ui.c,
	lib/gnutls_ui.h: Corrected bug which prevented
	gnutls_certificate_get_ours() from working.  Added
	gnutls_certificate_get_our_issuer() function.

2002-10-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c, lib/gnutls_privkey.h, lib/gnutls_ui.h,
	lib/gnutls_x509.c, lib/x509_b64.c: Improved
	gnutls_x509_extract_key_pk_algorithm(), which can now distinguish
	DSA keys from unknown keys.

2002-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_buffers.c: some fixes to compile with
	gcc-2.95.

2002-10-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/TODO, lib/gnutls.h.in.in, lib/gnutls_privkey.c,
	lib/gnutls_privkey.h, lib/gnutls_ui.h: Added function to extract the
	public key algorithm of a DER encoded private key.

2002-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-compression-00.txt =>
	draft-ietf-tls-compression-01.txt}: [no log message]

2002-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/auth_rsa.c, lib/gnutls_cert.c: [no log
	message]

2002-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls_cert.c: [no log message]

2002-09-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: enabled error messages of libgcrypt in debug
	mode

2002-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/defines.h, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_compress_int.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	libextra/Makefile.am, libextra/gnutls_extra.c, libextra/lzoconf.h,
	libextra/minilzo.c, libextra/minilzo.h, src/cli.c, src/serv.c: Added
	support for the LZO compression library in gnutls-extra. Some fixes
	in the hello message parsing.

2002-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_state.c: [no log message]

2002-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_buffers.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_int_compat.c, lib/gnutls_state.c: 
	replaced gnutls_handshake_get_direction() with
	gnutls_record_get_direction().

2002-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/appendix.tex, doc/tex/certificate.tex,
	doc/tex/library.tex: updated documentation

2002-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, src/serv.c: [no log message]

2002-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: [no log message]

2002-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/library.tex, doc/tex/macros.tex,
	doc/tex/tlsintro.tex, doc/tex/translayer.tex: [no log message]

2002-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: [no log message]

2002-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/library.tex: [no log message]

2002-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/library.tex: [no log message]

2002-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/TODO, doc/tex/alert.tex, doc/tex/auth.tex,
	doc/tex/programs.tex, lib/gnutls_alert.c, src/crypt.c: [no log
	message]

2002-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/layers.tex: [no log message]

2002-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/library.tex: [no log message]

2002-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, lib/gnutls.h.in.in, lib/gnutls_alert.c: Added a new
	function to convert from an error to an alert code.

2002-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_compress_int.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h: Improved support for zlib.

2002-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-srp-02.txt =>
	draft-ietf-tls-srp-03.txt}: [no log message]

2002-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-compression-00.txt,
	doc/protocol/{draft-ietf-tls-extensions-03.txt =>
	draft-ietf-tls-extensions-05.txt}: updated drafts

2002-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/cli.c, tests/x509_test.c: [no log message]

2002-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_db.c, lib/gnutls_dh_primes.c,
	lib/gnutls_rsa_export.c: Corrected bug in gnutls_dh_params_set().
	Corrected bug in session resuming code of server side.

2002-09-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_cert_type.c, lib/ext_max_record.c, libextra/ext_srp.c: 
	some cleanups in the extension parsing

2002-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h: [no log message]

2002-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: Added Simon Josefsson's patch for gdoc. Now gdoc
	supports texinfo output.

2002-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, buildconf, configure.in, lib/gnutls.h.in.in,
	lib/gnutls_global.c, libextra/gnutls_extra.c, libmcrypt.m4: changes
	for autoconf 2.50

2002-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/examples.tex,
	doc/tex/handshake.tex, doc/tex/library.tex, doc/tex/x509.tex: [no
	log message]

2002-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, src/serv.c: Removed dependency on libgdbm
	library.

2002-09-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe.c, lib/auth_rsa_export.c, lib/gnutls_algorithms.c,
	lib/gnutls_compress_int.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
	lib/gnutls_str.c, lib/gnutls_x509.c, lib/x509_xml.c,
	libextra/gnutls_openpgp.c, libextra/gnutls_srp.c: Some fixes for the
	used realloc() function. Now we have gnutls_realloc_fast() which
	frees the given pointer if the new allocation failed.

2002-09-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/.cvsignore, lib/gnutls_num.h,
	lib/gnutls_str.c: updated string functions

2002-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_rsa_export.c: [no log message]

2002-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/certificate.tex, doc/tex/ciphers.tex,
	doc/tex/ex-rfc2818.tex, doc/tex/examples.tex, doc/tex/layers.eps,
	doc/tex/layers.tex, doc/tex/memory.tex: [no log message]

2002-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/x509cert.xml.tex, src/common.c: [no log message]

2002-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: last changes for 0.5.6 release

2002-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/pgpcert.xml.tex, doc/tex/x509cert.xml.tex,
	lib/x509_xml.c, libextra/gnutls_openpgp.c, src/common.c,
	src/gnutls-http-serv: added versioning in the XML output of
	certificate functions.

2002-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/gnutls.tex, doc/tex/intro.tex,
	doc/tex/library.tex: [no log message]

2002-09-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/gnutls.tex, doc/tex/internals.eps,
	doc/tex/library.tex: [no log message]

2002-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/Makefile.am, doc/tex/certificate.tex,
	doc/tex/x509-1.eps, lib/gnutls_global.h: [no log message]

2002-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/certificate.tex,
	doc/tex/ciphers.tex, doc/tex/ciphersuites.tex, doc/tex/gnutls.tex,
	doc/tex/intro.tex, doc/tex/layers.tex, doc/tex/library.tex,
	doc/tex/openpgp.tex, doc/tex/tlsintro.tex, doc/tex/x509.tex: 
	reorganized documentation

2002-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile, tests/Makefile.am, tests/Makefile.in: [no log
	message]

2002-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/test22.pem: [no log message]

2002-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.in, tests/Makefile, tests/Makefile.am,
	tests/Makefile.in, tests/ca.pem, tests/test1.pem, tests/test10.pem,
	tests/test13.pem, tests/test2.pem, tests/test23.pem,
	tests/test24.pem, tests/test26.pem, tests/test3.pem,
	tests/x509_test.c: Added more tests for the X.509 certificate
	validation. These tests are now only included in the CVS not the
	distribution.

2002-09-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c: [no log message]

2002-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2002-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_extensions.c, lib/gnutls_int.h: Corrected
	extension type checks which used an 8 bit extension size, instead of
	16 bits.

2002-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c, libextra/gnutls_srp.c: Corrected the SRP 'u'
	generation, and the size part of 's' changed to 8bits.

2002-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/gnutls.h.in.in, lib/gnutls_anon_cred.c,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
	lib/gnutls_ui.c, lib/gnutls_x509.c, libextra/auth_srp.c,
	libextra/auth_srp.h, libextra/auth_srp_passwd.c,
	libextra/ext_srp.c, libextra/gnutls_extra.h,
	libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h,
	libextra/gnutls_srp.c, src/cli.c, src/serv.c, src/tests.c,
	src/tls_test.c: [no log message]

2002-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, configure.in, libextra/ext_srp.c: [no log message]

2002-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/auth_srp.c: corrected the SRP key exchange (bugs pointed
	out by D. Taylor)

2002-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_cert_type.c, lib/gnutls_int.h, lib/gnutls_x509.c: 
	corrected the cert_type extension. (bug pointed out by D. Taylor)

2002-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c, lib/gnutls_priority.h: gnutls_list replaced
	by const int*

2002-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/appendix.tex, doc/tex/cover.tex.in,
	doc/tex/gnutls.tex, doc/tex/handshake.tex, tests/Makefile.am: last
	changes for 0.5.5 release

2002-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-02.txt: [no log message]

2002-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, configure.in: [no log message]

2002-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex4.tex,
	doc/tex/serv-export.tex, doc/tex/serv-srp.tex, doc/tex/serv1.tex,
	doc/tex/srp1.tex, lib/gnutls.h.in.in, lib/gnutls_int_compat.c,
	lib/gnutls_state.c, lib/gnutls_x509.c, lib/x509_extensions.c,
	libextra/gnutls_openssl.c, src/cli.c, src/serv.c, src/tls_test.c: 
	[no log message]

2002-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/programs.tex: [no log message]

2002-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: [no log message]

2002-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/ex4.tex, doc/tex/serv-export.tex, doc/tex/serv-srp.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex: corrected bugs in examples.

2002-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, lib/gnutls.h.in.in,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
	lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_int_compat.c,
	lib/gnutls_record.c, lib/x509_b64.c, libextra/gnutls_openssl.c,
	libextra/gnutls_srp.c, src/tests.c: more cleanups

2002-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/ex1.tex,
	doc/tex/ex2.tex, doc/tex/ex4.tex, doc/tex/examples.tex,
	doc/tex/gnutls.tex, doc/tex/serv-export.tex, doc/tex/serv-srp.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex: Updated documentation and added
	more server examples.

2002-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_int.h, lib/gnutls_int_compat.c,
	lib/gnutls_ui.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/x509_b64.c, lib/x509_b64.h, tests/x509_test.c: Updated the
	base64 encoding/decoding functions.

2002-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
	lib/gnutls_state.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
	libextra/gnutls_openpgp.c: several clean ups

2002-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/appendix.tex, doc/tex/gnutls.tex,
	doc/tex/howto.tex, doc/tex/macros.tex, doc/tex/pgpcert.xml.tex,
	doc/tex/x509.tex, doc/tex/x509cert.xml.tex: Updated documentation to
	include examples of XML certificates.

2002-09-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_state.c, src/common.c: [no log message]

2002-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_x509.c, lib/gnutls_x509.h: Improved the
	certificate and key read functions. They can now read a PEM encoded
	key and certificate from the same file.

2002-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex3.tex, doc/tex/handshake.tex, lib/auth_cert.c,
	lib/ext_cert_type.c, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_cert.c, lib/gnutls_int_compat.c, lib/gnutls_priority.c,
	lib/gnutls_priority.h, lib/gnutls_state.c, lib/gnutls_state.h,
	libextra/gnutls_openssl.c, src/cli.c, src/common.c, src/serv.c,
	src/tests.c: cert_type abreviation was expanded to certificate_type.

2002-08-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/ex-rfc2818.tex, doc/tex/examples.tex: 
	updated examples

2002-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2002-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/ex4.tex, doc/tex/examples.tex, doc/tex/serv1.tex,
	doc/tex/srp1.tex, includes/gnutls/extra.h,
	includes/gnutls/openssl.h, lib/auth_anon.c, lib/auth_anon.h,
	lib/auth_cert.c, lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/debug.c, lib/debug.h,
	lib/ext_cert_type.c, lib/ext_cert_type.h, lib/ext_max_record.c,
	lib/ext_max_record.h, lib/gnutls.h.in.in, lib/gnutls_alert.c,
	lib/gnutls_alert.h, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_auth.c, lib/gnutls_auth.h,
	lib/gnutls_auth_int.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
	lib/gnutls_compress.h, lib/gnutls_compress_int.c,
	lib/gnutls_compress_int.h, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_db.c, lib/gnutls_db.h,
	lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_int_compat.c, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_priority.c, lib/gnutls_priority.h, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/gnutls_rsa_export.c,
	lib/gnutls_rsa_export.h, lib/gnutls_session.c,
	lib/gnutls_session.h, lib/gnutls_session_pack.c,
	lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
	lib/gnutls_ui.h, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_sig_check.c,
	lib/x509_verify.c, libextra/auth_srp.c, libextra/auth_srp.h,
	libextra/auth_srp_passwd.c, libextra/auth_srp_passwd.h,
	libextra/ext_srp.c, libextra/ext_srp.h, libextra/gnutls_openssl.c,
	libextra/gnutls_srp.c, src/cli.c, src/common.c, src/serv.c,
	src/tests.c, src/tls_test.c: Renamed all the constructed types to
	have more consisten names, and some other minor improvements.

2002-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, PGPKEYS: removed PGPKEYS from the distribution.

2002-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: [no log message]

2002-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c: Allow the NULL pointer
	for data in gnutls_record_send(), if the previous call was
	interrupted.

2002-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Corrected possible bug in decompression code.
	Well compressed packets may have been rejected due to limited
	buffer.

2002-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex: [no log message]

2002-08-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/README.autoconf, doc/TODO,
	doc/protocol/{draft-ietf-tls-srp-01.txt =>
	draft-ietf-tls-srp-02.txt}, lib/gnutls_algorithms.c,
	lib/gnutls_int.h, libextra/Makefile.am, libextra/auth_srp.c,
	libextra/auth_srp_passwd.c, libextra/auth_srp_passwd.h,
	libextra/crypt.c, libextra/crypt.h, libextra/crypt_bcrypt.c,
	libextra/crypt_bcrypt.h, libextra/crypt_srpsha1.c,
	libextra/crypt_srpsha1.h, libextra/gnutls_srp.c,
	libextra/gnutls_srp.h, src/crypt-gaa.c, src/crypt-gaa.h,
	src/crypt.c, src/crypt.gaa: Added support for the new SRP draft by
	D. Taylor. This includes the removal of the blowfish crypt hash
	option, and the change of SRP cipher suite numbers.

2002-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls_hash_int.c, lib/gnutls_x509.c: removed old
	FIXME stuff.

2002-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS: [no log message]

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/x509.tex, src/cli.c: [no log message]

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : added figures used in the documentation. Figures were generated
	by DIA.

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/ex1.tex,
	doc/tex/ex2.tex, doc/tex/ex4.tex, doc/tex/srp1.tex,
	lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_cipher_int.c, lib/gnutls_int.h,
	libextra/gnutls_openssl.c, src/cli.c, src/serv.c, src/tests.c: 
	Renamed GNUTLS_CIPHER_ARCFOUR to GNUTLS_CIPHER_ARCFOUR_128

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsignore, README: [no log message]

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: better export ciphersuite detection

2002-08-26  Andrew McDonald <admcd@gnutls.org>

	* libextra/gnutls_openssl.c: Update SSL_CIPHER_get_name() to use
	gnutls_cipher_suite_get_name()

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa_export.c: [no log message]

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.c, src/common.h, src/tests.c,
	src/tests.h, src/tls_test.c: Improved the gnutls-cli-debug program

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_state.c: [no log message]

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ciphers.tex, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_cipher_int.c, lib/gnutls_int.h, src/cli.c, src/serv.c,
	src/tests.c: renamed ARCFOUR-EXPORT to ARCFOUR-40

2002-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/auth_rsa_export.c, lib/gnutls_kx.c,
	lib/gnutls_rsa_export.h, lib/gnutls_state.c, lib/gnutls_state.h: 
	Added support for RSA_EXPORT_WITH_RC4_EXPORT_MD5 with RSA
	certificates with modulus less than 512 bits. This change made the
	code a bit messy.

2002-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: [no log message]

2002-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c, src/tests.c, src/tests.h, src/tls_test.c: improvements
	in server html output

2002-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/intro.tex: changes
	in order to keep up with the addition of export-grade ciphersuite

2002-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa_export.c: [no log message]

2002-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2002-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: changes for export cipher suites

2002-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: Added the first EXPORT-grade ciphersuite

2002-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/auth_rsa_export.c, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
	lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
	lib/gnutls_ui.h, lib/gnutls_x509.c: Corrected bug in DHE key
	exchange which prevented from parsing the given certificates
	properly.

2002-08-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openpgp.h: Exported gnutls_openpgp_extract_key_id().
	This is the gnutls_openpgp_keyid() function renamed.

2002-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_auth.c: [no log message]

2002-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_int_compat.c, src/serv.c: 
	gnutls_handshake_set_exportable_detection() was obsoleted.

2002-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2002-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c, lib/gnutls_hash_int.c: corrected bug in
	SSL3 random generation function. Now the export ciphersuite works in
	SSL3 mode too.

2002-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_constate.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_state.c: Added
	the first exportable ciphersuite (TLS_RSA_WITH_RC4_EXPORT_MD5). This
	one only works in servers that have certificates of 512 bits length.

2002-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2002-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher_int.c,
	lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_state.c, src/cli.c: Added some initials for the export
	cipher suites.

2002-08-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-openpgp-keys-01.txt =>
	draft-ietf-tls-openpgp-keys-02.txt}: updated openpgp draft

2002-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: included the change cipher specs in
	gnutls_handshake_get_direction().

2002-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2002-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_handshake.c: 
	gnutls_handshake_check_direction() renamed to
	gnutls_handshake_get_direction().

2002-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.c,
	src/tls_test.gaa: Added verbose option to gnutls-cli-debug.

2002-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_state.c: Added the
	gnutls_handshake_set_exportable_detection() function, which is used
	to control whether the handshake will check for exportable cipher
	suites in the server. In that case an error of
	GNUTLS_E_EXPORT_CIPHER_SUITE is returned.

2002-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: [no log message]

2002-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: included cvs aliases into authors file

2002-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: [no log message]

2002-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_algorithms.c: Added
	gnutls_cipher_suite_get_name(). This functions constructs the name
	of a cipher suite using the given algorithms.

2002-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_handshake.c, lib/gnutls_int.h: 
	Added new function gnutls_handshake_check_direction(), which returns
	the state where the handshake function was interrupted.

2002-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* buildconf, configure.in, doc/README.CVS: Added the
	--enable-maintainer-mode configure option, and renamed the old one
	to --enable-developer-mode.

2002-08-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_x509.c: added
	some missing consts

2002-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-07-21  Andrew McDonald <admcd@gnutls.org>

	* doc/tex/openssl.tex, includes/gnutls/openssl.h,
	libextra/gnutls_openssl.c: add ability to use separate file
	descriptors for send() and recv() using new set_transport_ptr2()
	function

2002-07-21  Andrew McDonald <admcd@gnutls.org>

	* includes/gnutls/openssl.h, libextra/gnutls_openssl.c: some initial
	support for TLS/SSL server applications

2002-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_handshake.c: Added a special error code for cases where
	the peer (server) supports only export ciphersuites.

2002-07-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-07-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2002-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/errors.tex, doc/tex/howto.tex,
	doc/tex/openpgp.tex, doc/tex/record.tex: Several documentation
	fixes. Suggestions and patch by Paul Wujek <pwujek@xp2telecom.com>

2002-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/ext_max_record.c, lib/gnutls_cert.c, lib/gnutls_compress.c,
	lib/gnutls_compress_int.c, lib/gnutls_constate.c,
	lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_global.c,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
	libextra/gnutls_extra.c: Fixes in zlib compression code.
	gnutls_global_init_extra() in libgnutls-extra fails if library
	versions do not match. Semantic changes in
	gnutls_record_set_max_size(). The requested size is now immediately
	enforced at the output buffers.

2002-07-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: Client and server now accept the null
	cipher option.

2002-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_buffers.c, lib/gnutls_int.h,
	lib/gnutls_record.c: Added gnutls_transport_set_ptr2() which accepts
	two pointers.

2002-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2002-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_mpi.h, lib/gnutls_privkey.c: moved to
	libgcrypt 1.1.8

2002-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/libgnutls.m4, libextra/libgnutls-extra.m4: corrected m4
	macros for gnutls

2002-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-ciphersuite-05.txt,
	doc/protocol/rfc3268.txt: [no log message]

2002-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/ext_cert_type.c, lib/ext_max_record.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
	lib/gnutls_constate.c, lib/gnutls_datum.c, lib/gnutls_db.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_mpi.c, lib/gnutls_num.c, lib/gnutls_pk.c,
	lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_random.c,
	lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
	lib/x509_b64.c, lib/x509_extensions.c, lib/x509_sig_check.c,
	lib/x509_verify.c, lib/x509_xml.c: Added some hints on the file
	purpose, and some other cleanups.

2002-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.h, lib/gnutls_state.c: [no log message]

2002-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c, lib/gnutls_state.c: Now gnutls_deinit() removes
	abnormally terminated sessions. Added the _gnutls_deinit() function
	which has the behaviour of the older gnutls_deinit().

2002-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: corrected possible bug in http server

2002-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/gnutls.tex: [no log message]

2002-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, src/serv.c: [no log message]

2002-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: [no log message]

2002-07-06  Andrew McDonald <admcd@gnutls.org>

	* doc/tex/openssl.tex: added some more information about current
	limitations of OpenSSL compatibility layer

2002-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/Makefile.am: added gnutls_openssl.c

2002-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/examples.tex: [no log message]

2002-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/intro.tex, doc/tex/x509.tex: some documentation fixes.

2002-07-06  Andrew McDonald <admcd@gnutls.org>

	* includes/gnutls/openssl.h, libextra/gnutls_openssl.c: get rid of
	some warnings during build

2002-07-06  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Minor fixes
	for the OpenPGP code.

2002-07-05  Andrew McDonald <admcd@gnutls.org>

	* includes/gnutls/openssl.h, libextra/gnutls_openssl.c: yet more
	functions, and some fixes

2002-07-05  Andrew McDonald <admcd@gnutls.org>

	* includes/gnutls/openssl.h, libextra/gnutls_openssl.c: some more
	functions implemented

2002-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/examples.tex, doc/tex/funcs.tex,
	doc/tex/openssl.tex: [no log message]

2002-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_xml.c, libextra/gnutls_openpgp.c: [no log message]

2002-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, lib/gnutls.h.in.in, lib/gnutls_ui.h: 
	Added defines for old function names.

2002-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c, src/serv.c: [no log message]

2002-07-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: Fixed stub for xml keys. Added support
	for the new string functions in xml key generation.

2002-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex: [no log message]

2002-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/README.srpcrypt, src/crypt-gaa.c, src/crypt-gaa.h,
	src/crypt.gaa, src/serv.c: updated the parameters of srpcrypt
	program. Other minor changes in included programs.

2002-07-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: Corrected bug in the mpi extraction function
	from X.509 certificates (affects DSA certificates).

2002-07-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openpgp.h: [no log message]

2002-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_ui.h,
	lib/x509_xml.c, libextra/gnutls_openpgp.c, src/common.c: Made the
	xml convertion functions more mnemonic. Several other fixes in the
	core library.

2002-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_cipher.c,
	lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
	lib/gnutls_errors.c, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_x509.c, lib/x509_extensions.c,
	lib/x509_extensions.h, lib/x509_xml.c: Several (internal) cleanups.
	Const flags are better used now.

2002-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_x509.c: Better organization of
	cert2gnutls_cert function.

2002-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_xml.c: Now
	certificate decoding makes use of partial DER decoding of the
	libtasn1 library. It speedups a bit the handshake in client side,
	which needs to decode the certificate, in order to read the public
	key parameters.

2002-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_xml.c: Improved XML output.

2002-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-06-24  Andrew McDonald <admcd@gnutls.org>

	* libextra/gnutls_openssl.c: fix SSL_CIPHER_get_bits to return key
	size in bits rather than bytes

2002-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: Depends on opencdk 0.2.0

2002-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, includes/Makefile.am, includes/gnutls/Makefile.am: 
	[no log message]

2002-06-23  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Changes for the new OpenCDK version.

2002-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509_test.c: [no log message]

2002-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: [no log message]

2002-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/gnutls_cert.h, lib/gnutls_record.c, lib/gnutls_str.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_extensions.c,
	lib/x509_extensions.h, lib/x509_sig_check.c: The TLS handshake no
	longer fails if the X.509 extensions in the Certificate are critical
	and unsupported. The unsupported critical extensions are now only
	catched by the verification functions.

2002-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c, lib/gnutls_str.h, lib/x509_xml.c: Added new
	string functions to handle the XML string stuff.

2002-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex4.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex, includes/gnutls/Makefile.am,
	includes/gnutls/extra.h, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c, lib/gnutls_cert.c,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_xml.c,
	libextra/gnutls_openssl.c, libextra/gnutls_srp.c, src/cli.c,
	src/serv.c, src/tls_test.c: Renamed credential allocation functions
	from *_sc() to *_cred().

2002-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/gnutls/Makefile.am, includes/gnutls/gnutls.h: [no log
	message]

2002-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, configure.in, lib/Makefile.am, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.c, lib/gnutls_int_compat.c,
	lib/gnutls_x509.c, libextra/Makefile.am, libextra/extra.h,
	libextra/gnutls_openssl.c, libextra/openssl.h, src/Makefile.am,
	src/cli.c, src/common.c, src/prime.c, src/serv.c, src/tests.c,
	src/tls_test.c, tests/Makefile.am: [no log message]

2002-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* includes/Makefile.am, includes/gnutls/Makefile.am,
	includes/gnutls/extra.h, includes/gnutls/gnutls.h,
	includes/gnutls/openssl.h: Installed headers moved to includes/
	directory.

2002-06-21  Andrew McDonald <admcd@gnutls.org>

	* libextra/gnutls_openssl.c, libextra/openssl.h: changes to way
	SSL_CIPHER allocation is handled make use of option SSL_OP_NO_TLSv1

2002-06-21  Andrew McDonald <admcd@gnutls.org>

	* libextra/gnutls_openssl.c: use gnutls_cipher_get_key_size() in
	SSL_CIPHER_get_bits()

2002-06-21  Andrew McDonald <admcd@gnutls.org>

	* libextra/gnutls_openssl.c, libextra/openssl.h: make arrays for
	priority information in SSL_METHOD statically allocated

2002-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2002-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509_xml.c: [no log
	message]

2002-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: corrected countryName

2002-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	src/common.c: [no log message]

2002-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/extra.h, libextra/openssl.h: changed <gnutls.h> with
	<gnutls/gnutls.h>

2002-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_constate.c, lib/gnutls_int.h: 
	Exported gnutls_cipher_get_key_size(). Better name printing for MAC
	algorithms.

2002-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/cli.c, src/common.c, src/serv.c, src/tests.c,
	src/tls_test.c: [no log message]

2002-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex4.tex,
	doc/tex/funcs.tex, doc/tex/serv1.tex, doc/tex/srp1.tex,
	libextra/Makefile.am, libextra/{gnutls-extra.h => extra.h},
	libextra/{gnutls-openssl.h => openssl.h}: New install directory for
	headers is /gnutls

2002-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2002-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/gnutls_x509.h: [no log message]

2002-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/handshake.tex, doc/tex/memory.tex,
	doc/tex/translayer.tex, lib/gnutls.h.in.in, lib/gnutls_global.c: [no
	log message]

2002-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsusers: [no log message]

2002-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-06-19  Andrew McDonald <admcd@gnutls.org>

	* libextra/gnutls-openssl.h, libextra/gnutls_openssl.c: Implemented
	some more functions.  Basic TLS/SSL operations tested with: slrn,
	wget, lynx

2002-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_db.c,
	lib/gnutls_global.c, lib/gnutls_int_compat.c, lib/gnutls_ui.h,
	libextra/gnutls-extra.h, libextra/gnutls_srp.c, src/serv.c: _func
	abreviation is no longer used. Functions renamed to _function.

2002-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_xml.c: x509_xml.c

2002-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: removed ioctl stuff.

2002-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
	src/tls_test.c: added 'nodb' and 'quiet' options to server.

2002-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c, src/cli.c: [no log message]

2002-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c: Corrected bug in PKCS-1 RSA encryption.

2002-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: [no log message]

2002-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsusers, AUTHORS: [no log message]

2002-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.c, src/list.h, src/serv.c: The server
	used was changed to a non blocking one. The server was created by
	Paul Sheer.

2002-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: cleanups

2002-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: fixed stubs

2002-06-17  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Minor changes and a XML stub if OpenCDK
	is not used.

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_xml.c: [no log message]

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int_compat.c, lib/gnutls_x509.c, lib/x509_xml.c: [no
	log message]

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls-extra.h, libextra/gnutls-openssl.h,
	libextra/gnutls_openssl.c: [no log message]

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: [no log message]

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/gnutls.tex, doc/tex/howto.tex: Added
	chapter on how to use TLS in application protocols.

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openssl.c: [no log message]

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/Makefile.am, libextra/gnutls-openssl.h: Added Andrew's
	openssl compatible interface.

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.h, lib/x509_xml.c, libextra/gnutls-extra.h: [no log
	message]

2002-06-16  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Changed the
	xml function name to fit into the GnuTLS API.  New memory handling
	for gnutls_datum.

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: [no log message]

2002-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls-extra.h: [no log message]

2002-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/alert.tex, doc/tex/ciphers.tex, doc/tex/errors.tex,
	doc/tex/examples.tex, doc/tex/handshake.tex, doc/tex/layers.tex,
	doc/tex/macros.tex, doc/tex/memory.tex, doc/tex/record.tex,
	doc/tex/translayer.tex: [no log message]

2002-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, configure.in, doc/TODO, src/Makefile.am: Corrected
	libgdbm issues

2002-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am: [no log message]

2002-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/TODO, doc/tex/handshake.tex,
	doc/tex/serv1.tex, lib/defines.h, lib/gnutls.h.in.in,
	lib/gnutls_db.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_int_compat.c, lib/gnutls_state.c, lib/x509_xml.c,
	src/Makefile.am, src/common.c, src/serv.c: Removed the gdbm backend
	for resuming TLS sessions. Program gnutls-serv was modified to
	include support for resuming sessions with the callback api.

2002-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/alert.tex, doc/tex/auth.tex,
	doc/tex/errors.tex, doc/tex/examples.tex, doc/tex/funcs.tex,
	doc/tex/gnutls.tex, doc/tex/handshake.tex, doc/tex/layers.tex,
	doc/tex/openpgp.tex, doc/tex/record.tex, doc/tex/x509.tex: Added
	index.

2002-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/macros.tex,
	doc/tex/openpgp.tex, doc/tex/x509.tex: [no log message]

2002-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_xml.c: [no log message]

2002-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_ui.h, lib/x509_xml.c: [no log message]

2002-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_ui.h, lib/x509_xml.c: Added XML
	extraction from an X.509 certificate. Only some basic functionality
	is now available.

2002-06-14  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Corrected the key length calcuation for
	the key data fields.

2002-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/crypt_bcrypt.c: [no log message]

2002-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkix.asn, lib/pkix_asn1_tab.c: [no log message]

2002-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-06-12  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Some minor improvements for the XML
	code.

2002-06-12  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Implemented verbosity level for XML
	output.

2002-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_ASN.c: [no log message]

2002-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/Makefile.am, src/Makefile.am, tests/Makefile.am: [no log
	message]

2002-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/README.CVS: [no log message]

2002-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_cert.c, lib/auth_rsa.c,
	lib/gnutls_asn1_tab.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_privkey.c,
	lib/gnutls_sig.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	lib/pkix_asn1_tab.c, lib/x509_extensions.c, lib/x509_sig_check.c,
	lib/x509_verify.c: renamed libasn1 to libtasn1

2002-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CVS: renamed libasn1 to libtasn1

2002-06-10  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: A small fix for the XML code.

2002-06-10  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Basic XML
	output for OpenPGP certificates.

2002-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/layers.eps, doc/tex/layers.ps,
	doc/tex/layers.tex, doc/tex/openpgp.tex, doc/tex/pgp-fig1.eps: [no
	log message]

2002-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/gnutls.tex,
	doc/tex/intro.tex, doc/tex/openpgp.tex, doc/tex/pgp-fig1.eps: Added
	Timo's openpgp guide

2002-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, buildconf, configure.in, lib/Makefile.am: Added
	configure option to use the included libasn1.

2002-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, NEWS, configure.in, libextra/Makefile.am,
	tests/Makefile.am: [no log message]

2002-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CVS: [no log message]

2002-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_cert.c, lib/auth_rsa.c,
	lib/gnutls_asn1_tab.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
	lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_x509.c,
	lib/gnutls_x509.h, lib/pkix_asn1_tab.c, lib/x509_ASN.y,
	lib/x509_asn1.c, lib/x509_asn1.h, lib/x509_der.c, lib/x509_der.h,
	lib/x509_extensions.c, lib/x509_extensions.h, lib/x509_sig_check.c,
	lib/x509_verify.c: Adapted codebase to the new libasn1 0.1.0.

2002-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/asn1c.c: removed asn1c.c program. Moved to
	libasn1.

2002-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.h: [no log message]

2002-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509_test.c: [no log message]

2002-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_global.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
	lib/x509_b64.c: Added gnutls_b64_encode_fmt2() and
	gnutls_b64_decode_fmt2(). These functions return allocated data.
	Cleaned up the gnutls_datum code and some of memory stuff.

2002-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, acconfig.h, configure.in, lib/gnutls_alert.c,
	lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_global.c,
	lib/gnutls_mem.c, lib/gnutls_mem.h: Added check for C99 macro
	support. Stubs are used if they are not supported by the compile. A
	more elegant solution is required.

2002-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/gnutls_mem.c, lib/gnutls_mem.h: only use
	the libc's strdup, if using the libc's malloc function.

2002-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.c, lib/gnutls_mem.h: Removed gnutls_strdup().
	Replaced with a pointer to libc's strdup() function.

2002-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_record.c, lib/gnutls_state.c,
	src/cli.c: [no log message]

2002-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: No longer realloc() the record buffers. It
	had some meaning when gnutls_realloc_fast() was there, but now they
	one cause a slowdown.

2002-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_int.h, lib/gnutls_state.c, src/cli.c, src/serv.c: Created
	gnutls_handshake_set_private_extensions() function.

2002-06-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: [no log message]

2002-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/defines.h, lib/gnutls_algorithms.c,
	lib/gnutls_int.h, lib/gnutls_state.c, libextra/crypt_bcrypt.c: 
	Corrected issues with ptrdiff_t. Added option to enable private
	(experimental) cipher suites. They are now disabled by default so
	they do not create interoperability problems.

2002-06-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, libextra/crypt_bcrypt.c, libextra/crypt_srpsha1.c: 
	added check for ptrdiff_t type.

2002-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: [no log message]

2002-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/serv-gaa.c, src/serv-gaa.h, src/serv.gaa: [no log message]

2002-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, doc/tex/Makefile.am, doc/tex/asn1.tex, lib/Makefile.am: 
	asn1.ps is no longer generated in the gnutls package. It is included
	in the libasn1 package.

2002-06-03  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls-extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openpgp.h: Corrected some data types and more
	documentation.

2002-06-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/x509_test.c: [no log message]

2002-06-02  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls-extra.h: [no log message]

2002-06-02  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls-extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openpgp.h: More fixes for the keyid and some changes
	for the _mem functions.

2002-06-02  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Applied the
	patches. Changed the keyid from u32[2] to byte[8].

2002-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, NEWS, configure.in, doc/TODO,
	lib/gnutls_anon_cred.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
	libextra/gnutls_srp.c: Removed stubs for srp and anonymous
	authentication. Added test suite directory.

2002-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/test1.pem, tests/test10.pem,
	tests/test2.pem, tests/test25.pem, tests/test3.pem,
	tests/x509_test.c: added test suite

2002-06-02  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Some modifications for the newest
	OpenCDK snapshot.

2002-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: [no log message]

2002-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_record.c: [no log message]

2002-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: Minor fixes. Added documentation for
	gnutls_certificate_set_openpgp_trustdb() function.

2002-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/common.c, src/serv-gaa.c, src/serv.c, src/serv.gaa,
	src/tls_test-gaa.c, src/tls_test.gaa: [no log message]

2002-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	libextra/gnutls_openpgp.c: Added error code for unsupported trustdb.

2002-05-27  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Check the trustdb format before the
	handshake begins.

2002-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-05-27  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c: Added a check for the trustdb so we can
	figure out if the format is useable for OpenCDK.

2002-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls-extra.h, src/cli.c, src/common.c, src/serv.c: [no
	log message]

2002-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/CertificateExample.c, src/CrlExample.c, src/Makefile.am,
	src/cli-gaa.c, src/cli.gaa, src/crypt.c, src/serv-gaa.c,
	src/serv.gaa: some parts were moved to libasn1.

2002-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.h: [no log message]

2002-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/errors.tex, doc/tex/gnutls.tex,
	doc/tex/memory.tex: added memory handling section

2002-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_auth.c, lib/gnutls_buffers.c, lib/gnutls_mem.h,
	lib/gnutls_priority.c: reintroduced realloc_fast() which prevents
	some malloc(0) situations.

2002-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: [no log message]

2002-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/auth_cert.c, lib/auth_rsa.c, lib/gnutls_int.h,
	lib/gnutls_num.h, lib/gnutls_record.c, libextra/auth_srp.c,
	libextra/auth_srp_passwd.c, libextra/gnutls_srp.c,
	libextra/gnutls_srp.h: Several clean ups and bug fixes.

2002-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, acconfig.h, configure.in, lib/auth_cert.c,
	lib/gnutls.h.in.in, lib/gnutls_algorithms.c, lib/gnutls_auth.c,
	lib/gnutls_buffers.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
	lib/gnutls_dh_primes.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
	lib/gnutls_pk.c, lib/gnutls_x509.c, lib/x509_b64.c,
	libextra/auth_srp.c, libextra/auth_srp_passwd.c,
	libextra/crypt_bcrypt.c, libextra/crypt_srpsha1.c,
	libextra/gnutls_openpgp.c, libextra/gnutls_srp.c, src/common.c: 
	Applied Jeff Johnson's patch which fixes type problems in 64 bit
	machines. Removed the default allocation handlers, and made the
	libc's functions to be defaults. Added function which sets the
	memory allocation functions to be used.

2002-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls.h.in.in, libextra/gnutls-extra.h,
	libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
	libextra/gnutls_openpgp.h: [no log message]

2002-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.h: [no log message]

2002-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* libextra/gnutls_openpgp.c: corrected function declaration

2002-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CVS, doc/tex/Makefile.am, doc/tex/serv1.tex,
	doc/tex/srp1.tex: Updated documentation for the gnutls-extra library

2002-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
	lib/gnutls_datum.h, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_num.c, lib/gnutls_num.h,
	lib/gnutls_record.c, lib/gnutls_session_pack.c,
	lib/gnutls_v2_compat.c, lib/gnutls_x509.c, libextra/auth_srp.c: 
	Prefixed internal functions with _gnutls_

2002-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2002-05-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-05-20  Timo Schulz <twoaday@gnutls.org>

	* libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: 
	Modifications for the new OpenCDK version and some minor fixes.

2002-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/README.autoconf, lib/Makefile.am,
	libextra/Makefile.am, libextra/libgnutls-extra-config.in,
	libextra/libgnutls-extra.m4, src/crypt.c, src/tests.c: [no log
	message]

2002-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, doc/tex/Makefile.am, lib/Makefile.am,
	libextra/Makefile.am, src/Makefile.am, src/cli.c, src/common.c,
	src/serv.c, src/tls_test.c: [no log message]

2002-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, README, libextra/auth_srp.c, libextra/auth_srp_passwd.c,
	libextra/auth_srp_sb64.c, libextra/crypt.c,
	libextra/crypt_bcrypt.c, libextra/crypt_srpsha1.c,
	libextra/ext_srp.c, libextra/gnutls_extra.c,
	libextra/gnutls_openpgp.c, libextra/gnutls_srp.c: [no log message]

2002-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, README, configure.in: [no log message]

2002-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, libextra/Makefile.am, {lib =>
	libextra}/auth_srp.c, {lib => libextra}/auth_srp.h, {lib =>
	libextra}/auth_srp_passwd.c, {lib => libextra}/auth_srp_passwd.h,
	{lib => libextra}/auth_srp_sb64.c, {lib => libextra}/crypt.c, {lib
	=> libextra}/crypt.h, {lib => libextra}/crypt_bcrypt.c, {lib =>
	libextra}/crypt_bcrypt.h, {lib => libextra}/crypt_srpsha1.c, {lib
	=> libextra}/crypt_srpsha1.h, {lib => libextra}/ext_srp.c, {lib =>
	libextra}/ext_srp.h, {lib => libextra}/gnutls-extra.h, {lib =>
	libextra}/gnutls_extra.c, {lib => libextra}/gnutls_extra.h, {lib =>
	libextra}/gnutls_openpgp.c, {lib => libextra}/gnutls_openpgp.h,
	{lib => libextra}/gnutls_srp.c, {lib => libextra}/gnutls_srp.h: 
	Moved the gnutls-extra files to libextra directory.

2002-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/.cvsignore: [no log message]

2002-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/funcs.tex, lib/Makefile.am: removed
	html version of the documentation

2002-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls-extra.h, lib/gnutls_extra.c, lib/gnutls_extra.h,
	src/cli.c, src/serv.c: [no log message]

2002-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, README, configure.in, doc/tex/Makefile.am,
	doc/tex/funcs.tex, doc/tex/macros.tex, lib/Makefile.am,
	lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cert.c,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_openpgp.h, lib/gnutls_ui.h, lib/libgnutls-config.in,
	src/Makefile.am, src/cli.c, src/common.c, src/serv.c, src/tests.c,
	src/tls_test.c: Separated the library to gnutls and gnutls-extra.
	gnutls-extra library contains the GPL parts of gnutls

2002-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-05-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, configure.in, src/prime.c, src/tests.c: [no log message]

2002-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, configure.in, lib/auth_anon.c, lib/auth_dhe.c,
	lib/auth_rsa.c, lib/auth_srp.c, lib/libgnutls-config.in,
	src/prime.c: Added --modules option to libgnutls-config. This option
	prints the extra modules that have been enabled into the library.

2002-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: [no log message]

2002-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: configure script now prints the library license

2002-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c: Replaced group1 prime with a prime of 1024
	bits

2002-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING.LIB, NEWS, README, lib/auth_anon.c, lib/auth_cert.c,
	lib/auth_dhe.c, lib/auth_rsa.c, lib/debug.c, lib/ext_cert_type.c,
	lib/ext_max_record.c, lib/gnutls.h.in.in, lib/gnutls_alert.c,
	lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
	lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_compress.c,
	lib/gnutls_compress_int.c, lib/gnutls_constate.c,
	lib/gnutls_datum.c, lib/gnutls_db.c, lib/gnutls_dh_primes.c,
	lib/gnutls_errors.c, lib/gnutls_extensions.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_mpi.c,
	lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_priority.c,
	lib/gnutls_privkey.c, lib/gnutls_random.c, lib/gnutls_record.c,
	lib/gnutls_session.c, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
	lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_ui.c,
	lib/gnutls_v2_compat.c, lib/gnutls_x509.c, lib/x509_asn1.c,
	lib/x509_b64.c, lib/x509_der.c, lib/x509_extensions.c,
	lib/x509_sig_check.c, lib/x509_verify.c: License changed to LGPL

2002-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c: [no log message]

2002-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c: Some cleanups in the Diffie Hellman code.

2002-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: Added the missing user_ptr pointer in
	gnutls_internals.

2002-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in, lib/gnutls_state.c: Added
	gnutls_state_set_ptr() and gnutls_state_get_ptr() functions, to
	assist in callback functions.

2002-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.h: Corrected prototypes for callback selector
	functions, which now accept the state.

2002-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/gnutls_anon_cred.c, lib/gnutls_cert.c,
	lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_kx.c,
	lib/gnutls_openpgp.c, lib/gnutls_pk.c, lib/gnutls_privkey.c,
	lib/gnutls_sig.c, lib/gnutls_srp.c, lib/x509_sig_check.c: [no log
	message]

2002-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_int.h, lib/{gnutls_gcry.c =>
	gnutls_mpi.c}, lib/{gnutls_gcry.h => gnutls_mpi.h}: renamed
	gnutls_gcry* to gnutls_mpi*

2002-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_global.c: Updated libgcrypt
	initialization stuff. Now depends on libgcrypt 1.1.7, and only
	initializes libgcrypt if this has not been done before.

2002-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_srp.c,
	lib/auth_srp_passwd.c, lib/crypt.c, lib/crypt_bcrypt.c,
	lib/crypt_srpsha1.c, lib/debug.c, lib/gnutls_auth.c,
	lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_gcry.c,
	lib/gnutls_gcry.h, lib/gnutls_openpgp.c, lib/gnutls_openpgp.h,
	lib/gnutls_pk.c, lib/gnutls_privkey.c, lib/gnutls_srp.c,
	lib/gnutls_x509.c, lib/x509_ASN.c, lib/x509_sig_check.c: Cleaned up
	the big number support.

2002-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.h: [no log message]

2002-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: [no log message]

2002-04-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: [no log message]

2002-04-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-04-21  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Adjust the code for the new OpenCDK version.

2002-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_compress_int.c, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/gnutls_srp.c, lib/gnutls_state.h: Optimized memory handling in
	the record protocol.

2002-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.h, lib/gnutls_anon_cred.c, lib/gnutls_srp.c,
	lib/gnutls_ui.c, src/cli.c, src/serv.c: Added stubs when SRP or
	anonymous authentication are disabled, to preserve binary
	compatibility

2002-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/ex4.tex, lib/gnutls.h.in.in,
	lib/gnutls_state.c, src/cli.c, src/serv.c: gnutls_session_resumed()
	was renamed to gnutls_session_is_resumed(), and changed semantics,
	to make the return value be the obvious one.

2002-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/ex4.tex, doc/tex/examples.tex: 
	updated documentation for the new resumption check function

2002-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls.h.in.in, lib/gnutls_int.h,
	lib/gnutls_privkey.c, lib/gnutls_state.c, src/cli.c, src/serv.c: 
	Added function to report if a session is a resumed one. See
	gnutls_session_resumed().

2002-04-18  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Applied the fixes for the new code.

2002-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c: [no log message]

2002-04-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/ext_cert_type.c, lib/ext_cert_type.h,
	lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_srp.c,
	lib/ext_srp.h, lib/gnutls_extensions.c, lib/gnutls_srp.c,
	src/gnutls-http-serv, src/serv.c: Some minor fixes in SRP support.
	Changed extension generation. Now less allocation with malloc are
	done.

2002-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c: [no log message]

2002-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-56-bit-ciphersuites-01.txt: [no log
	message]

2002-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: Fixed description of
	gnutls_x509_extract_certificate_subject_alt_name().

2002-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-04-13  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Some modifications for the new OpenCDK code.

2002-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/ciphersuites.tex, doc/tex/errors.tex,
	doc/tex/ex1.tex, doc/tex/examples.tex, doc/tex/gnutls.tex,
	doc/tex/handshake.tex, doc/tex/serv1.tex, src/crypt.c: Documentation
	fixes

2002-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, src/Makefile.am: [no log message]

2002-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, configure.in: fixed opencdk detection problem

2002-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/gnutls_x509.h: better doc (internal) for
	_gnutls_int2str()

2002-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/serv1.tex, lib/gnutls.h.in.in, lib/gnutls_state.c: [no log
	message]

2002-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_rsa.c, lib/gnutls_int.h, lib/gnutls_state.c: Added
	function which disables the version check in the RSA premaster
	secret -only needed in server side

2002-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/Makefile.am, doc/tex/asn1.tex,
	doc/tex/cover.tex.in, doc/tex/funcs.tex, doc/tex/gnutls.tex,
	lib/Makefile.am: separated asn1 parser library and tls library
	documentation

2002-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_pk.c: changes for 0.4.1

2002-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.h: [no log message]

2002-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_verify.c: fixed case where a certificate could be both
	invalid and trusted.

2002-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, opencdk.m4: [no log message]

2002-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: [no log message]

2002-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acinclude.m4, buildconf, libgcrypt.m4, libmcrypt.m4, opencdk.m4: 
	m4 files were removed from acinclude.m4

2002-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acinclude.m4, configure.in: added detection of opencdk

2002-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.autoconf: [no log message]

2002-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, configure.in: [no log message]

2002-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_verify.c,
	lib/x509_verify.h: Improved X.509 time convertion functions

2002-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_x509.c: 
	GNUTLS_E_UNIX_TIME_LIMIT_REACHED error code was removed

2002-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ciphers.tex, doc/tex/handshake.tex,
	doc/tex/translayer.tex: [no log message]

2002-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_verify.c: Added kludge in order to work with dates over
	2036

2002-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex3.tex: [no log message]

2002-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_int.h,
	lib/gnutls_int_compat.c, lib/gnutls_openpgp.c, lib/gnutls_ui.h,
	lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_verify.c,
	src/common.c: GNUTLS_CERT_EXPIRED is no longer returned by
	verification functions. Added functions to check the expiration and
	activation date of peer's certificate. See
	gnutls_certificate_expiration_time_peers().

2002-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, configure.in, lib/defines.h, lib/x509_verify.c: 
	Replaced mktime() with mktime_utc(). This corrects a bug with the
	localtime returned by mktime().

2002-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/auth_cert.c, lib/defines.h,
	lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
	lib/gnutls_handshake.c, lib/gnutls_mem.h, lib/gnutls_x509.c,
	lib/x509_asn1.c, lib/x509_der.c: merged changes from
	gnutls_0_4_with_alloca.

2002-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.h: [no log message]

2002-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_cert.h, lib/gnutls_pk.c: Optimized RSA
	signature calculation

2002-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_int.h: [no log message]

2002-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c: [no log message]

2002-04-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, configure.in, doc/TODO: [no log message]

2002-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_pk.c: [no log message]

2002-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_gcry.c, lib/gnutls_global.c, lib/gnutls_pk.c,
	lib/gnutls_privkey.c, lib/gnutls_x509.c, lib/x509_asn1.h,
	lib/x509_extensions.c, lib/x509_sig_check.c, lib/x509_verify.c: 
	Error codes of ASN.1 parser are now independent, with a map to
	gnutls' error codes.

2002-03-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: cleanups

2002-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_openpgp.c: Added the text for
	gnutls_openpgp_extract_key_pk_algorithm.

2002-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/serv1.tex, lib/gnutls.h.in.in, lib/gnutls_x509.c,
	src/cli.c, src/serv.c: Removed the CRL list parameter from
	gnutls_certificate_set_x509_trust_*.

2002-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: gnutls_certificate_set_x509_trust_*() now
	accept single DER certificates or PEM certificate lists.

2002-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: [no log message]

2002-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/crypt_srpsha1.c, lib/gnutls_x509.c: Added
	ability to read DSA DER formatted keys, and corrected bugs in DER
	certificate reading.

2002-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c: [no log message]

2002-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_compress.c, lib/gnutls_compress_int.c,
	lib/gnutls_compress_int.h, lib/gnutls_constate.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_state.c,
	lib/gnutls_ui.c, lib/x509_sig_check.c: Prefixed with underscore
	several internal functions.

2002-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2002-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_global.c,
	lib/gnutls_x509.c: removed unneeded functions

2002-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: added crlf
	option

2002-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, doc/TODO, lib/auth_rsa.c, lib/gnutls_int.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_sig.c, lib/x509_der.c,
	lib/x509_sig_check.c, src/cli.c, src/serv-gaa.c, src/serv-gaa.h,
	src/serv.gaa: Some cleanups in the certificate authentication.
	Parameters are passed together with the length, to avoid abuse.

2002-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c: [no log message]

2002-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO: [no log message]

2002-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509_b64.c: Cleaned up the return values of
	several functions.

2002-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: added
	option to read DER encoded certificates

2002-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_cert.h, lib/gnutls_pk.c,
	lib/gnutls_privkey.c: Optimized RSA decryption. (Very) Much faster
	now

2002-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: read PKCS7 certificate chains in the reverse
	order.

2002-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress_int.c: [no log message]

2002-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.h: [no log message]

2002-03-26  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/x509_asn1.c, lib/x509_asn1.h: add asn1_number_of_elements
	function

2002-03-26  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/x509_der.c: fix bug in asn1_get_start_end_der function

2002-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/common.c: [no log message]

2002-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: [no log message]

2002-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, doc/tex/ex3.tex: [no log message]

2002-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, lib/gnutls_x509.c, src/common.c: changed semantics of
	gnutls_x509_extract_certificate_pk_algorithm()

2002-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_openpgp.c: [no log message]

2002-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_buffers.c, lib/gnutls_global.c, lib/gnutls_record.c: 
	Several optimizations

2002-03-26  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Now the pk algorithm is returned and not
	only the key size in bits.

2002-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_pk.h, lib/gnutls_x509.c: [no log
	message]

2002-03-26  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Function which is used
	to extract key parameters for openpgp keys.

2002-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/gnutls.h.in.in, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_pk.h, lib/gnutls_ui.h,
	lib/gnutls_x509.c, src/common.c, src/gnutls-http-serv, src/serv.c: 
	added gnutls_x509_extract_certificate_pk_algorithm()

2002-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, lib/gnutls.h.in.in,
	lib/gnutls_int.h, lib/gnutls_x509.c, src/cli-gaa.c, src/cli.c,
	src/cli.gaa, src/serv-gaa.c, src/serv.c, src/serv.gaa: Improved
	PKCS7 support

2002-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_x509.c: Added function which reads
	the DER encoded certificate and key.  (now only works for RSA keys)

2002-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/auth_cert.c, lib/gnutls_global.c,
	lib/gnutls_hash_int.c, lib/gnutls_random.c, lib/gnutls_ui.h,
	lib/gnutls_x509.c, lib/pkix.asn, lib/pkix_asn1_tab.c,
	lib/x509_asn1.c, lib/x509_extensions.c, lib/x509_sig_check.c,
	lib/x509_verify.c, src/gnutls-http-serv, src/serv.c: Added support
	for RFC2630 - PKCS7 formated structures

2002-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: [no log message]

2002-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_openpgp.c: [no log message]

2002-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: more cleanups

2002-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, configure.in, lib/auth_cert.c: [no log message]

2002-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: Cleanups and fixes in X.509 certificate message
	parsing

2002-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/common.h, src/serv-gaa.c, src/serv.c,
	src/tls_test-gaa.c: [no log message]

2002-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_openpgp.c: [no log message]

2002-03-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: Corrected code to avoid compiler's warnings

2002-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, acconfig.h, configure.in, lib/auth_anon.c,
	lib/auth_srp.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
	lib/auth_srp_passwd.h, lib/auth_srp_sb64.c, lib/crypt.c,
	lib/crypt_bcrypt.c, lib/crypt_srpsha1.c, lib/ext_srp.c,
	lib/ext_srp.h, lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c,
	lib/gnutls_auth.c, lib/gnutls_extensions.c,
	lib/gnutls_session_pack.c, lib/gnutls_srp.c, lib/gnutls_srp.h,
	lib/gnutls_ui.c, src/serv.c: Added hooks not to include SRP and
	Anonymous authentication

2002-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_x509.c: Corrected behaviour when no
	certificate is got by the peer.

2002-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/gnutls-http-serv: Added script which runs an
	http server with the appropriate parameters.

2002-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, lib/gnutls_record.c, lib/gnutls_state.c: CBC
	protection support is disabled by default.

2002-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS: [no log message]

2002-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c: [no log message]

2002-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_constate.c: [no log message]

2002-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
	lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
	lib/gnutls_constate.c: Optimizations and fixes in compression

2002-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_passwd.c, lib/gnutls_cipher.c, lib/gnutls_x509.c: [no
	log message]

2002-03-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
	lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
	lib/gnutls_constate.c, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/x509_ASN.c, lib/x509_ASN.y, lib/x509_asn1.c: Improved
	compression support. Corrected several bugs in empty fragment
	sending and receiving.

2002-03-19  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/x509_asn1.c: segmentation fault bug fix

2002-03-18  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: New OpenCDK interface for secure memory.

2002-03-18  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_errors_int.h, lib/gnutls_openpgp.c: Detection of
	revoked OpenPGP userID's.

2002-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: [no log message]

2002-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.h: added missing prototypes

2002-03-18  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Support for multiple
	userID's.

2002-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_srp.c: [no log message]

2002-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: removed default parameters arguments

2002-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, THANKS, acconfig.h, configure.in,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_mem.c,
	lib/gnutls_mem.h, src/cli.c: Added hooks for electric fence

2002-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CVS, src/Makefile.am: [no log message]

2002-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_verify.c: Checking of certificate lists even if the CA
	size is zero. Pointed out by Andrew McDonald

2002-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CVS: [no log message]

2002-03-13  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Improved code for the various keyrings and
	support for armored keyring files.

2002-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: [no log message]

2002-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, acconfig.h, configure.in, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_state.c: made CBC chosen plaintext
	protection configurable

2002-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2002-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.h: [no log message]

2002-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2002-03-11  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Added missing stub for one function.

2002-03-10  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: New error codes.

2002-03-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, lib/gnutls_constate.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_pk.c,
	lib/gnutls_privkey.c, lib/gnutls_record.c, lib/gnutls_sig.c,
	lib/gnutls_state.c, lib/gnutls_x509.c, lib/x509_asn1.h: some error
	codes were renamed to more appropriate names

2002-03-09  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/x509_ASN.c: Patches for the new OpenCDK
	version and some stricter checks for memory leaks.

2002-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, doc/tex/ex3.tex, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_constate.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_record.c, lib/gnutls_state.c, lib/gnutls_state.h,
	lib/x509_verify.c, src/common.c: removed GNUTLS_CERT_TRUSTED
	enumeration

2002-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: [no log message]

2002-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_record.c: 
	Added protection against denial of service attacks, while receiving
	empty packets.

2002-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: [no log message]

2002-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: corrected memory leak

2002-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_openpgp.c, lib/gnutls_record.c,
	lib/gnutls_state.h: Added protection against the newly discovered
	CBC attacks against TLS.  Experimental code.

2002-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/CertificateExample.c, src/CrlExample.c, src/asn1c.c: [no log
	message]

2002-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: Added references to internet drafts.
	Added DHE_DSS with ARCFOUR from 56 bit draft.

2002-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/README.autoconf, doc/TODO, doc/tex/alert.tex,
	doc/tex/asn1.tex, doc/tex/examples.tex, doc/tex/handshake.tex,
	doc/tex/record.tex: [no log message]

2002-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-extensions-02.txt =>
	draft-ietf-tls-extensions-03.txt}: Added new draft

2002-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/auth_cert.c, lib/gnutls_alert.c,
	lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_gcry.c,
	lib/gnutls_global.c, lib/gnutls_pk.c, lib/gnutls_privkey.c,
	lib/gnutls_x509.c, lib/x509_ASN.c, lib/x509_ASN.y, lib/x509_asn1.h,
	lib/x509_extensions.c, lib/x509_sig_check.c, lib/x509_verify.c: 
	Combined error codes of gnutls and ASN.1 parser. Also several
	cleanups in the X.509 code.

2002-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/asn1.tex, doc/tex/ciphers.tex,
	doc/tex/ciphersuites.tex, doc/tex/examples.tex, doc/tex/funcs.tex,
	doc/tex/gnutls.tex, doc/tex/handshake.tex, doc/tex/record.tex,
	doc/tex/translayer.tex: [no log message]

2002-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/alert.tex, doc/tex/gnutls.tex,
	doc/tex/translayer.tex: Added alert protocol section

2002-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_x509.c,
	lib/x509_ASN.c, lib/x509_asn1.c, lib/x509_der.c, lib/x509_verify.c: 
	Added the error UNIX_TIME_LIMIT_EXCEEDED, and corrected bugs in
	X.509 certificate parsing.

2002-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/errors.tex, lib/gnutls.h.in.in: updated

2002-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/ciphersuites.tex,
	doc/tex/gnutls.tex, doc/tex/{resumedb.tex => handshake.tex},
	doc/tex/layers.tex, doc/tex/macros.tex, doc/tex/translayer.tex: 
	updated documentation

2002-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, configure.in, doc/scripts/gdoc, lib/gnutls_cert.c,
	lib/gnutls_handshake.c, lib/x509_ASN.y, lib/x509_asn1.c,
	lib/x509_der.c: changes for pretty documentation and cleanups.

2002-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: pgp_fingerprint indicator is not cleared.

2002-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tls_test.c: [no log message]

2002-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tls_test.c: last minute changes for 0.3.91 release

2002-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, configure.in, lib/auth_anon.c, lib/auth_cert.c,
	lib/auth_dhe.c, lib/auth_srp.c, lib/gnutls_auth.c,
	lib/gnutls_auth_int.h, lib/gnutls_errors.c, src/cli.c: Added checks
	in authentication type renegotiation procedure.

2002-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls_auth.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_state.h: Changed
	behaviour in rehandshake procedure. Now can use rehandshake with a
	different authentication method (ie. perform anonymous
	authentication, and after that perform a certificate authentication,
	or srp).

2002-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.h, lib/gnutls_x509.c: corrected certificate type
	checking.

2002-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli-gaa.c, src/cli-gaa.h, src/cli.c,
	src/cli.gaa, src/common.h, src/crypt.c, src/serv-gaa.c,
	src/serv-gaa.h, src/serv.c, src/serv.gaa, src/tls_test-gaa.c,
	src/tls_test.gaa: Updated cli and server to read certificate and
	keys from command line parameters. client, client-debug and server
	are now being installed.

2002-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: 
	Cleanups in gnutls_handshake.c and gnutls_algorithms.c.  Now cipher
	suites get associated with a protocol version. This will allow
	disabling several ciphersuites which are only defined in TLS 1.0,
	when using SSL 3.0.

2002-03-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: No extensions are now sent if SSL 3.0 is
	the only protocol advertized.

2002-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session.c: added a check in the given parameters for
	null

2002-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: added session resumption
	test

2002-02-28  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Changed the interface for the new OpenCDK
	version.

2002-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli.c, src/cli.gaa, src/serv-gaa.c,
	src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.c,
	src/tls_test.gaa: updated gaa files, and client options.

2002-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_state.c, lib/gnutls_state.h,
	src/tests.c: gnutls_record_set_default_version() was prefixed with
	underscore, and it is no longer exported.

2002-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_db.c, lib/gnutls_int.h,
	lib/gnutls_session_pack.c, lib/gnutls_state.c: Corrected session
	resuming in certificate authentication. gnutls_deinit, does not
	remove the session entry any more if it is invalid. Added
	gnutls_db_remove_session() function, which does this.

2002-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.gaa: added
	missing files

2002-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.c: removed cycle from gnutls_free and
	gnutls_secure_free.

2002-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, src/tests.c, src/tests.h, src/tls_test.c: added check for
	TLS closure alerts

2002-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tests.c, src/tests.h, src/tls_test.c: added openpgp
	authentication test, and unknown cipher suites test

2002-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_srp.c: Now we do not send the srp username as an
	extension, if SRP is disabled.

2002-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/tests.c, src/tests.h, src/tls_test.c: added check
	for client hello extensions.

2002-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli.c, src/tests.c, src/tests.h,
	src/tls_test.c: Added tls_test. This is program that can be used to
	test TLS servers' parameters.

2002-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_errors.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_state.c: Added
	gnutls_record_set_default_version(). This is a low level function.

2002-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: SOCKET_PTR was removed

2002-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: corrected record_send() prototype

2002-02-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: updated for fcdump

2002-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2002-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c: added (an impossible situation) check

2002-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: [no log message]

2002-02-24  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Fixed a possible buffer overflow.

2002-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/openpgp/Makefile.am: added missing makefile.am

2002-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/serv1.tex, lib/auth_anon.c,
	lib/auth_anon.h, lib/auth_cert.h, lib/auth_dhe.c,
	lib/auth_srp_passwd.c, lib/gnutls.h.in.in, lib/gnutls_anon_cred.c,
	lib/gnutls_cert.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
	lib/gnutls_int.h, lib/gnutls_ui.c, src/cli.c, src/serv.c: The Diffie
	Hellman parameters are now stored in the credentials structures.
	This will allow precomputation of signatures (for DHE cipher
	suites).

2002-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, configure.in, lib/gnutls_int.h, lib/gnutls_ui.h,
	lib/x509_verify.c, src/cli.c: [no log message]

2002-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c, src/serv.c: [no log message]

2002-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/ciphersuites.tex,
	doc/tex/errors.tex, doc/tex/ex3.tex, doc/tex/gnutls.tex,
	doc/tex/resumedb.tex: [no log message]

2002-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_openpgp.c: [no log message]

2002-02-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_openpgp.c, lib/gnutls_record.c,
	lib/gnutls_x509.c, lib/x509_sig_check.c, lib/x509_verify.c: removed
	GNUTLS_CERT_NONE (replaced by GNUTLS_E_NO_CERTIFICATE_FOUND).
	removed GNUTLS_CERT_VALID (it's valid if it's not invalid)

2002-02-23  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Bug fixes for
	_verify_key and basic trust handling for keys.

2002-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/debug.c: [no log message]

2002-02-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_verify.c: [no log message]

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_verify.c: [no log message]

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_openpgp.c: includes moved before #ifdef

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2002-02-22  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Added stubs for the case we don't have
	OpenCDK support.

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex3.tex, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_x509.c,
	lib/x509_sig_check.c, lib/x509_verify.c, src/common.c, src/serv.c: 
	Changed certificate verification functions.

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2002-02-22  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Implemented
	gnutls_certificate_set_openpgp_key_mem.  Some basic routines for key
	ownertrust.

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.h, lib/gnutls.h.in.in, lib/gnutls_cert.c: added
	trustdb stuff

2002-02-22  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Modified code for the new OpenCDK code.

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: [no log message]

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c: [no log message]

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: moved private cipher suites to 0xFF
	space.

2002-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/layers.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex, lib/gnutls.h.in.in,
	lib/gnutls_alert.c, lib/gnutls_alert.h, lib/gnutls_algorithms.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_record.c, src/cli.c, src/serv.c: Several alert protocol
	changes.

2002-02-21  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Fixed return code check for GnuTLS
	functions.

2002-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c: [no log message]

2002-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_openpgp.c: set_key_server renamed
	to set_keyserver

2002-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, NEWS, doc/tex/ex1.tex, doc/tex/serv1.tex, lib/debug.c,
	lib/debug.h, lib/gnutls.h.in.in, lib/gnutls_alert.c, src/cli.c: 
	Added gnutls_alert_str (allows printing alert number descriptions)

2002-02-21  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Fixed a segfault in the OpenPGP code.

2002-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: Updated the openpgp certificate message,
	fingerprint handling.

2002-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.gaa, src/common.c,
	src/common.h, src/serv-gaa.c, src/serv-gaa.h, src/serv.gaa: [no log
	message]

2002-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_verify.c: some fixes in verification procedure

2002-02-19  Timo Schulz <twoaday@gnutls.org>

	* lib/.cvsignore, lib/gnutls_cert.h, lib/gnutls_errors_int.h,
	lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Applied the patches to
	fix the GDOC problem.  Some bug fixes all over the place and the
	implementation of some function stubs.

2002-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex3.tex, lib/gnutls.h.in.in, lib/gnutls_cert.c,
	lib/gnutls_int.h, lib/gnutls_x509.c, lib/x509_sig_check.c,
	src/common.c: removed CERT_CORRUPTED

2002-02-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c: openpgp fingerprint is calculated dynamically.

2002-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_cert.h, lib/gnutls.h.in.in: Added some
	support the OpenPGP Certificate message, with key fingerprints.

2002-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, lib/auth_cert.c, lib/gnutls.h.in.in, lib/gnutls_int.h,
	lib/gnutls_state.c, lib/gnutls_state.h, src/cli-gaa.c,
	src/cli-gaa.h, src/cli.c, src/cli.gaa, src/common.c: Added some
	stuff for the client to send the OpenPGP fingerprint.

2002-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cover.tex.in: [no log message]

2002-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_pk.c: Corrected bug in RSA
	authentication, responsible for random (very very rare, and
	difficult to reproduce) failures.

2002-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509_verify.c: [no log message]

2002-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c, lib/x509_verify.c: Improved X.509 verification
	functions. They are still too primitive.

2002-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_dh.c: [no log message]

2002-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c: Some cleanups.

2002-02-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/ciphersuites.tex, doc/tex/layers.tex: 
	[no log message]

2002-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/errors.tex, doc/tex/ex1.tex,
	doc/tex/ex2.tex, doc/tex/layers.tex, doc/tex/serv1.tex,
	doc/tex/srp1.tex, lib/gnutls.h.in.in, lib/gnutls_record.c,
	src/cli.c, src/serv.c: [no log message]

2002-02-15  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Fixed some memory leaks.  Code to handle
	ElGamal keys.  Some minor bug fixes.

2002-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_record.c: renamed gnutls_read to
	gnutls_record_read and gnutls_write to gnutls_record_write.

2002-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/ciphersuites.tex,
	doc/tex/cover.tex.in, doc/tex/errors.tex, doc/tex/ex1.tex,
	doc/tex/ex2.tex, doc/tex/gnutls.tex, doc/tex/layers.ps,
	doc/tex/layers.tex, doc/tex/serv1.tex, doc/tex/srp1.tex: Added TLS
	Layers section.

2002-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/serv-gaa.c, src/serv.gaa: updated client and server

2002-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-00.txt: removed

2002-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_extensions.c,
	lib/gnutls_extensions.h, lib/gnutls_record.c: Extension types now
	use a 16 bit type field (following the current draft).  Some fixes
	in the max record size extension.

2002-02-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/protocol/draft-ietf-tls-openpgp-keys-01.txt,
	doc/tex/serv1.tex: [no log message]

2002-02-14  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Basic HKP keyserver
	support.  Function to retrieve the key from the keyring by keyid,
	fingerprint.

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/x509_verify.c: Verification function
	returns the GNUTLS_CERT_VALID flag.

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog, doc/tex/ex3.tex, doc/tex/serv1.tex: [no log message]

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_passwd.c, lib/gnutls_int.h, lib/gnutls_srp.c,
	lib/gnutls_ui.h: Changed srp callback function parameters.

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh_primes.c, src/serv.c: Corrected bugs in prime
	generation.

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli.c, src/common.c, src/serv-gaa.c,
	src/serv-gaa.h, src/serv.c, src/serv.gaa: Server updated. Now
	command line parameters are available.

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli.c, src/cli.gaa: [no log message]

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/x509_ASN.c: [no log message]

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
	src/common.c: Updated client

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_kx.c, lib/gnutls_record.c: Direct access to version field
	in the state was replaced by the function
	gnutls_protocol_get_version().

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c: Corrected bugs in RSA authentication. Random value
	is not generated using the GNUTLS_STRONG_RANDOM flag, and fixed
	client key exchange packet formating, to depend on the correct
	version.

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in.in: [no log message]

2002-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/x509_sig_check.c, lib/x509_verify.c: Added
	GNUTLS_CERT_INVALID and GNUTLS_CERT_VALID of CertificateStatus
	flags, which replace GNUTLS_CERT_NOT_TRUSTED.

2002-02-13  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/x509_ASN.y: bug fix with bison 1.32

2002-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.h,
	lib/auth_dhe.c, lib/gnutls.h.in.in, lib/gnutls_dh.c,
	lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_errors_int.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
	lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h, src/cli.c,
	src/common.c, src/serv.c: Added more functions to allow access to
	Diffie Hellman parameters (partially at least). Corrected Diffie
	Hellman stuff.

2002-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex: [no log message]

2002-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2002-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli-gaa.c, src/cli-gaa.h, src/cli.c,
	src/cli.gaa: Made most ifdefs in client program, configurable via
	command line.

2002-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_cert_type.c: It does not send the cert_type extension if
	only x.509 certificates are used.

2002-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex3.tex, doc/tex/serv1.tex: Corrected
	bugs in examples.

2002-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: Priority cannot be set if not using the
	OPENCDK library.

2002-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/ciphersuites.tex, doc/tex/cover.tex.in,
	doc/tex/gnutls.tex: Updated documentation.

2002-02-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/openpgp/cli_pub.asc, src/openpgp/cli_sec.asc: Added
	new client pgp keys and a keyring

2002-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsusers, ChangeLog: [no log message]

2002-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2002-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_passwd.c: [no log message]

2002-02-10  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: High level support for
	OpenPGP keyrings.

2002-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* ChangeLog: Added ChangeLog [generated by CVS log]

2002-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_verify.c: [no log message]

2002-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.c: [no log message]

2002-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: [no log message]

2002-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: [no log message]

2002-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/common.c, src/serv.c: [no log message]

2002-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_algorithms.c: [no log message]

2002-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_algorithms.c: Added
	gnutls_certificate_type_get_name() function.

2002-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-01.txt,
	lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_ui.h: [no log
	message]

2002-02-09  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: * Applied the fixed for the memory leaks.

2002-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: [no log message]

2002-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
	lib/auth_srp_passwd.h, lib/gnutls_cert.c, lib/gnutls_int.h,
	lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_ui.h,
	lib/gnutls_x509.c: Added ability for an SRP server to use multiple
	password files. The password file is selected on the fly (handshake)
	using a callback function.

2002-02-09  Timo Schulz <twoaday@gnutls.org>

	* lib/auth_cert.h, lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: * auth_cert.h: Added OpenPGP keyring item.  * gnutls_openpgp.c: Improved support for keyring handling.

2002-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: Some fixes in ciphertext2compressed handling

2002-02-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h: Removed the GNUTLS_E_MAC_FAILED error. Now
	only GNUTLS_E_DECRYPTION_FAILED error is used. That we don't leak
	any information about the result of a possible attack.

2002-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/gnutls_cert.c, lib/gnutls_openpgp.h: Added LIBOPENCDK ifdefs
	(suggested by Andrew McDonald)

2002-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_ASN.c: Added bison generated file

2002-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: [no log message]

2002-02-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: changed the
	introduction (again)

2002-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: [no log message]

2002-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, src/cli.c, src/openpgp/cli_pub.asc,
	src/openpgp/cli_sec.asc: Corrected behaviour of client openpgp
	certificate selection.

2002-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.c: [no log message]

2002-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c, lib/gnutls_ui.h: removed
	gnutls_certificate_get_ours_index()

2002-02-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/{pkcs1_asn1_tab.c => gnutls_asn1_tab.c}: Added asn1 file

2002-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_ui.h, lib/gnutls_x509.c: Modified
	gnutls_x509_extract_subject_alt_name() to return the type, instead
	of storing it to a pointer.

2002-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_ui.h,
	lib/gnutls_x509.c, lib/x509_extensions.c: Added function which
	returns the subjectAltName (subject_dns_name was obsoleted).

2002-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: added Timo

2002-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: [no log message]

2002-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypt_bcrypt.c, lib/gnutls_cert.c, lib/gnutls_num.c,
	lib/gnutls_num.h, lib/x509_extensions.c, src/common.c: [no log
	message]

2002-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_verify.c: Changed the X.509 certificate verification
	algorithm. Now if any of the certificates in the certificate path is
	expired (except the first one), we return GNUTLS_CERT_NOT_TRUSTED.

2002-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.h: [no log message]

2002-02-05  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Changes the function
	name to make clear OpenPGP uses keys and not certificates like
	X.509.

2002-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_ui.h, src/common.c: Changes for
	gnutls_openpgp_name structure

2002-02-04  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h, lib/gnutls_ui.h: Now
	OpenPGP uses its own context for DN.

2002-02-03  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: More fixes for the GnuTLS OpenPGP code.

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex3.tex, lib/gnutls.h.in.in, lib/gnutls_ui.h,
	lib/gnutls_x509.c, src/common.c: renamed the gnutls_dn structure to
	gnutls_x509_dn

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/common.c, src/common.h: made the print_info
	stuff much cleaner.

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_openpgp.c: some changes in gnutls_cert handling

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.h: keyUsage is now 16 bits

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, src/common.h: [no log message]

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: [no log message]

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex3.tex, lib/Makefile.am, lib/auth_cert.c,
	lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
	lib/gnutls_alert.c, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_privkey.c, lib/gnutls_x509.c, lib/x509_verify.c,
	lib/x509_verify.h, src/cli.c, src/common.h, src/serv.c: Added
	OpenPGP certificate support in gnutls.  Several changes.

2002-02-03  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: * gnutls_openpgp.c (_gnutls_openpgp_cert2gnutls_cert): New.  Set the
	keyUsage flag to indicate what the key is useful for.

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_openpgp.h: [no log message]

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_ui.h: Exported openpgp keys'
	related functions.

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
	lib/gnutls_state.h: Moved functions unrelated to record layer to
	gnutls_state.c

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: several modifications for cert_type extension
	etc

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_priority.c, lib/gnutls_priority.h: 
	Added option to set the cert_type priority.

2002-02-03  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: * Applied the patch and minor changes.  * Now it's also possible to use binary certificates.

2002-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_cert_type.c, lib/ext_cert_type.h: Added stuff for parsing
	the CertType extension type.

2002-02-03  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: * gnutls_openpgp.c: Fixed some memory leaks.

2002-02-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_ui.c: renamed gnutls_fingerprint()
	to gnutls_x509_fingerprint().

2002-02-02  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: * gnutls_openpgp.c: Now all functions use gnutls_datum.  Change the
	function headers of internal functions.

2002-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/gnutls_openpgp.c,
	src/Makefile.am: Added gnutls_openpgp in the makefiles.  Added some
	kind of opencdk library detection.

2002-02-01  Timo Schulz <twoaday@gnutls.org>

	* src/openpgp/pub.asc, src/openpgp/sec.asc: New files for OpenPGP
	tests.

2002-02-01  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: * gnutls_openpgp.c: Added gdoc compatible function descriptions.  (gnutls_openpgp_add_fingerprint): New function to register keyrings.

2002-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_x509.h: added new header file

2002-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/protocol/draft-ietf-tls-openpgp-keys-01.txt,
	doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/serv1.tex, lib/Makefile.am, lib/auth_cert.c,
	lib/auth_cert.h, lib/gnutls.h.in.in, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_int_compat.c,
	lib/gnutls_session_pack.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
	lib/x509_extensions.c, src/cli.c, src/common.h, src/serv.c: Several
	 changes in certificate and key handling.  * gnutls_certificate_allocate_sc() does not require the ncerts
	argument

2002-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, doc/protocol/draft-ietf-tls-openpgp-keys-01.txt,
	doc/tex/ex3.tex, lib/Makefile.am, lib/auth_cert.c, lib/debug.c,
	lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
	lib/gnutls_x509.c, src/cli.c, src/common.h: Renamed
	gnutls_x509pki_extract_* to gnutls_x509_extract_*.  Separated
	gnutls_x509_extract_* functions. Now are in gnutls_x509.c.

2002-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_asn1.c, lib/x509_der.c: corrected _gnutls_str_cpy()
	usage.

2002-01-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: [no log message]

2002-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: updated

2002-01-30  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Fixed some memory leaks.

2002-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: updated candidate
	draft

2002-01-29  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_openpgp.c: Fixed a typo.

2002-01-29  Timo Schulz <twoaday@gnutls.org>

	* lib/gnutls_cert.h, lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: 
	Basic GnuTLS OpenPGP support.

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/ex3.tex, src/common.h: updated for
	gnutls_certificate_get_peers()

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c, lib/gnutls_ui.h: Added
	gnutls_certificate_get_peers() Added gnutls_certificate_get_ours()
	Added gnutls_certificate_get_ours_index()

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/gnutls.h.in.in, lib/gnutls_cert.h,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_record.h,
	lib/gnutls_state.c, lib/gnutls_state.h: CertificateType is now
	accesible from the API.

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: corrected bug in certificate selection.

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c, lib/gnutls_state.h: Added this
	gnutls_state.c/h files. Are added in order to access some of the
	GNUTLS_STATE structures members, indirectly. It's not possible to
	move all the members of this structure here, yet, but it is
	desirable.

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: [no log message]

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_cert.c, lib/gnutls_cert.c,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_ui.h: Modified the
	state's parameters to hold the negotiated certificate type. Modified
	the certificate selection procedure to take the certificate type in
	account, when choosing the most appropriate certificate.

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/serv1.tex, lib/auth_cert.c, lib/gnutls.h.in.in,
	lib/gnutls_int.h, lib/x509_sig_check.c, src/cli.c, src/common.h,
	src/serv.c: Added in CertificateStatus:         GNUTLS_CERT_CORRUPTED (replaces GNUTLS_CERT_INVALID)         GNUTLS_CERT_REVOKED

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_cert.c: 
	gnutls_x509pki_allocate_sc() renamed to
	gnutls_certificate_allocate_sc() and similar functions too. They
	share too common properties with OpenPGP certificates, that it is
	not needed a separate function.

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c, lib/gnutls_ui.h: Updated function names.

2002-01-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_cert.c, lib/auth_cert.h: Separated X509 specific stuff in
	the CERTIFICATE_CREDENTIALS structure.

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.asn: Removed fake OID.

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: better ChangeLog output

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c, src/cli.c, src/serv.c: Identified a race
	condition in the example client.  If application data is sent after
	a rehandshake request, the server thinks we ignored his request, and
	breaks the connection. This is a bad design of this client.

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_datum.c: minor fixes

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: changed some buffering code, to use the
	cleaner gnutls_datum_append().  Leads to a much cleaner code.

2002-01-28  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/x509_ASN.y: Modules without OID

2002-01-28  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/x509_der.c: gnutls_str_... functions substitution

2002-01-28  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/x509_asn1.c: _gnutls_str_... functions substitution

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_datum.c, lib/gnutls_datum.h: added
	gnutls_datum_append()

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_cert.h, lib/x509_sig_check.c: 
	signature is now a gnutls_datum

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex, lib/Makefile.am,
	lib/auth_anon.c, lib/{auth_x509.c => auth_cert.c}, lib/{auth_x509.h
	=> auth_cert.h}, lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_srp.c,
	lib/auth_srp_passwd.c, lib/debug.c, lib/ext_srp.c,
	lib/gnutls.h.in.in, lib/gnutls_algorithms.c, lib/gnutls_auth.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_privkey.c,
	lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/gnutls_ui.c, lib/gnutls_ui.h, lib/x509_sig_check.c, src/cli.c,
	src/common.h, src/serv.c: GNUTLS_X509PKI -> GNUTLS_CRD_X509PKI
	GNUTLS_SRP -> GNUTLS_CRD_SRP GNUTLS_ANON -> GNUTLS_CRD_ANON

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/auth_x509.c, lib/gnutls_int.h, src/cli.c: [no log
	message]

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c: corrected and optimized handshake.

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int_compat.c: not used by default

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe.c, lib/auth_x509.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_int.h, lib/gnutls_record.c: Added
	ability of the client to choose a certificate depending on the
	server's sign algorithm preference. Added CertType in gnutls_cert
	structure (which identified X509, OPENPGP certificates)

2002-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c: Optimizations in the handshake messages
	hashing.  (no more mallocs)

2002-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_int.h,
	lib/x509_b64.c, lib/x509_extensions.c, lib/x509_sig_check.c,
	src/cli.c, src/serv.c: cleanups

2002-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_gcry.c, lib/gnutls_gcry.h, lib/gnutls_pk.c: corrected
	bug in DSA signing.

2002-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: corrected bug in file read

2002-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/auth_x509.c, lib/auth_x509.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_v2_compat.c: Added support to select a certificate based
	on the peer's cipher suite list. (ie if DSS cipher suites are
	requested and a DSA certificate is available, then this will be
	used)

2002-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: Added an updated
	version of the submited draft

2002-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/x509/Makefile.am: [no log message]

2002-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/{auth_dhe_rsa.c => auth_dhe.c}, lib/auth_dhe_dss.c,
	lib/auth_dhe_dss.h, src/x509/cert-dsa.pem, src/x509/key-dsa.pem: 
	added missing files

2002-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/gnutls_algorithms.c,
	lib/gnutls_cert.c, lib/gnutls_int.h, lib/gnutls_sig.c, src/cli.c,
	src/serv.c: added support for DHE_DSS cipher suites.

2002-01-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/asn1.tex, lib/auth_dhe_rsa.c, lib/auth_rsa.c,
	lib/auth_x509.c, lib/gnutls.asn, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_gcry.c, lib/gnutls_gcry.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
	lib/gnutls_sig.c, lib/x509_sig_check.c, src/cli.c: added support for
	DSS certificates.

2002-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_x509.c, lib/ext_max_record.c,
	lib/{pkcs1.asn => gnutls.asn}, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_extensions.c,
	lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_privkey.c, lib/gnutls_privkey.h, lib/gnutls_sig.c,
	lib/pkix.asn, lib/x509_sig_check.c: Added stuff for DSS certificates
	(not ready yet)

2002-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/x509/Makefile.am, src/x509/ca.pem, src/x509/cert.pem,
	src/x509/clicert-dsa.pem, src/x509/clicert.pem,
	src/x509/clikey-dsa.pem, src/x509/clikey.pem, src/x509/key.pem: 
	added new DSA certificates..

2002-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acinclude.m4, lib/auth_srp_passwd.c, lib/gnutls.h.in.in,
	lib/gnutls_buffers.c, lib/gnutls_global.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_record.c: [no log message]

2002-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c, lib/gnutls_str.h: added _gnutls_mem_cpy()

2002-01-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_asn1.c, lib/x509_der.c: Added checks after malloc for
	null.

2002-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex3.tex, doc/tex/serv1.tex, lib/auth_x509.c,
	lib/gnutls.h.in.in, lib/gnutls_int_compat.c, lib/gnutls_record.c,
	lib/gnutls_record.h, src/common.h, src/serv.c: gnutls_*_get_algo()
	renamed to gnutls_*_get() (suggested by Simon Josefsson)

2002-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c, lib/gnutls_int.h: [no log message]

2002-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2002-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_int_compat.c,
	src/cli.c: added check for requested TLS extensions

2002-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_int_compat.c: [no log message]

2002-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_buffers.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_sig.h: Handshake
	messages are not kept in memory any more. Now we use less memory
	during a handshake.

2002-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: [no log message]

2002-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_random.c: added an #error

2002-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_int.h, lib/gnutls_kx.c: 
	GNUTLS_A_NETSCAPE_NO_CLIENT_CERTIFICATE ->
	GNUTLS_A_SSL3_NO_CERTIFICATE

2002-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-openpgp-01.txt,
	doc/protocol/draft-ietf-tls-openpgp-keys-00.txt: added our openpgp
	draft

2002-01-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls_alert.c, lib/gnutls_buffers.c,
	lib/gnutls_constate.c, lib/gnutls_errors.h,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_kx.c,
	lib/gnutls_record.c, lib/gnutls_ui.h, lib/gnutls_v2_compat.c: added
	_gnutls_record_log(), gnutls_handshake_log(), to avoid that #ifdef
	XXX stuff. Done some cleanups in record layer.

2002-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_str.c: [no log message]

2002-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/Makefile.am, lib/auth_srp.c,
	lib/auth_srp_passwd.c, lib/crypt_srpsha1.c, lib/gnutls_cert.c,
	lib/gnutls_str.c, lib/gnutls_str.h, lib/x509_extensions.c,
	lib/x509_sig_check.c, lib/x509_verify.c: Added a minimal string
	library to assist in safer ASN.1 parsing

2002-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/common.h: in server side now prints srp username

2002-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_x509.c, lib/crypt_bcrypt.c, lib/crypt_srpsha1.c,
	lib/debug.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
	lib/gnutls_global.c, lib/x509_b64.c, lib/x509_extensions.c,
	lib/x509_sig_check.c, lib/x509_verify.c: Some corrections done (
	found by using flawfinder).  Added several tags for flawfinder to
	ignore.

2002-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: added string library

2002-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/scripts/gdoc, lib/auth_x509.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/x509_extensions.c, lib/x509_sig_check.c: cleanups

2002-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: more cleanups in the recv_int() function

2002-01-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c: corrected behaviour against PKCS-1 attacks. (it
	seems that debugging code has made it to release)

2002-01-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: Made recv_int() cleaner (needs a lot of
	improvement)

2002-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/errors.tex, lib/gnutls_handshake.c, lib/gnutls_record.c,
	src/cli.c, src/serv.c: Now a server in a case of rehandshake can
	continue normaly if the handshake request is ignored by the client.

2002-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: corrected gnutls_alert_send() prototype.

2002-01-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2002-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_anon.h, lib/auth_dhe_rsa.c,
	lib/auth_srp.c, lib/auth_x509.c, lib/gnutls_algorithms.c,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
	lib/gnutls_int.h: updated auth info structures handling.  Corrected
	bug in DHE_RSA.

2002-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: corrected bug introduced in the buffering
	code update

2002-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c: [no log message]

2002-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/ex3.tex, lib/auth_anon.c,
	lib/auth_dhe_rsa.c, lib/gnutls.h.in.in, lib/gnutls_anon_cred.c,
	lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_int.h,
	lib/gnutls_int_compat.c, lib/gnutls_record.c, lib/gnutls_ui.c,
	lib/gnutls_ui.h, src/common.h, src/serv.c: Combined
	gnutls_x509pki_(set/get)_dh_bits() and gnutls_anon_server/client_get
	to gnutls_dh_(set/get)_bits().  gnutls_anon_set_server_cred() was
	deprecated by gnutls_dh_set_bits().

2002-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: gnutls_x509pki_set_trust_(file/mem) can now be
	called multiple times

2002-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/.cvsignore: [no log message]

2002-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{ssl-draft302.txt =>
	draft-freier-ssl-version3-02.txt}, doc/protocol/{ssl-2.txt =>
	ssl-version2.txt}: [no log message]

2002-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/rfc2440.txt: added openpgp rfc

2002-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/ex3.tex, doc/tex/serv1.tex,
	lib/Makefile.am, lib/auth_srp_passwd.h, lib/auth_x509.c,
	lib/debug.c, lib/gnutls.h.in.in, lib/gnutls_alert.c,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_auth.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_db.c,
	lib/gnutls_db.h, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
	lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_ui.c, lib/gnutls_ui.h,
	lib/x509_ASN.y, src/cli.c, src/common.h, src/serv.c: several
	cleanups in order to move to gnutls 0.4.0

2002-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int_compat.c: added file to hold functions for
	backwards binary compatibility.

2002-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_ui.h, lib/x509_b64.c: cleanups

2002-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex3.tex, lib/auth_dhe_rsa.c,
	lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_ui.c, lib/gnutls_ui.h, src/common.h,
	src/serv.c: Renamed gnutls_x509pki_s/get_dh_bits() to
	gnutls_dh_s/get_dhe_bits().  Renamed
	gnutls_anon_server/client_get_dh_bits() to gnutls_dh_get_dha_bits().

2002-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2002-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/auth.tex, doc/tex/ex1.tex, doc/tex/ex2.tex,
	doc/tex/ex3.tex, lib/gnutls_algorithms.c, lib/gnutls_int.h: Key
	exchange methods changed so they do not depend on the Certificate
	type (GNUTLS_KX_X509PKI_* renamed to GNUTLS_KX_*).

2002-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_sb64.c, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cipher_int.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_sig.c: changes in buffering code
	(actually variables' names are more rational now).

2002-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/gnutls.tex,
	doc/tex/macros.tex, doc/tex/resumedb.tex, doc/tex/translayer.tex: 
	[no log message]

2002-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: corrected library interface numbers

2002-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, doc/tex/Makefile.am, doc/tex/ciphersuites.tex,
	doc/tex/cover.tex.in, doc/tex/gnutls-logo.ps, doc/tex/gnutls.tex: 
	updated documentation

2002-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_sb64.c, lib/gnutls_handshake.c, lib/gnutls_random.c,
	src/crypt.c: fixed bugs reported (with patches) by Marc Huber and
	Guillaume Morin.

2002-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, lib/gnutls.h.in.in, lib/gnutls_cert.c,
	lib/x509_b64.c, lib/x509_b64.h: Added gnutls_x509pki_set_trust_mem()
	and gnutls_x509pki_set_key_mem()

2002-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2002-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_alert.h, lib/gnutls_int.h, lib/gnutls_record.c: better
	length checking in the record layer.

2002-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-extensions-01.txt =>
	draft-ietf-tls-extensions-02.txt}: new extensions draft

2002-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/gnutls.tex: [no log message]

2002-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/gnutls.tex, lib/auth_x509.c: added
	gnutls_x509pki_verify_certificate()

2002-01-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: renamed DigestAlgorithm to GNUTLS_DigestAlgorithm
	(in order to be consistent with gnutls.h)

2002-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.m4: corrected the temp file name

2002-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/cover.tex.in, doc/tex/errors.tex, lib/Makefile.am,
	lib/gnutls_errors.c: last minute changes for 0.3.2 release

2002-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_ui.h, lib/x509_b64.c: renamed gnutls_b64_encode()
	to gnutls_b64_encode_fmt()

2002-01-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_ui.h, lib/x509_b64.c: Added gnutls_b64_encode()
	and gnutls_b64_decode()

2002-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/.cvsignore, doc/tex/.cvsignore: [no log message]

2002-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/translayer.tex: updated documentation

2002-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex3.tex, src/common.h: updated documentation

2002-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/auth_rsa.c, lib/gnutls_auth.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_priority.c, lib/gnutls_record.c, lib/gnutls_record.h: 
	Cleanups

2002-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_alert.c, lib/gnutls_alert.h: separated
	alert protocol functions

2002-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_rsa.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_record.c: corrected behaviour in version advertizing

2002-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.m4: now removes the temp file

2002-01-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: check_version() updated

2002-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_int.h: [no log message]

2002-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypt_srpsha1.c, lib/gnutls.h.in.in, lib/gnutls_auth.c,
	lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_int.h, lib/gnutls_sig.c, lib/gnutls_srp.c,
	lib/gnutls_ui.c, lib/x509_sig_check.c: cleanups

2002-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_x509.c, lib/gnutls.h.in.in,
	lib/gnutls_algorithms.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
	src/cli.c, src/common.h, src/serv.c: Added
	gnutls_x509pki_extract_certificate_serial() and some cleanups.

2002-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: more error checking

2002-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: [no log message]

2002-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in: prefixed all variable with GNUTLS_

2002-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: added support for calling global_init()
	several times.

2002-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: added static variable to check if
	global_init() is called for a second time.

2002-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, README, lib/crypt_srpsha1.c, lib/gnutls.h.in.in,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
	lib/x509_sig_check.c, src/cli.c: Cleanups in the digest code
	(separated from HMAC).  Added gnutls_fingerprint_calc(), which
	calculates a fingerprint.

2001-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am: added PGPKEYS

2001-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.CVS: updated

2001-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_x509.c: corrected bug which did not allow a client
	to accept multiple CA distinguished names.

2001-12-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/README.srpcrypt: updated

2001-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_buffers.c: [no log message]

2001-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: some corrections in documentation

2001-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: releasing 0.3.0

2001-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_ASN.y, lib/x509_asn1.c, lib/x509_der.c: cleaned up and
	fixed ASN.1 documentation.

2001-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: corrected in order not to complain if func(void)
	is used.

2001-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls.h.in.in: cleanups

2001-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/serv1.tex,
	doc/tex/srp1.tex, lib/auth_anon.h, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/auth_x509.c, lib/auth_x509.h,
	lib/ext_srp.c, lib/gnutls.h.in.in, lib/gnutls_anon_cred.c,
	lib/gnutls_cert.c, lib/gnutls_global.c, lib/gnutls_global.h,
	lib/gnutls_handshake.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
	lib/gnutls_ui.h, src/cli.c, src/serv.c: some cleanups. *_CREDENTIALS
	renamed to GNUTLS_*_CREDENTIALS.  Added defines to keep source
	compatibility.

2001-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c: corrected bugs in AUTH_INFO allocation

2001-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in.in, lib/gnutls_algorithms.c, lib/gnutls_int.h: 
	cleanups

2001-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, configure.in, lib/Makefile.am, lib/{gnutls.h.in =>
	gnutls.h.in.in}, lib/gnutls_buffers.c, lib/gnutls_int.h: corrections
	in the configuration files.

2001-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: some corrections in assembler detection. Also chmod
	-w gnutls.h was removed.

2001-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c,
	lib/gnutls_record.c: Corrections for big endian machines. Pointed
	out by Mike Siers <mikes@poliac.com>

2001-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ciphersuites.tex, doc/tex/ex1.tex, doc/tex/ex2.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex, lib/gnutls.h.in,
	lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
	lib/gnutls_record.c, lib/gnutls_session.c, src/cli.c, src/serv.c: 
	cleanups and documentation updates

2001-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2001-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_srp.c, lib/gnutls_record.c,
	lib/gnutls_session_pack.c, src/cli.c: corrections in SRP and ANON
	authentication.  Also corrections in the session packing for
	anonymous auth info.

2001-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/serv1.tex,
	doc/tex/srp1.tex, lib/gnutls.h.in, lib/gnutls_kx.c,
	lib/gnutls_record.c, lib/gnutls_record.h, src/cli.c, src/serv.c: 
	*_alert -> alert_*

2001-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex, lib/auth_anon.c,
	lib/auth_dhe_rsa.c, lib/auth_srp.c, lib/auth_x509.c,
	lib/gnutls.h.in, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_ui.c,
	lib/gnutls_ui.h, src/cli.c, src/serv.c: gnutls_set_max_record_size
	-> gnutls_record_set_max_size gnutls_get_max_record_size ->
	gnutls_record_get_max_size gnutls_set_cred -> gnutls_cred_set
	gnutls_get_auth_type -> gnutls_auth_get_type

2001-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/ciphersuites.tex,
	doc/tex/errors.tex, doc/tex/gnutls.tex, doc/tex/macros.tex,
	doc/tex/resumedb.tex, doc/tex/translayer.tex,
	lib/gnutls_handshake.c: documentation updated

2001-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in, lib/gnutls_db.c, lib/gnutls_record.c: changed
	function names

2001-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/gnutls.tex, doc/tex/macros.tex, doc/tex/resumedb.tex,
	doc/tex/translayer.tex: fixes in documentation

2001-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ASN1.readme.txt, doc/Makefile.am: removed ASN1.readme.txt

2001-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsusers, lib/gnutls.h.in, lib/gnutls_srp.c, src/serv.c: [no log
	message]

2001-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, buildconf, doc/README.autoconf, doc/tex/ex1.tex,
	doc/tex/ex2.tex, doc/tex/gnutls.tex, doc/tex/serv1.tex,
	lib/gnutls.h.in, lib/gnutls_cert.c, lib/gnutls_int.h, src/cli.c,
	src/serv.c: renamed  gnutls_x509pki_set_trust/key to
	gnutls_x509pki_set_trust_file/key_file

2001-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_x509.c, lib/gnutls.h.in, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_int.h: some corrections in the
	DECR_LEN stuff added recently.

2001-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/README.autoconf, doc/tex/Makefile.am,
	doc/tex/errors.tex, doc/tex/gnutls.tex, lib/auth_x509.c: updated
	documentation

2001-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_dhe_rsa.c, lib/auth_srp.c,
	lib/auth_x509.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c: 
	More carefull parsing of incoming packets.

2001-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/translayer.tex: [no log message]

2001-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, lib/gnutls_int.h, lib/gnutls_pk.c: [no log message]

2001-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: several cleanups

2001-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_gcry.c, lib/gnutls_gcry.h: corrected bugs in STD
	formating (back to USG).

2001-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING: [no log message]

2001-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2001-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_int.h: last commits for 0.2.91

2001-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/auth_anon.c, lib/auth_rsa.c, lib/gnutls_constate.c,
	lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_record.c: 
	optimizations and fixes in the TLS PRF calculation (and the SSL3
	equivalent)

2001-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2001-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex: [no log message]

2001-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ciphers.tex: updated documentation

2001-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_anon_cred.c: fixed gnutls_anon_free_client_sc()

2001-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/auth.tex, lib/auth_anon.h, lib/gnutls.h.in,
	lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, src/cli.c: Fixes in anonymous authentication.
	Fixes in client ciphersuite selection.

2001-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls_cert.c: GET_CN() now works. (affects debug
	mode only)

2001-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/.cvsignore, src/Makefile.am, src/{README.crypt =>
	README.srpcrypt}: crypt -> srpcrypt

2001-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_x509.c, lib/auth_x509.h, lib/gnutls_cert.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_int.h: 
	Optimizations in server certificate callback.

2001-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in, lib/gnutls_db.c, lib/gnutls_int.h,
	lib/gnutls_record.c: added gnutls_transport_get_ptr() and
	gnutls_db_get_ptr() functions.

2001-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_x509.c, lib/ext_dnsname.c,
	lib/ext_dnsname.h, lib/gnutls.h.in, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, src/cli.c, src/serv.c: remove dnsname
	(name_ind) extension

2001-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_dhe_dss.c, lib/auth_dhe_rsa.c,
	lib/auth_srp.c, lib/auth_srp_passwd.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_gcry.c,
	lib/gnutls_gcry.h, lib/gnutls_int.h, lib/gnutls_pk.c,
	lib/gnutls_privkey.c, lib/gnutls_srp.c, lib/x509_extensions.c: 
	Cleanups. Now use GCRYMPI_FMT_STD instead of USG.

2001-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: [no log message]

2001-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/.cvsignore: [no log message]

2001-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/auth.tex, doc/tex/ciphers.tex: added missing files

2001-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/Makefile.am, doc/tex/ciphersuites.tex,
	doc/tex/gnutls.tex, doc/tex/resumedb.tex, doc/tex/translayer.tex,
	lib/.cvsignore: updated documentation

2001-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_x509.c, lib/gnutls_int.h, lib/gnutls_ui.h: callbacks now
	get a GNUTLS_STATE argument.

2001-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ciphersuites.tex, doc/tex/ex1.tex, doc/tex/ex2.tex,
	doc/tex/ex3.tex, doc/tex/serv1.tex, doc/tex/srp1.tex,
	lib/auth_x509.c, lib/gnutls.h.in, lib/gnutls_algorithms.c,
	lib/gnutls_cert.c, lib/gnutls_int.h, src/cli.c, src/serv.c: 
	GNUTLS_KX_RSA renamed to GNUTLS_KX_X509PKI_RSA (and the other X509
	key exchange methods). This will allow GNUTLS_KX_PGP_RSA etc.

2001-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/ex1.tex, doc/tex/ex2.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex, lib/defines.h,
	lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_record.c, src/cli.c, src/serv.c: 
	GNUTLS_LIST is now int*

2001-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/serv1.tex,
	doc/tex/srp1.tex, lib/debug.c, lib/gnutls.h.in,
	lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_compress_int.c,
	lib/gnutls_constate.c, lib/gnutls_errors_int.h,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_record.c, lib/gnutls_v2_compat.c, src/cli.c, src/serv.c: 
	cleanups again

2001-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_ASN.y, lib/x509_asn1.c, lib/x509_asn1.h, lib/x509_der.c,
	lib/x509_der.h: some changes to keep gcc -Wall happy

2001-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex, lib/auth_rsa.c,
	lib/auth_x509.c, lib/auth_x509.h, lib/gnutls.h.in,
	lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_errors_int.h, lib/gnutls_global.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_priority.h, lib/gnutls_record.c,
	lib/gnutls_record.h, src/cli.c, src/serv.c: Several cleanups.

2001-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/ex1.tex, doc/tex/serv1.tex,
	lib/gnutls.h.in, lib/gnutls_db.c, lib/gnutls_db.h,
	lib/gnutls_session.c, lib/gnutls_session.h, src/cli.c, src/serv.c: 
	Changes in function names concerning _db_ handling and _session_
	handling.

2001-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, doc/tex/ex1.tex, doc/tex/ex2.tex,
	doc/tex/ex3.tex, doc/tex/serv1.tex, lib/auth_dhe_rsa.c,
	lib/auth_x509.c, lib/auth_x509.h, lib/gnutls.h.in,
	lib/gnutls_anon_cred.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_srp.c,
	lib/gnutls_ui.h, src/cli.c, src/serv.c: Added callback to select the
	server certificate.

2001-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	lib/auth_x509.c, lib/gnutls_record.c, lib/gnutls_ui.c,
	lib/gnutls_ui.h, src/cli.c, src/common.h, src/serv.c: optimized
	certificate handling API

2001-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe_rsa.c, lib/auth_x509.c, lib/auth_x509.h,
	lib/gnutls_cert.h, lib/gnutls_ui.h, src/serv.c: several cleanups.
	Removed old unneeded functions.  certificate verification was moved
	out of the handshake procedure.

2001-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in, lib/gnutls_buffers.c, lib/gnutls_global.c,
	lib/gnutls_int.h, lib/gnutls_record.c: some cleanups

2001-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/auth_dhe_rsa.c, lib/auth_x509.c,
	lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_auth.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_ui.c,
	lib/gnutls_ui.h, lib/x509_extensions.c, lib/x509_extensions.h,
	src/Makefile.am, src/cli.c, src/common.h, src/port.h, src/serv.c: 
	now the peer's certificate list is stored into auth info structure
	(instead of the certificate).  several other cleanups.

2001-12-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_x509.c, lib/auth_x509.h, lib/debug.c, lib/debug.h,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_ui.c,
	lib/gnutls_ui.h, lib/x509_extensions.c, src/cli.c, src/serv.c: 
	moving gnutls_DN structures out of gnutls_cert and auth_info
	structures.  Now they are generated upon request.

2001-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, configure.in, lib/defines.h, lib/gnutls.h.in: fixes in
	autoconf scripts

2001-12-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, Makefile.am, NEWS, acconfig.h, configure.in,
	lib/auth_x509.c, lib/defines.h, lib/gnutls_random.c: updated
	detection of library settings

2001-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, lib/auth_x509.c, lib/auth_x509.h, lib/gnutls_cert.c,
	lib/gnutls_int.h, lib/x509_extensions.c, src/cli.c: The RDN sequence
	needed in the certificate request message is now generated and
	cached into a x509pki_credentials structure.  This would save a lot
	of time in the server side.

2001-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2001-11-29  Fabio Fiorina <fiorinaf@gnutls.org>

	* doc/ASN1.readme.txt: overflow buffers check

2001-11-29  Fabio Fiorina <fiorinaf@gnutls.org>

	* doc/ASN1.readme.txt, lib/x509_ASN.y, lib/x509_asn1.c,
	lib/x509_asn1.h: ""

2001-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/auth_anon.c, lib/auth_dhe_rsa.c,
	lib/auth_rsa.c, lib/auth_srp.c, lib/auth_x509.c, lib/auth_x509.h,
	lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_db.c,
	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_session.c,
	lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
	lib/gnutls_ui.c, lib/gnutls_ui.h, src/cli.c: introduced
	gnutls_x509pki_get_certificate(). This function returns the peer's
	certificate DER encoded. This certificate is also stored in the
	resume db.

2001-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.h: [no log message]

2001-11-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS, configure.in, doc/README.autoconf, doc/TODO,
	lib/gnutls.h.in, lib/gnutls_db.c, lib/libgnutls.m4: cleanups and
	some corrections.

2001-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/srp1.tex,
	lib/gnutls.h.in, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_db.c, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_record.c, lib/gnutls_record.h, src/cli.c, src/serv.c: 
	gnutls_handshake(), gnutls_read() etc. functions no longer require
	the 'SOCKET cd' argument. This argument is set using the function
	gnutls_set_transport_ptr().

2001-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.autoconf: [no log message]

2001-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.autoconf: gnutls.m4 -> libgnutls.m4

2001-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am: added new pictures

2001-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ciphersuites.tex: updated

2001-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: [no log message]

2001-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: [no log message]

2001-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc: produces better tex output

2001-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc, lib/gnutls_ui.c: updated documentation (and
	generation of tex)

2001-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: updated

2001-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: fixed gnutls_kx_get_name()

2001-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_ui.h: cleanups

2001-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc, lib/gnutls_record.c, lib/x509_asn1.c: Gdoc
	updated. Now handles powers and '->' symbol automatically for tex.

2001-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO: [no log message]

2001-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_der.c: corrected typo

2001-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ASN1.readme.txt, doc/scripts/gdoc, doc/tex/Makefile.am,
	doc/tex/asn1.tex, doc/tex/gnutls.tex, lib/Makefile.am,
	lib/x509_ASN.y, lib/x509_asn1.c, lib/x509_der.c: Documentation for
	ASN.1 has been moved to inline comments and to the tex
	documentation.

2001-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h: removed E_TIMEOUT

2001-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/auth_dhe_rsa.c, lib/auth_srp.c,
	lib/auth_x509.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_record.c,
	src/serv.c: corrected some obscure bugs in the handshake and record
	send buffering code.

2001-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: removed debugging stuff

2001-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2001-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2001-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2001-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2001-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2001-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS: [no log message]

2001-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: more fixes

2001-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_priority.c, lib/gnutls_record.c, lib/io_debug.h,
	src/serv.c: more non blocking IO fixes

2001-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: now resolves hostnames.

2001-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/defines.h, lib/gnutls_priority.c: va_copy macro renamed to
	VA_COPY

2001-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: now requires autoconf 2.50

2001-11-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/ext_max_record.c, lib/gnutls.h.in,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_compress_int.c, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_mem.c,
	lib/gnutls_mem.h, lib/gnutls_privkey.c, lib/gnutls_record.c,
	lib/io_debug.h, src/cli.c, src/serv.c: several fixes.  Including: - max_record_header extension.  - resume handshake sending wrong ssl version - Non blocking IO (not ready yet)

2001-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_int.h: [no log message]

2001-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/Makefile.am, doc/tex/resumedb.tex,
	doc/tex/translayer.tex, lib/auth_x509.c, lib/gnutls.h.in,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
	src/cli.c: cleanups and documentation updates

2001-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_x509.c: rolled back previous change...

2001-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_x509.c: made empty certificate message consistent with
	other implementations.

2001-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_dhe_rsa.c, lib/auth_srp.c,
	lib/auth_srp_passwd.c, lib/auth_x509.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_dh.c, lib/gnutls_dh_primes.c,
	lib/gnutls_gcry.c, lib/gnutls_gcry.h, lib/gnutls_pk.c,
	lib/gnutls_privkey.c, lib/gnutls_record.c, lib/gnutls_session.c,
	lib/gnutls_sig.c, lib/gnutls_srp.c, lib/x509_sig_check.c: corrected
	memory leaks and other bugs

2001-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: added warning

2001-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/Makefile.am, lib/ext_dnsname.c,
	lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_srp.c,
	lib/gnutls.h.in, lib/gnutls_constate.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
	src/cli.c: added max_record_size extension

2001-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session.c: corrected bug which made
	get_current_session, not to return the right size of the session.

2001-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_dhe_rsa.c, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_int.h, lib/gnutls_mem.c,
	lib/gnutls_record.c: receive buffer is now dynamic.

2001-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_handshake.c, lib/gnutls_record.c, src/cli.c: 
	changed semantics of the GNUTLS_E_REHANDSHAKE error code.

2001-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, configure.in, lib/defines.h, lib/gnutls_priority.c: 
	added support for va_copy

2001-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/translayer.tex, lib/gnutls_db.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
	src/serv.c: cleanups

2001-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.h: list -> gnutls_list

2001-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in, lib/gnutls_anon_cred.c, lib/gnutls_int.h,
	lib/gnutls_priority.c: changed LIST to GNUTLS_LIST

2001-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in, lib/gnutls_db.c: added new function to check for
	expired sessions.

2001-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: cleanups

2001-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_sig.c: 
	cleanups in function names

2001-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c: cleanups in the resuming code

2001-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, configure.in, lib/gnutls.h.in, lib/gnutls_db.c,
	lib/gnutls_db.h, lib/gnutls_int.h, lib/gnutls_record.c: added hooks
	in order to use external database to store session to be resumed.
	Works but it is not finished.

2001-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_global.c, lib/gnutls_int.h: 
	set_push() & set_pull() functions moved to state (instead of being
	global)

2001-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, README.CVS => doc/README.CVS: moved README.CVS to
	doc/

2001-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README.CVS: added documentation of the steps required to built the
	cvs tree

2001-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/auth_srp_passwd.c, lib/auth_x509.c,
	lib/gnutls_auth.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_record.c,
	lib/gnutls_record.h, lib/io_debug.h, src/cli.c, src/serv.c: Adopted
	some of the patches of Jon Nelson. Fixes the non blocking behaviour.

2001-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2001-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c: corrected and fixed
	several things in send_int() etc.

2001-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/translayer.tex: Added missing file.

2001-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2001-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/TODO, doc/scripts/Makefile.am: added scripts
	into distribution

2001-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: [no log message]

2001-10-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c, lib/gnutls_session.c: corrected bugs in session
	resuming.

2001-10-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/gnutls_db.c, lib/gnutls_int.h,
	lib/gnutls_mem.c, lib/gnutls_session.c: [no log message]

2001-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_int.h, lib/io_debug.h: cleanups

2001-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/io_debug.h: added IO debugging code

2001-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in: [no log message]

2001-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_buffers.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_kx.h, lib/gnutls_record.c: added some checks for memory
	allocation.  Fixes in write interrupts.

2001-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: corrected bugs which could break non
	blocking IO

2001-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* PGPKEYS: added file. Holds pgp keys

2001-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_record.c: corrections for the
	gnutls_read_buffered() function.

2001-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
	lib/gnutls_record.c, src/serv.c: updated/fixed the handling of
	interrupted writes

2001-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_record.c: 
	changed  gnutls_write() semantics in order to cope with interrupted
	system calls and non blocking IO

2001-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: [no log message]

2001-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in, lib/gnutls_int.h: [no log message]

2001-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/Makefile.am, doc/tex/gnutls.tex, lib/gnutls.h.in,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c: 
	changes in order to be independent of the berkeley style sockets
	(but it is still difficult to use gnutls with any other api)

2001-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: made gnutls_write() unaware of interrupted
	system calls and eagain errors.

2001-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS, doc/tex/resumedb.tex, lib/gnutls_buffers.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_record.c,
	lib/gnutls_ui.c, lib/gnutls_ui.h, src/serv.c: several cleanups

2001-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_int.h: Corrected short read bug

2001-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: corrected _gnutls_write()

2001-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: peeked data now stays also in handshake

2001-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_kx.c: corrected bug which caused a fatal alert to be
	sent even if it wasn't required

2001-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_x509.c, lib/gnutls_record.c, lib/gnutls_sig.c, src/cli.c: 
	[no log message]

2001-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls_buffers.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
	lib/gnutls_record.c: introduced GNUTLS_E_INTERRUPTED, fixes in error
	handling

2001-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h: 
	the gnutls handshake protocol can now hold it's state. Thus it may
	be used in some kind of non blocking mode. Not tested at all

2001-10-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
	lib/gnutls_record.c: clean ups in the handshake protocol

2001-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/ex1.tex, doc/tex/gnutls.tex,
	doc/tex/resumedb.tex: [no log message]

2001-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/TODO, doc/tex/ex3.tex, doc/tex/serv1.tex,
	lib/auth_dhe_rsa.c, lib/auth_rsa.c, lib/auth_x509.c,
	lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_auth.c,
	lib/gnutls_auth_int.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
	src/cli.c, src/serv.c: auth_info types and structures were moved to
	the internals of the library.  This makes the library incompatible
	(source & binary) with the previous versions.

2001-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_srp.c, lib/gnutls.h.in, lib/gnutls_cert.c,
	lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_ui.h: added option to regenerate
	primes and generators for EDH

2001-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_x509.c, lib/ext_dnsname.c, lib/ext_dnsname.h,
	lib/gnutls.h.in, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	src/cli.c, src/crypt.c, src/serv.c: updated name indication
	extension (dnsname)

2001-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/crypt-gaa.c, src/crypt.gaa: renamed crypt to
	srpcrypt.

2001-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/auth_anon.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_global.c, lib/gnutls_int.h,
	src/crypt.c: better prime handling

2001-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ciphersuites.tex: [no log message]

2001-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/.cvsignore: [no log message]

2001-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_dhe_rsa.c, lib/auth_srp_passwd.c,
	lib/auth_x509.c, lib/gnutls.h.in, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_dh_primes.c, lib/gnutls_record.h, lib/gnutls_srp.c: 
	Updated the handling of prime numbers.

2001-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe_rsa.c, lib/auth_x509.c, lib/gnutls.h.in,
	lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_sig.h: several
	cleanups

2001-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_sig.c: [no log message]

2001-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, THANKS, configure.in, doc/tex/ex3.tex, lib/auth_anon.c,
	lib/auth_dhe_rsa.c, lib/auth_x509.c, lib/auth_x509.h,
	lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_datum.c, lib/gnutls_int.h, lib/gnutls_record.c,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/x509_extensions.c,
	src/cli.c, src/serv.c: added DHE_RSA ciphersuites

2001-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/{draft-ietf-tls-ciphersuite-03.txt =>
	draft-ietf-tls-ciphersuite-05.txt},
	doc/protocol/{draft-ietf-tls-extensions-00.txt =>
	draft-ietf-tls-extensions-01.txt},
	doc/protocol/draft-ietf-tls-kerb-00.txt, doc/protocol/rfc2712.txt: 
	updated documents

2001-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/x509_extensions.c: [no log message]

2001-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509_asn1.c, lib/x509_extensions.c: fixes in the certificate
	extensions handling code.  Bugs reported by Neil Spring
	<nspring@saavie.org>

2001-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/gnutls.tex: [no log message]

2001-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ciphersuites.tex: [no log message]

2001-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* buildconf, doc/tex/macros.tex: [no log message]

2001-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/ciphersuites.tex, doc/tex/gnutls.tex: 
	more documentation

2001-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_anon.c, lib/auth_rsa.c,
	lib/auth_x509.c, lib/auth_x509.h, lib/gnutls_cert.c,
	lib/gnutls_dh.h, lib/gnutls_ui.c, lib/gnutls_ui.h: several cleanups
	in order to support DHE_RSA

2001-09-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe_rsa.c: Preliminary support for DHE_RSA

2001-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_dhe_dss.c, lib/gnutls_compress_int.h, lib/gnutls_num.c: 
	[no log message]

2001-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am: [no log message]

2001-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2001-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: updated documentation

2001-09-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, doc/TODO: [no log message]

2001-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/ex3.tex, lib/Makefile.am, lib/auth_rsa.c,
	lib/auth_x509.c, lib/auth_x509.h, lib/gnutls.h.in,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
	lib/gnutls_int.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
	lib/x509_extensions.c, src/cli.c, src/serv.c: Client certificate
	callback has been improved

2001-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-09-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.autoconf, doc/TODO: [no log message]

2001-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/Makefile.am, lib/Makefile.am: updated
	documentation generation

2001-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-09-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: updated documentation

2001-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2001-08-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/gnutls_int.h, lib/gnutls_num.h: minor
	bugfixes

2001-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, configure.in, lib/gnutls_global.c: use of sigaction
	instead of signal(), to ignore SIGPIPE

2001-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* buildconf: [no log message]

2001-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/Makefile.am, doc/tex/{cover.tex =>
	cover.tex.in}, doc/tex/serv1.tex, lib/auth_rsa.c, lib/auth_x509.h,
	lib/gnutls.h.in, lib/gnutls_cert.c, lib/gnutls_int.h,
	lib/gnutls_ui.c, lib/gnutls_ui.h, src/serv.c: 
	gnutls_set_certificate_request() renamed to
	gnutls_x509pki_set_cert_request().  Added
	gnutls_x509pki_set_cert_callback().

2001-08-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/gnutls.h.in, lib/gnutls_anon_cred.c,
	lib/gnutls_cipher.c, lib/gnutls_record.c, lib/x509_asn1.c,
	lib/x509_asn1.h, lib/x509_b64.c, lib/x509_der.c, src/serv.c: fixed
	memory leaks

2001-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls.h.in: updated gnutls.h file

2001-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cover.tex: [no log message]

2001-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cover.tex, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_record.c, lib/gnutls_ui.c, src/serv.c: some memory
	optimization while receiving packets

2001-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c: 
	header size is now written in gnutls_cipher.c

2001-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2001-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls.h.in, lib/gnutls_int.h,
	lib/gnutls_record.c, src/cli.c, src/serv.c: bugfixes and minor
	updates

2001-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/serv1.tex, doc/tex/srp1.tex: corrected and updated
	documentation

2001-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in, lib/gnutls_int.h, lib/gnutls_record.c,
	src/cli.c, src/serv.c: changed gnutls_bye() behaviour

2001-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in, lib/gnutls_buffers.c, lib/gnutls_int.h,
	lib/gnutls_record.c: several fixes in gnutls_bye() function, and in
	gnutls_recv_int()

2001-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: corrected bugs in version handling and in
	certificate initialization

2001-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/auth_srp.c, lib/ext_srp.c,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_record.c,
	src/cli.c: better support for buffered read and several cleanups

2001-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_kx.c, lib/gnutls_record.c: gnutls
	now sends (again) record packets using one write.

2001-08-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_srp.c: corrected free for data not belonging to the
	heap

2001-08-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_srp.c, lib/auth_srp_passwd.c,
	lib/crypt_bcrypt.c, lib/gnutls_buffers.c, lib/gnutls_dh.c,
	lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
	lib/gnutls_srp.c: several checks for failed allocations and other
	fixes

2001-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2001-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/ext_srp.c, lib/gnutls_dh.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_privkey.c, src/cli.c: fixes in SRP key exchange and
	several others.

2001-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/tex/ex3.tex, doc/tex/serv1.tex,
	lib/auth_rsa.c, lib/ext_srp.c, lib/gnutls_auth_int.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_ui.h,
	lib/x509_sig_check.c, lib/x509_verify.c, src/cli.c, src/serv.c: 
	server side client authentication works

2001-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/auth_anon.c, lib/auth_rsa.c, lib/auth_srp.c,
	lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_auth.h,
	lib/gnutls_cert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_kx.h, src/serv.c: additions in order for gnutls server to
	support client authentication

2001-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
	lib/gnutls_constate.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_pk.c: ssl3 fixes and several others.

2001-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.c: realloc does not realloc memory if less size is
	requested.

2001-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_int.h: 
	updated in key usage fields

2001-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
	lib/x509_sig_check.c: cleanups in the signature generating functions

2001-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_kx.c: [no log message]

2001-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_anon.c, lib/auth_anon.h, lib/auth_rsa.c,
	lib/auth_srp.c, lib/auth_srp.h, lib/auth_x509.c, lib/auth_x509.h,
	lib/ext_srp.c, lib/gnutls.h.in, lib/gnutls_auth.c,
	lib/gnutls_buffers.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_ui.c, lib/gnutls_ui.h, lib/gnutls_v2_compat.c,
	src/cli.c, src/serv.c: several fixes. Added client authentication
	with x509PKI

2001-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_rsa.c, lib/gnutls_buffers.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_sig.c, lib/{gnutls_sig_check.c => x509_sig_check.c}: more
	x509 client certificate stuff

2001-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/x509/clicert.pem, src/x509/clikey.pem: added client
	certificates

2001-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_rsa.c, lib/gnutls_cert.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_pk.c, lib/gnutls_sig.c, lib/gnutls_sig.h, src/cli.c,
	src/x509/Makefile.am: several additions for x509 client
	authentication

2001-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
	lib/gnutls_record.c: added the concept of optional handshake packets
	(like CERTIFICATE_REQUEST).  several other fixes.

2001-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_anon.h, lib/auth_rsa.c, lib/auth_srp.c,
	lib/auth_srp.h, lib/auth_x509.h, lib/ext_srp.c,
	lib/gnutls_algorithms.c, lib/gnutls_auth.h, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_record.c,
	lib/gnutls_ui.c: several cleanups and updates in the handshake
	protocol implementation iolaiiiiiCVS:

	----------------------------------------------------------------------

2001-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/tex/ex3.tex, doc/tex/serv1.tex,
	lib/Makefile.am, lib/auth_x509.c, lib/auth_x509.h, lib/gnutls.h.in,
	lib/gnutls_cert.h, lib/gnutls_errors_int.h, lib/gnutls_int.h,
	lib/gnutls_ui.c, lib/gnutls_ui.h, src/cli.c, src/serv.c: several
	cleanups. No longer export structures to the API, but a bunch of
	functions in order to access them.

2001-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex: 
	gnutls_x509_set_cn() was removed

2001-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.autoconf, doc/TODO: [no log message]

2001-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/.cvsignore, lib/x509_asn1.h, lib/x509_der.h: [no log message]

2001-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls.h.in, lib/gnutls_global.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
	src/.cvsignore: added new function gnutls_send_alert() to the api

2001-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_rsa.c, lib/auth_x509.c,
	lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_cert.c,
	lib/gnutls_cert.h: cleanups in certificate copying

2001-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/CertificateExample.c, src/CrlExample.c, src/Makefile.am,
	src/asn1c.c, src/prime.c: fixes for the new files

2001-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_rsa.c, lib/auth_srp_passwd.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_global.c,
	lib/gnutls_global.h, lib/gnutls_privkey.c, lib/gnutls_sig_check.c,
	lib/pkcs1_asn1_tab.c, lib/pkix_asn1_tab.c, lib/{cert_ASN.y =>
	x509_ASN.y}, lib/{cert_asn1.c => x509_asn1.c}, lib/{cert_asn1.h =>
	x509_asn1.h}, lib/{cert_b64.c => x509_b64.c}, lib/{cert_b64.h =>
	x509_b64.h}, lib/{cert_der.c => x509_der.c}, lib/{cert_der.h =>
	x509_der.h}, lib/x509_extensions.c, lib/x509_extensions.h,
	lib/{cert_verify.c => x509_verify.c}, lib/{cert_verify.h =>
	x509_verify.h}: renamed cert_* to x509_*

2001-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_asn1.c, lib/cert_asn1.h, lib/cert_der.c, lib/cert_der.h,
	lib/gnutls_cert.c: asn1_read_value() will no longer overflow the
	given buffer.  (this assumes that the caller provided the size of
	the buffer)

2001-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/auth_x509.h, lib/gnutls.h.in,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_sig_check.c: fixes in x509 cert
	extensions handling

2001-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h: minor fixes

2001-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_mem.c, lib/gnutls_mem.h: added internal memory handlers

2001-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/auth_rsa.c, lib/cert_b64.c,
	lib/crypt_bcrypt.c, lib/crypt_srpsha1.c, lib/gnutls_algorithms.c,
	lib/gnutls_datum.h, lib/gnutls_global.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_pk.c,
	src/serv.c: added internal memory handlers

2001-08-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/gnutls.tex: [no log message]

2001-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: [no log message]

2001-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c, src/cli.c: subjectAltName related fixes

2001-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/auth_x509.h, lib/cert_verify.c,
	lib/cert_verify.h, lib/gnutls.h.in, lib/gnutls_auth.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_record.c,
	src/cli.c: added some kind of support for X509 Extensions

2001-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/cover.tex, doc/tex/ex3.tex, doc/tex/gnutls.tex,
	doc/tex/macros.tex: [no log message]

2001-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/cover.tex, doc/tex/fdl.tex,
	doc/tex/gnutls.tex, doc/tex/macros.tex: documentation updates

2001-08-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
	doc/tex/gnutls.tex, doc/tex/serv1.tex, doc/tex/srp1.tex,
	lib/gnutls_auth.c, lib/gnutls_record.c: documentation fixes

2001-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc, doc/tex/Makefile.am, doc/tex/gnutls.tex,
	lib/auth_anon.c, lib/auth_anon.h, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/ext_srp.c, lib/gnutls_anon_cred.c,
	lib/gnutls_srp.c: fixed api documentation (for srp and anon cred
	allocation)

2001-07-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/tex/Makefile.am, doc/tex/serv1.tex,
	lib/gnutls_global.c, lib/gnutls_int.h: [no log message]

2001-07-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: added profiler option

2001-07-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_sb64.c, lib/cert_b64.c, lib/debug.c,
	lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_constate.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_record.c,
	lib/gnutls_sig_check.c, lib/gnutls_v2_compat.c: added log function
	(no longer use fprintf).

2001-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_record.c: fixes in EOF handling
	in handshake.

2001-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: detect EOF

2001-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc, doc/tex/.cvsignore, doc/tex/Makefile.am: [no log
	message]

2001-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc, doc/tex/.cvsignore, doc/tex/gnutls.tex: [no log
	message]

2001-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2001-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am, doc/tex/gnutls.tex, doc/tex/serv1.tex,
	doc/tex/srp1.tex: documentation updates

2001-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/gnutls.tex: [no log message]

2001-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/gdoc, doc/tex/Makefile.am: fixes in tex production
	(gdoc)

2001-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am: [no log message]

2001-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/tex/Makefile.am: [no log message]

2001-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/API-template.html, doc/Makefile.am,
	doc/scripts/gdoc, doc/tex/Makefile.am, doc/tex/ex1.tex,
	doc/tex/ex2.tex, doc/tex/ex3.tex, doc/tex/gnutls.tex,
	lib/gnutls_record.c: Added documentation in TEX

2001-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API-template.html: [no log message]

2001-07-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API-template.html, doc/Makefile.am, doc/scripts/gdoc,
	lib/gnutls.h.in, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_sig_check.c: added some
	documentation. Bug fixes in CHANGECIPHER_SPEC packet.

2001-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/gnutls.h.in, lib/gnutls_buffers.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_global.c, lib/gnutls_record.c,
	src/cli.c, src/serv.c: changed gnutls_read() semantics

2001-07-26  Fabio Fiorina <fiorinaf@gnutls.org>

	* doc/TODO: Tools for Certificate

2001-07-26  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/cert_der.c: get time bug fixed

2001-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/srp/.cvsignore, src/x509/.cvsignore: [no log message]

2001-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: moving to 0.1.9

2001-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_verify.c: fixed/updated compare_dn() function.

2001-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_cert.c, src/serv.c: [no log message]

2001-07-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_sig_check.c: updated sig_check()

2001-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/auth_rsa.c, lib/cert_verify.c, lib/cert_verify.h,
	lib/gnutls.h.in, lib/gnutls_auth.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_int.h, lib/gnutls_sig_check.c,
	src/cli.c: gnutls now checks the certificate's CN to see if it
	matches the peer's name.

2001-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_pk.c, lib/gnutls_record.c: bugfixes

2001-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: support for multiple protocol versions.

2001-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/cert_b64.c, lib/gnutls.h.in, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_constate.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
	lib/gnutls_priority.h, lib/gnutls_record.c, lib/gnutls_v2_compat.c,
	src/serv.c: corrected bug in b64 decoding. Added support for
	multiple TLS protocol versions.

2001-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: ignores some errors

2001-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, lib/auth_rsa.c, lib/cert_verify.c, lib/gnutls_cert.c,
	lib/gnutls_int.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_sig_check.c: [no log message]

2001-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/cert_ASN.y, lib/cert_asn1.c, lib/cert_der.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress_int.c,
	lib/gnutls_handshake.c, lib/gnutls_privkey.c, lib/gnutls_record.c,
	src/serv.c: corrected memory leaks

2001-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/Makefile.am, lib/cert_asn1.h, lib/cert_verify.c,
	lib/ext_srp.c, lib/gnutls.h.in, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_int.h, lib/gnutls_privkey.c,
	lib/gnutls_record.c, lib/gnutls_sig_check.c, src/.cvsignore,
	src/asn1c.c, src/ca.pem, src/cli.c, src/pkcs1.asn, src/serv.c: 
	several fixes cleanups etc.

2001-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: [no log message]

2001-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/cert_asn1.c, lib/cert_asn1.h,
	lib/gnutls.h.in, lib/gnutls_global.c, lib/pkcs1.asn,
	lib/pkcs1_asn1_tab.c, {src => lib}/pkix.asn, src/Makefile.am,
	src/{PkixTabExample.c => asn1c.c}, src/cli.c, src/serv.c,
	src/srp/Makefile.am, src/x509/Makefile.am: updated file structure

2001-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/serv.c, src/{ => srp}/tpasswd, src/{ =>
	srp}/tpasswd.conf, src/x509/ca.pem, src/{ => x509}/cert.pem, src/{
	=> x509}/key.pem: updated directory structure

2001-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/protocol/draft-ietf-tls-srp-00.txt,
	doc/protocol/draft-ietf-tls-srp-01.txt, doc/protocol/rfc2313.txt,
	lib/Makefile.am, lib/auth_rsa.c, lib/cert_verify.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_sig.h,
	lib/gnutls_sig_check.c, src/ca.pem, src/cert.pem, src/key.pem,
	src/pkcs1.asn: added some kind of certificate checking

2001-07-19  Fabio Fiorina <fiorinaf@gnutls.org>

	* doc/ASN1.readme.txt, lib/cert_ASN.y, lib/cert_asn1.c,
	lib/cert_asn1.h, src/CertificateExample.c, src/CrlExample.c: ""

2001-07-19  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/pkcs1_asn1_tab.c, lib/pkix_asn1_tab.c: C structure management

2001-07-19  Fabio Fiorina <fiorinaf@gnutls.org>

	* src/PkixTabExample.c: C structure management

2001-07-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c: added mhash 0.8.10 support

2001-07-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/auth_x509.h, lib/gnutls.h.in,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	src/cli.c: more certificate fields parsed. Cleanups

2001-07-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/cert_verify.c, lib/cert_verify.h, lib/gnutls.h.in,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
	lib/gnutls_constate.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h, lib/gnutls_int.h,
	src/cli.c, src/serv.c: several cleanups. Added check for
	certificate's expiration time.

2001-07-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_rsa.c, lib/cert_verify.c,
	lib/cert_verify.h, lib/gnutls.h.in, lib/gnutls_cert.c,
	lib/gnutls_int.h, src/cli.c: updated cert_verify

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/CertificateExample.c: corrected copyright notice

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, lib/gnutls_anon_cred.c, lib/gnutls_srp.c: minor
	cleanups

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/auth_x509.h, lib/gnutls.h.in,
	lib/gnutls_cert.c, lib/gnutls_cert.h, src/cli.c: updated API

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_anon_cred.c: added missing file

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/auth_x509.h, lib/cert_verify.c,
	lib/gnutls.h.in, lib/gnutls_cert.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_srp.c,
	src/cli.c, src/serv.c: several bug fixes in ASN handling.
	Fixes/additions in X509 structures handling.

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h,
	lib/auth_rsa.c, lib/auth_srp.c, lib/auth_srp.h, lib/auth_x509.h,
	lib/ext_srp.c, lib/gnutls.h.in, lib/gnutls_auth.c,
	lib/gnutls_cert.c, lib/gnutls_global.c, lib/gnutls_privkey.c,
	lib/gnutls_srp.c, src/cli.c, src/serv.c: several cleanups

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_ASN.y: corrected copyright statement

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/README.autoconf: [no log message]

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_x509.h, lib/cert_verify.c,
	lib/gnutls.h.in, lib/gnutls_cert.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h: improved certificate handling

2001-07-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: updated

2001-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* buildconf: added autoconf2.50 (for debian)

2001-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acinclude.m4: added required .m4s

2001-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsusers: corrected fabio's entry

2001-07-12  Fabio Fiorina <fiorinaf@gnutls.org>

	* lib/cert_ASN.y, lib/cert_asn1.h, lib/cert_der.c, lib/cert_der.h,
	src/CertificateExample.c, src/CrlExample.c, src/pkix.asn: [no log
	message]

2001-07-12  Fabio Fiorina <fiorinaf@gnutls.org>

	* doc/ASN1.readme.txt, lib/cert_asn1.c: [no log message]

2001-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_record.c: bug fixes

2001-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_srp.c, lib/crypt_bcrypt.c, lib/crypt_bcrypt.h,
	lib/crypt_srpsha1.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_srp.c, lib/gnutls_srp.h: 
	optimizations in hash functions (removed a lot of mallocs)

2001-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.h, src/cert.pem, src/key.pem: [no log message]

2001-07-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/ASN1.readme.txt, lib/Makefile.am, lib/auth_rsa.c,
	lib/cert_ASN.y, lib/cert_asn1.c, lib/cert_asn1.h, lib/cert_der.c,
	lib/cert_der.h, lib/gnutls_cert.c, lib/gnutls_global.c,
	lib/gnutls_int.h, lib/gnutls_privkey.c, src/CertificateExample.c,
	src/Makefile.am, src/pkix.asn, src/serv.c: Updated ASN.1 Parser
	(Fabio - commited by me).

2001-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
	lib/gnutls_privkey.c: cleanups

2001-06-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/auth_srp_passwd.c, lib/ext_srp.c,
	lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_db.c, lib/gnutls_errors.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_kx.h, src/.cvsignore, src/cli.c,
	src/serv.c: Cleanups. Mostly while sending client certificate (and
	client certificate verify)

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/README.der: removed

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/ext_dnsname.c, lib/gnutls.h.in, lib/gnutls_constate.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	src/cli.c, src/serv.c: added support for DNSNAME extension
	(draft-ietf-tls-extensions)

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-ecc-01.txt,
	doc/protocol/draft-ietf-tn3270e-telnet-tls-05.txt: [no log message]

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-pkix-ac509prof-05.txt,
	doc/protocol/draft-ietf-tls-camellia-00.txt,
	doc/protocol/draft-ietf-tls-extensions-00.txt,
	doc/protocol/draft-ietf-tls-https-04.txt,
	doc/protocol/draft-ietf-tls-misty1-00.txt,
	doc/protocol/{draft-ietf-tls-openpgp-00.txt =>
	draft-ietf-tls-openpgp-01.txt},
	doc/protocol/draft-ietf-tls-seedhas-00.txt,
	doc/protocol/draft-ietf-tls-wireless-00.txt,
	doc/protocol/rfc2817.txt: added more up to date documentation

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/x509guide.txt: added gutman's x509guide

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO: [no log message]

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_priority.c: some portability
	fixes

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/Makefile.am, lib/auth_anon.c,
	lib/auth_dhe_dss.c, lib/auth_rsa.c, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/auth_srp_sb64.c, lib/cert_ASN.y,
	lib/cert_asn1.c, lib/cert_b64.c, lib/cert_der.c, lib/crypt.c,
	lib/crypt_bcrypt.c, lib/crypt_srpsha1.c, lib/debug.c,
	lib/ext_dnsname.c, lib/ext_srp.c, lib/gnutls.h.in,
	lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
	lib/gnutls_cipher_int.c, lib/gnutls_compress.c,
	lib/gnutls_compress_int.c, lib/gnutls_constate.c,
	lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_db.c,
	lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_extensions.c,
	lib/gnutls_gcry.c, lib/gnutls_global.c, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_priority.c,
	lib/gnutls_privkey.c, lib/gnutls_privkey.h, lib/gnutls_random.c,
	lib/gnutls_record.c, lib/gnutls_session.c, lib/gnutls_srp.c,
	lib/gnutls_v2_compat.c, src/cli.c, src/serv.c: fixes in
	ChangeCipherSpec handling (this also fixes rehandshake).  Several
	cleanups.

2001-06-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/debug.c, lib/gnutls_buffers.c,
	lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
	lib/gnutls_compress_int.c, lib/gnutls_datum.c, lib/gnutls_datum.h,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_record.c, lib/gnutls_v2_compat.c: 
	several cleanups

2001-06-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls_global.c: added checks for signals

2001-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, src/serv.c: corrected bug in stream
	decryption..

2001-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2001-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_rsa.c, lib/auth_x509.h, lib/gnutls.h.in,
	lib/gnutls_cert.c, lib/gnutls_cert.h: added internal representation
	of pkcs1 rsa private keys.

2001-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/Makefile.am, src/serv.c: [no log message]

2001-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, README, configure.in, doc/Makefile.am, doc/TODO,
	lib/Makefile.am, lib/gnutls.h.in, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_global.c,
	lib/gnutls_record.c, src/cli.c, src/pk.h, src/serv.c: added global
	state.

2001-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
	lib/gnutls_cert.h, lib/gnutls_int.h, src/cli.c, src/serv.c: minor
	cleanups

2001-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in: gnutls_cert is not defined here

2001-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.h, src/pk.h: added missing files

2001-06-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/TODO, lib/Makefile.am, lib/auth_rsa.c,
	lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_algorithms.c,
	lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_datum.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
	lib/gnutls_priority.c, lib/gnutls_v2_compat.c, src/serv.c: Updated
	Ciphersuite selection algorithm.  Added internal representation of
	x509 structures.

2001-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/auth_rsa.c, lib/cert_asn1.c, lib/cert_der.c,
	lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_pk.c, src/pkix.asn: client side RSA works (no certificate
	checking)

2001-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/auth_anon.c, lib/auth_rsa.c, lib/auth_srp.c,
	lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_kx.h, lib/gnutls_v2_compat.c, src/cli.c, src/serv.c: 
	removed unneeded code and added some kind of client support for RSA
	ciphersuites

2001-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2001-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/auth_rsa.c, lib/debug.c, lib/debug.h,
	lib/gnutls.h.in, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
	lib/gnutls_record.c, lib/gnutls_session.c, lib/gnutls_v2_compat.c,
	src/serv.c: fixes in session resuming..

2001-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_record.c,
	lib/gnutls_v2_compat.c: fixes in session resuming

2001-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_gcry.c, lib/gnutls_gcry.h: added missing files

2001-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/debug.c, lib/gnutls.h.in,
	lib/gnutls_algorithms.c, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_compress.c, lib/gnutls_compress.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_plaintext.c, lib/gnutls_plaintext.h,
	lib/gnutls_record.c, lib/gnutls_v2_compat.c, src/serv.c: several
	cleanups in the low level record layer (the old code was a mess).
	several other fixes.

2001-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_x509.h, lib/ext_dnsname.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_v2_compat.c: 
	cleanups. No longer checks for alerts between messages.

2001-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, doc/TODO, doc/protocol/draft-ietf-tls-https-04.txt,
	lib/Makefile.am, lib/defines.h, lib/gnutls.h.in,
	lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
	lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_record.c,
	src/cli.c, src/serv.c: cleanups and addition of a test http server
	(serv.c)

2001-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_record.c, lib/gnutls_v2_compat.c, src/serv.c: fixes in V2
	client hello.

2001-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/auth_rsa.c, lib/gnutls_algorithms.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_pk.c,
	lib/gnutls_v2_compat.c, src/pkcs1.asn, src/serv.c: several fixes for
	RSA. gnutls server can now work with rsa certificates.

2001-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_rsa.c, lib/auth_srp.c,
	lib/auth_srp_passwd.c, lib/auth_x509.h, lib/cert_asn1.h,
	lib/cert_b64.c, lib/cert_b64.h, lib/crypt_bcrypt.c,
	lib/crypt_srpsha1.c, lib/gnutls.h.in, lib/gnutls_algorithms.c,
	lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_num.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
	lib/gnutls_random.c, lib/gnutls_random.h, lib/{gnutls.c =>
	gnutls_record.c}, lib/gnutls_srp.c, lib/gnutls_v2_compat.c: several
	additions for RSA (mostly unstable)

2001-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pk.c, lib/gnutls_pk.h: some support for public key
	encryption (rsa)

2001-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_anon.c, lib/auth_dhe_dss.c,
	lib/auth_rsa.c, lib/auth_srp.c, lib/auth_x509.h, lib/defines.h,
	lib/ext_dnsname.c, lib/ext_dnsname.h, lib/gnutls.c,
	lib/gnutls.h.in, lib/gnutls_auth_int.h, lib/gnutls_dh.c,
	lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_srp.c: more rsa fixes.
	Added dnsname extension.

2001-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_rsa.c, lib/auth_srp.c, lib/auth_x509.h,
	lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_auth.h,
	lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, src/serv.c: more rsa stuff -- and cleanups

2001-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/pkcs1.asn: removed <CR>

2001-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/CertificateExample.c, src/pkcs1.asn, src/{Certificate.txt =>
	pkix.asn}: updated ASN.1 files.

2001-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Certificate.txt: [no log message]

2001-06-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, lib/Makefile.am, lib/auth_rsa.c,
	lib/auth_x509.h, lib/cert_asn1.h, lib/gnutls.h.in,
	lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c: several
	additions in order to support KX_RSA and X509PKI.

2001-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_auth.c: updated get_auth_info()

2001-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, buildconf, src/cli.c, src/serv.c: changed the setting
	of credentials

2001-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/.cvsignore, lib/auth_anon.c, lib/auth_anon.h, lib/auth_srp.c,
	lib/auth_srp_passwd.c, lib/ext_srp.c, lib/gnutls.h.in,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_auth.c, lib/gnutls_auth_int.h, lib/gnutls_int.h: better
	handling of set/get credentials.

2001-06-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_auth_int.h, lib/gnutls_buffers.c,
	lib/gnutls_int.h: added gnutls_datum structure.

2001-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: [no log message]

2001-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/.cvsignore: [no log message]

2001-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsignore, .cvsusers, AUTHORS, Makefile.am, changelog-update.sh: 
	added Fabio in AUTHORS, fixed the way ChangeLog is created.

2001-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: added a warning for the addition of new
	algorithms

2001-06-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/rfc2631.txt: added rfc on DH key exchange

2001-06-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* buildconf, lib/cert_der.asn1: [no log message]

2001-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ASN1.readme.txt: [no log message]

2001-06-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/cert_ASN.y, lib/cert_asn1.c,
	lib/cert_asn1.h, lib/cert_der.c, lib/cert_der.h, lib/gnutls_der.c,
	lib/gnutls_der.h, src/CertificateExample.c, src/Makefile.am: Added
	Fabio's ASN1/DER parser.

2001-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c: more descriptive comments

2001-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in: [no log message]

2001-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_sb64.c, lib/crypt.c, lib/crypt_bcrypt.c,
	lib/crypt_bcrypt.h, lib/crypt_srpsha1.c, lib/gnutls_srp.c,
	src/crypt.c: bugfixes in sbase64 decoding/encoding.  Changes in the
	included bcrypt algorithm.

2001-06-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_srp_passwd.h, lib/{cert_sb64.c =>
	auth_srp_sb64.c}, lib/cert_b64.h, lib/crypt_bcrypt.c,
	lib/crypt_srpsha1.c: renamed cert_sb64.c to auth_srp_sb64.c (since
	it is only used in SRP KX)

2001-06-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, acinclude.m4, configure.in: [no log message]

2001-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in: updated

2001-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/defines.h, lib/gnutls.c, lib/gnutls_cipher.c,
	lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.c,
	lib/gnutls_num.h: better handling of 64bit integers

2001-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypt_bcrypt.c, lib/crypt_srpsha1.c: better checking of return
	value of rindex

2001-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: updated to new api

2001-06-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls.h.in, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_priority.h,
	src/Makefile.am: updated documentation and functions

2001-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, lib/crypt.c, lib/defines.h, lib/ext_srp.c,
	lib/gnutls.c, lib/gnutls.h.in, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/gnutls_num.c, lib/gnutls_num.h,
	lib/gnutls_srp.c, src/prime.c, src/tpasswd: gnutls now handles
	uint64 even in systems without a native one.  several bug fixes.

2001-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypt_bcrypt.c, lib/crypt_srpsha1.c: corrected bug in verify

2001-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* buildconf, configure.in, lib/gnutls.h.in: updated configuration
	scripts to comply to autoconf 2.50

2001-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2001-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/scripts/gdoc: gdoc is now included in the cvs

2001-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am: [no log message]

2001-05-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, doc/Makefile.am, doc/TODO, lib/gnutls.c,
	lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_auth.c,
	lib/gnutls_auth_int.h, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher.h, lib/gnutls_db.c, lib/gnutls_errors.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_plaintext.c,
	lib/gnutls_plaintext.h, lib/gnutls_priority.c,
	lib/gnutls_session.c, src/cli.c, src/serv.c: updated API and
	documentation. Now we use the gnome way for creating API docs.

2001-05-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-05-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/README.crypt: [no log message]

2001-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls.h.in: [no log message]

2001-05-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/README: [no log message]

2001-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c: some cleanups in Diffie Hellman key exchange

2001-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, lib/auth_anon.c, lib/auth_anon.h, lib/auth_dhe_dss.c,
	lib/auth_dhe_dss.h, lib/cert_b64.c, lib/cert_sb64.c,
	lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_dh.c,
	lib/gnutls_dh.h, lib/gnutls_int.h, lib/gnutls_srp.c: removed
	DHE_DSS.  Added parameters to DH_ANON (size of prime).  cleanups.

2001-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/prime.c, src/serv.c: several updates

2001-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2001-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_passwd.c, lib/cert_sb64.c, lib/crypt_bcrypt.c,
	lib/crypt_srpsha1.c, lib/gnutls_int.h, src/crypt.c: Added decoding
	function for the base64 encoding used in SRP.  (this function is
	more strict in characters than the previous one)

2001-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_b64.c: corrected memory leaks

2001-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_dhe_dss.c, lib/auth_srp.c,
	lib/gnutls.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c,
	lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_v2_compat.c: several
	cleanups in numbers' handling

2001-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: [no log message]

2001-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/.cvsignore, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_num.c, lib/gnutls_num.h, src/.cvsignore: updated uint24
	functions.

2001-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_dhe_dss.c, lib/auth_srp.c,
	lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_v2_compat.c: Cleanups
	in endian handling (convertions).

2001-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c: several bug fixes

2001-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API: updated documentation

2001-05-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: updated

2001-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API: updated

2001-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: [no log message]

2001-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, configure.in, doc/API, lib/gnutls.c, lib/gnutls_errors.c,
	lib/gnutls_errors_int.h, lib/gnutls_handshake.c, src/cli.c: [no log
	message]

2001-05-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: sets the resumed_security_parameters to null
	after initialization

2001-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/API: [no log message]

2001-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: updated to new api

2001-05-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls.h.in, lib/gnutls_db.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h: 
	Updated API (gnutls_deinit()) gnutls_db: does not store anything if
	db has not been opened for reading.  Added some kind of support for
	renegotiation of parameters.

2001-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_handshake.h: 
	cleanups

2001-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/defines.h, lib/gnutls.c, lib/gnutls_db.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_session.c: 
	cleanups and several fixes(and speedups) in the resume DB

2001-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: updated client and servers

2001-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: cleanups

2001-05-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2001-05-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, lib/gnutls.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_dh.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_priority.h,
	src/cli.c, src/serv.c: Changed gnutls_set_*_priority functions.

2001-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/{gaaout.c => crypt-gaa.c}, src/{gaa.h =>
	crypt-gaa.h}, src/crypt.c, src/prime-gaa.c, src/prime-gaa.h,
	src/prime.c, src/prime.gaa, src/tpasswd, src/tpasswd.conf: [no log
	message]

2001-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crypt.c: updated

2001-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_errors.c, lib/gnutls_errors_int.h,
	lib/gnutls_handshake.c, lib/gnutls_srp.c, lib/gnutls_srp.h: [no log
	message]

2001-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_sb64.c: bugfixes

2001-05-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/crypt.c, src/crypt.gaa, src/gaa.h, src/gaaout.c,
	src/tpasswd, src/tpasswd.conf: added option to generate random
	primes (instead of using a default).  Added option to specify a
	specific prime to use (index)

2001-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-05-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/README.autoconf, lib/libgnutls-config.in: [no
	log message]

2001-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/libgnutls.m4: updated

2001-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls.c, lib/libgnutls.m4: corrected scripts

2001-05-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, acinclude.m4, changelog-update.sh, configure.in,
	lib/Makefile.am, lib/gnutls.c, lib/{gnutls.h => gnutls.h.in},
	lib/gnutls_auth.c, lib/gnutls_errors.h, lib/gnutls_errors_int.h,
	lib/libgnutls-config.in, lib/libgnutls.m4, src/Makefile.am,
	src/serv.c: Added libgnutls-config script gnutls.h is automaticaly
	generated by configure script Added libgnutls.m4

2001-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* changelog-update.sh: [no log message]

2001-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2001-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_srp.c: Added missing length in username.

2001-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/API, lib/auth_anon.c, lib/auth_dhe_dss.c,
	lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls.c,
	lib/gnutls.h, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
	lib/gnutls_cipher.c, lib/gnutls_db.c, lib/gnutls_int.h,
	lib/gnutls_session.c, lib/gnutls_session.h, src/cli.c, src/serv.c: 
	added functions to access authentication data (like username), and
	the key exchange algorithm used.

2001-05-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/API, lib/gnutls_db.c: [no log message]

2001-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_sb64.c: cleanups

2001-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls_db.c: clean_db() now clears expired entries
	only

2001-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/tpasswd, src/tpasswd.conf: example tpasswd files.

2001-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp_passwd.c, lib/cert_sb64.c, lib/gnutls_int.h,
	src/crypt.c: minor updates and fixes

2001-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/TODO: [no log message]

2001-05-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/auth_srp.c, lib/auth_srp_passwd.c,
	lib/auth_srp_passwd.h, lib/crypt.c, lib/crypt.h,
	lib/crypt_bcrypt.c, lib/crypt_bcrypt.h, lib/crypt_srpsha1.c,
	lib/crypt_srpsha1.h, lib/gnutls.h, lib/gnutls_srp.c,
	lib/gnutls_srp.h, src/Makefile.am, src/README.crypt, src/cli.c,
	src/crypt.c, src/crypt.gaa, src/gaa.h, src/gaaout.c, src/serv.c: 
	Added compatibility with Tom Wu's libsrp's password files.

2001-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_sb64.c: [no log message]

2001-05-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/auth_srp.c, lib/auth_srp.h,
	lib/auth_srp_passwd.c, lib/cert_b64.c, lib/cert_b64.h, lib/debug.c,
	lib/gnutls.h, lib/gnutls_int.h, lib/gnutls_srp.c, src/port.h,
	src/serv.c: added support for Tom Wu's srp library tpasswd and
	tpasswd.conf files.

2001-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls.c, lib/gnutls_int.h: fixes in memory
	allocation

2001-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_buffers.c, lib/gnutls_db.c,
	lib/gnutls_hash_int.c, lib/gnutls_int.h: corrected memory leaks

2001-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/Makefile.am: [no log message]

2001-05-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, lib/gnutls.h, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
	src/cli.c, src/serv.c: credentials are now kept globaly (in order to
	minimize memory usage).  This makes no harm since these are never
	modified by gnutls.

2001-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, lib/gnutls.h: [no log message]

2001-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: [no log message]

2001-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated TODO list

2001-05-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/auth_srp_passwd.c, lib/cert_b64.c,
	lib/crypt_bcrypt.c, lib/crypt_srpsha1.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_srp.c, lib/gnutls_srp.h, src/cli.c,
	src/serv.c: several fixes for srp. Seems to work now!

2001-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_v2_compat.c: better version handling

2001-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, doc/TODO, lib/Makefile.am, lib/gnutls.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_v2_compat.c,
	lib/gnutls_v2_compat.h, src/cli.c: added support for SSL 2.0 client
	hello

2001-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/auth_srp.c, lib/auth_srp_passwd.c,
	lib/ext_srp.c, lib/gnutls.c, lib/gnutls.h, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_srp.c, src/cli.c, src/serv.c: several fixes for srp

2001-05-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, lib/auth_srp.c, lib/auth_srp_passwd.c, lib/ext_srp.c,
	lib/gnutls_auth.c, lib/gnutls_auth_int.h, lib/gnutls_handshake.c: 
	gnutls_get_kx_cred() now returns err value. set_kx_cred() now
	accepts size.

2001-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am: added missing gaa.h

2001-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_srp.c: some modulo fixes

2001-05-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/auth_srp_passwd.c, lib/auth_srp_passwd.h,
	lib/ext_srp.c, lib/gnutls_srp.c, lib/gnutls_srp.h: more srp related
	fixes. No longer fails authentication if wrong username is provided.

2001-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/crypt.c, lib/crypt_bcrypt.c,
	lib/crypt_bcrypt.h, lib/crypt_srpsha1.c, lib/gnutls.h,
	lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_int.h, lib/gnutls_srp.c, lib/gnutls_srp.h: some hacks in
	order to exchange the algorithm used to hash the password...

2001-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/gnutls_srp.c, lib/gnutls_srp.h: cleanups for
	srp. Most mpi code has moved to gnutls_srp.c

2001-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/.cvsignore: [no log message]

2001-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/ext_srp.c, lib/gnutls_int.h: more srp related
	fixes

2001-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/gnutls.h, lib/gnutls_algorithms.c,
	lib/gnutls_auth_int.h, lib/gnutls_extensions.c,
	lib/gnutls_handshake.c: some fixes - srp related

2001-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c: [no log message]

2001-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_srp.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
	lib/auth_srp_passwd.h: more srp stuff

2001-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/crypt_bcrypt.c, lib/crypt_srpsha1.c,
	lib/ext_srp.c, lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
	lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_auth_int.h,
	lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_srp.c,
	lib/gnutls_srp.h, src/crypt.c: more additions for SRP

2001-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/crypt.c: fixed default case when no -s was specified

2001-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/cert_b64.h, lib/crypt.c, lib/crypt_bcrypt.c,
	lib/crypt_srpsha1.c, lib/crypt_srpsha1.h, lib/gnutls.h,
	lib/gnutls_dh.c, lib/gnutls_srp.c, lib/gnutls_srp.h, src/crypt.c,
	src/crypt.gaa, src/gaa.h, src/gaaout.c: More adds for SRP - SRPSHA1
	and bcrypt

2001-05-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_b64.c: corrected bug in decoding function

2001-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/crypt_bcrypt.h: for bcrypt support

2001-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, configure.in, lib/Makefile.am, lib/cert_b64.c,
	lib/crypt.c, lib/crypt_bcrypt.c, lib/defines.h, lib/gnutls.h,
	lib/gnutls_cipher.c, lib/gnutls_cipher_int.h,
	lib/gnutls_handshake.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_random.c, lib/gnutls_random.h, src/Makefile.am,
	src/crypt.c, src/crypt.gaa, src/gaa.h, src/gaaout.c: Changes in
	random number handling. Added bcrypt (for use with SRP).  Added test
	program crypt for creating bcrypt passwd files.

2001-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, lib/Makefile.am, lib/gnutls.c, lib/gnutls.h,
	lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_auth_int.h,
	lib/gnutls_int.h: added support for setting authentication
	algorithms' credentials

2001-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_kx.c: cleanups... and more
	modular design.

2001-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsignore: [no log message]

2001-05-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth_anon.c, lib/auth_dhe_dss.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_handshake.c,
	lib/gnutls_kx.c, lib/gnutls_kx.h: Added client kx0 and server kx2 in
	order to be used with SRP

2001-05-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* buildconf: updated

2001-03-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/ssl-2.txt: added SSL v2 spec

2001-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_extensions.c: in case there are no extensions ext_gen()
	does not return anything (NULL);

2001-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.h, lib/gnutls.c, lib/gnutls_algorithms.c,
	lib/gnutls_handshake.c: more cleanups

2001-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext_srp.c, lib/gnutls_extensions.c: send extensions feature
	was added.

2001-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/auth_anon.c, lib/auth_dhe_dss.c, lib/debug.c,
	lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, src/serv.c: several bugfixes and cleanups

2001-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/ext_srp.c, lib/ext_srp.h,
	lib/gnutls_extensions.c, lib/gnutls_extensions.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h: Added some preliminary
	support for TLS extensions;

2001-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated todo list

2001-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/rfc2945.txt: added RFC for srp protocol

2001-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: updated with new files

2001-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/{gnutls_anon.c => auth_anon.c},
	lib/{gnutls_anon.h => auth_anon.h}, lib/{gnutls_dhe_dss.c =>
	auth_dhe_dss.c}, lib/{gnutls_dhe_dss.h => auth_dhe_dss.h}: moved
	gnutls_anon and gnutls_dhe_dss to auth_*

2001-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-srp-00.txt: added srp draft

2001-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_anon.c, lib/gnutls_anon.h,
	lib/gnutls_auth.h, lib/gnutls_dhe_dss.c, lib/gnutls_dhe_dss.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c: Key
	exchange (authentication) algorithms were reorganized, and now are
	more modular. Most changes however are not much tested and only
	anonymous authentication is currently used.

2001-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_der.c: updated some functionality - no longer uses
	stdin

2001-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* THANKS: added Tarun

2001-02-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: corrected bug with dmalloc mode

2001-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: [no log message]

2001-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-tls-kerb-00.txt: added kerberos
	ciphersuites

2001-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_plaintext.c: 
	TLS version handling is now more simple (no structures)

2001-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c: corrected
	rijndael256

2001-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c,
	lib/gnutls_db.c, lib/gnutls_int.h: added rijndael-256 as described
	in draft-ietf-tls-ciphersuite-03

2001-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_cipher.c: comments are now more clear

2001-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_cipher.c: gnutls_send_int() no longer
	sends the packets with 2 Write() calls.  One Write() call is enough
	for everybody!

2001-02-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/protocol/draft-ietf-pkix-ac509prof-05.txt, doc/{ =>
	protocol}/draft-ietf-tls-camellia-00.txt,
	doc/{draft-ietf-tls-ciphersuite-02.txt =>
	protocol/draft-ietf-tls-ciphersuite-03.txt}, doc/{ =>
	protocol}/draft-ietf-tls-https-04.txt, doc/{ =>
	protocol}/draft-ietf-tls-misty1-00.txt, doc/{ =>
	protocol}/draft-ietf-tls-openpgp-00.txt, doc/{ =>
	protocol}/draft-ietf-tls-seedhas-00.txt, doc/{ =>
	protocol}/draft-ietf-tls-wireless-00.txt, doc/{ =>
	protocol}/draft-ietf-tn3270e-telnet-tls-05.txt, doc/{ =>
	protocol}/rfc1422.txt, doc/{ => protocol}/rfc1423.txt, doc/{ =>
	protocol}/rfc2246.txt, doc/protocol/rfc2279.txt, doc/{ =>
	protocol}/rfc2459.txt, doc/{ => protocol}/rfc2818.txt, doc/{ =>
	protocol}/ssl-draft302.txt: drafts and rfcs were moved to protocol/
	directory

2001-01-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated

2001-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.h, lib/defines.h, lib/gnutls_algorithms.h,
	lib/gnutls_buffers.h, lib/gnutls_cipher.h, lib/gnutls_cipher_int.h,
	lib/gnutls_compress.h, lib/gnutls_compress_int.h, lib/gnutls_db.h,
	lib/gnutls_dh.h, lib/gnutls_errors.h, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.h,
	lib/gnutls_num.h, lib/gnutls_plaintext.h, lib/gnutls_priority.h,
	lib/gnutls_session.h: added copyright notice

2001-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h: removed
	large buffer

2001-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, README, configure.in, src/cli.c, src/port.h: [no log
	message]

2001-01-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/cert_der.asn1, lib/gnutls_cert.lex: removed
	unneeded files

2001-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: corrected wrong buffer size

2001-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am: [no log message]

2001-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_cipher.h: changes in
	gnutls_encrypt()

2001-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_int.h: tls packets are now send using one
	write(that way ssldump understands us)

2001-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated todo list

2001-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_b64.c: corrected license

2001-01-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_der.asn1: added asn1 rules for snacc (DER extended)
	compiler

2001-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/draft-ietf-tls-wireless-00.txt: added draft-ietf-tls-wireless

2001-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: updated authors - tarun left

2001-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated todo list

2001-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: removed time_t declarations. We need
	exactly 32 bits.

2001-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_der.h: corrected typo

2001-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/cert_b64.c: added some support for pem encoded x509
	certificates

2001-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: session gets deleted from the db if it is not
	resumable

2001-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.c, lib/gnutls_db.h: added db files

2001-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: more fixes

2001-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, src/cli.c: fixes for release

2001-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acinclude.m4: added hooks for new libgcrypt

2001-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/API, lib/Makefile.am, lib/gnutls.c,
	lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_session.c,
	src/Makefile.am, src/cli.c, src/port.h, src/serv.c: added server
	side session resuming (using gdbm)

2001-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* acconfig.h, configure.in, lib/gnutls_dh.c, lib/gnutls_int.h,
	src/Makefile.am: added hooks for dmalloc

2001-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli.c, src/serv.c: corrected client/server

2001-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls.c, lib/gnutls.h,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h: corrected buffer overruns

2001-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/rfc1423.txt: [no log message]

2001-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/rfc1422.txt: added PEM rfc

2001-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: corrected return value

2001-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: added a check in read return value

2000-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress_int.c: more checks for zlib

2000-12-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API: [no log message]

2000-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, lib/gnutls.c, lib/gnutls.h, lib/gnutls_int.h: added a
	function to control the lowat size (the RCVLOWAT in socket)

2000-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: removed file

2000-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.in, doc/API, doc/TODO, lib/gnutls.c,
	lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
	lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, src/cli.c, src/port.h, src/serv.c: added some
	support for non blocking IO and socket flags. Some function names
	have been changed.

2000-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: qsort seems to work now

2000-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress_int.c: added check for zlib.h

2000-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c: updated sorting algorithm - it was a mess
	- it is more than a mess now

2000-12-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/API, doc/TODO, lib/gnutls.c, lib/gnutls.h,
	lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_compress_int.c,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, src/cli.c, src/port.h,
	src/serv.c: some minor updates

2000-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: added a better(?) - not sure - xor function.

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.h: added missing file

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: added option for profiling

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_handshake.c, lib/gnutls_kx.c: improved some things found
	from gcov

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_int.h: improved peek data handling - now
	keeps only 1 byte in kernel buffer

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/.cvsignore, lib/gnutls.c: more changes

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: removed debug definitions

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, lib/Makefile.am, lib/debug.h, lib/gnutls.c,
	lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_errors.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	src/cli.c, src/serv.c: cleanups for gcc -Wall

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/HACKING: removed file. replaced by API

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, lib/gnutls.c, lib/gnutls.h, lib/gnutls_buffers.c,
	lib/gnutls_int.h, lib/gnutls_session.c, src/cli.c: added some new
	functions in the API. documentation updated.

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, doc/TODO: updated documentation

2000-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: corrected peek data handling

2000-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/TODO, lib/defines.h, lib/gnutls.c,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
	src/cli.c: used MSG_PEEK flag in recv in order to used gnutls_recv()
	with select(). This change will order select to treat the socket as
	read even if we have read and localy buffered all data - but the
	user hasn't call gnutls_recv() to get that data.

2000-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: [no log message]

2000-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/serv.c: updated client

2000-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls.c, lib/gnutls_buffers.c,
	lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_int.h: 
	changes in close notify- alert handling

2000-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress_int.c: changes in compression handling

2000-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: [no log message]

2000-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : moved to r2

2000-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_session.c, lib/gnutls_session.h: added support for
	session resuming

2000-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls.c, lib/gnutls.h, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h: 
	added some support for session resuming (in client) It does not seem
	to work yet

2000-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls.h, lib/gnutls_cipher.c, lib/gnutls_int.h: 
	removed all things about exportable algorithms

2000-12-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: gnutls_handshake was broken to
	gnutls_handshake_begin and gnutls_handshake_finish. This will help
	the use of certificate API to check received certificates

2000-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: added a warning if zlib was not found

2000-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: Added default algorithm priorities so it can work
	even if the user hasn't specified any

2000-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_compress_int.c, lib/gnutls_compress_int.h: added
	compression (ZLIB)

2000-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsignore, configure.in, lib/Makefile.am, lib/gnutls.c,
	lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cipher.c, lib/gnutls_compress.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_priority.c, src/cli.c, src/port.h, src/serv.c: Added
	compression support (ZLIB)

2000-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, src/cli.c, src/port.h: SSL3 support was added

2000-12-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h: major cleanups

2000-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
	lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
	lib/gnutls_hash_int.h, lib/gnutls_int.h: more ssl3 fixes

2000-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
	lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
	lib/gnutls_cipher_int.c, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_kx.c: A lot of fixes for SSL3

2000-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: added API

2000-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/API, doc/TODO: documentation update

2000-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_priority.c, src/cli.c, src/serv.c: 
	Bugfixes mainly for the priority (which was moved to the state)

2000-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_kx.c, lib/gnutls_priority.c: Priorities were moved to the
	state (were global)

2000-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h: 
	added ssl3 key generation function - more fixes in ssl3 mac

2000-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: more bugfixes

2000-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c: corrected nasty bugs

2000-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: added support for
	the MAC used in SSLv3

2000-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: updated readme

2000-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: removed unneeded check

2000-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/ssl3-vs-tls: cleanups

2000-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated todo

2000-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.c: added ARCFOUR support when using gcrypt

2000-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/draft-ietf-tls-ciphersuite-01.txt: removed old draft

2000-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/draft-ietf-tls-ciphersuite-02.txt, lib/gnutls_algorithms.c: 
	added the new tls-ciphersuite draft, and the ciphersuite
	TLS_DH_anon_RIJNDAEL_CBC_SHA

2000-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/gnutls.c, lib/gnutls.h,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
	lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h: several cleanups in order to support ssl3

2000-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* : Moving to release 2

2000-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/ssl3-vs-tls: added

2000-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: updated for mhash

2000-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated todo

2000-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/debug.h, lib/gnutls.c, lib/gnutls.h,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cipher.c, lib/gnutls_dh.c, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
	lib/gnutls_kx.c: added some support for ssl3 (with mhash only)

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/rfc2818.txt, doc/ssl-draft302.txt: more drafs added

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/draft-ietf-tls-camellia-00.txt,
	doc/draft-ietf-tls-https-04.txt, doc/draft-ietf-tls-misty1-00.txt,
	doc/draft-ietf-tls-seedhas-00.txt,
	doc/draft-ietf-tn3270e-telnet-tls-05.txt: added more draft's

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_der.c: removed main()

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: updated todo list

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c,
	lib/gnutls_int.h: added preliminary support for AES (rijndael)

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/draft-ietf-tls-openpgp-00.txt: added
	draft-ietf-tls-openpgp-00.txt

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/draft-ietf-tls-ciphersuite-01.txt: added
	draft-ietf-tls-ciphersuite-01.txt

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.c: fix for DES in mcrypt

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_cipher.c: fixes for the server... and
	change_cipher_spec type packet.

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
	lib/gnutls_cipher.c, lib/gnutls_int.h: Changes in the client in
	order to interoperate with an openssl server.

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, acconfig.h, configure.in, lib/gnutls_algorithms.c,
	lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
	lib/gnutls_cipher_int.h, lib/gnutls_hash_int.c, lib/gnutls_int.h: 
	added hooks for both mhash and mcrypt

2000-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h: 
	clean-ups

2000-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_int.h: 
	corrected bugs in hmac and more.

2000-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: corrected problem in our PRF function

2000-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: removed mhash definitions

2000-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
	lib/gnutls_kx.c: more fixes

2000-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls.c, lib/gnutls_cipher.c,
	lib/gnutls_hash_int.c, lib/gnutls_kx.c: minor fixes and cleanups

2000-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_cipher.c: more fixes...

2000-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO, lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c: more fixes and bugs introduced

2000-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_kx.c: cvs should stop messing with MY files

2000-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_kx.c: [no log message]

2000-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_algorithms.c, lib/gnutls_dh.c,
	lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_handshake.c,
	lib/gnutls_kx.c, lib/gnutls_kx.h, src/cli.c, src/port.h: Some more
	fixes and additions in order to interoperate with openssl

2000-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/TODO: added a small todo list

2000-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: memory leaks and overruns eliminated

2000-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_handshake.c: corrected bug which made us to send the
	double bytes of ciphersuites we had.

2000-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/defines.h, lib/gnutls.c, lib/gnutls_algorithms.c,
	lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c: added some preliminary support for DHE_DSS and
	DHE_RSA algorithms... of course not certificates are used

2000-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: some need gcry_ functions added. (for malloc etc)

2000-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/HACKING, lib/defines.h, lib/gnutls.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, src/port.h, src/serv.c: 
	added assert() and some bug fixes

2000-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/HACKING: some kind of updates

2000-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_algorithms.h, lib/gnutls_handshake.c,
	lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c: added
	ability to receive certificates...

2000-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, doc/HACKING: [no log message]

2000-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/README.der: added Tarun's README.der

2000-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: added missing
	files. They are to handle foreign encryption functions

2000-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls_der.c, lib/gnutls_der.h: Added Tarun's
	files

2000-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, configure.in, lib/gnutls_cert.lex, src/Makefile.am,
	src/cli.c: added a DER parser from Tarun and updated authors

2000-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am: changed in order for rfc's to be included in the
	distribution

2000-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, acinclude.m4, configure.in: added checks for gcrypt

2000-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/rfc2246.txt, doc/rfc2459.txt: Added rfc's which refer to what
	we are implementing

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c: corrected bug which made gnutls to wait for a second
	closure alert after having received the first.

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/serv.c: [no log message]

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/.cvsignore, lib/Makefile.am, lib/gnutls.c,
	lib/gnutls_cipher.c, lib/gnutls_dh.c, lib/gnutls_handshake.c,
	lib/gnutls_hash.c, lib/gnutls_hash.h, lib/gnutls_int.h,
	lib/gnutls_kx.c: The encryption api was fixed and gnutls_cipher.c
	was cleaned up a bit.

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: there files were
	renamed

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/.cvsignore, src/.cvsignore: corrected cvsignore files

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/.cvsignore: [no log message]

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, configure.in, src/Makefile.am: removed mhash support and
	some changes in the docs

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_hash.c: bugfixes in gcrypt md functions handling

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls.c, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/gnutls_hash.c, lib/gnutls_hash.h,
	lib/gnutls_int.h: Added support for the gcrypt hash and hmac
	functions. Mhash support is almost removed.

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_kx.c: corrected the
	problem with the double underscore

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .cvsignore, doc/.cvsignore, lib/.cvsignore, src/.cvsignore: added
	.cvsignore files

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: updated version number

2000-10-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dh.c, lib/gnutls_kx.c: removed double underscores

2000-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: added some needed stuff

2000-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/HACKING: outdated

2000-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_priority.c: the file that handles some of the priority
	stuff (most of the API things)

2000-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/defines.h, lib/gnutls.h,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, src/cli.c, src/port.h, src/serv.c: Added support
	for priorities. Some function names were renamed to be more
	rational.

2000-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_algorithms.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_kx.c: some fixes in the comments, and
	replaced KX_* with GNUTLS_KX_*

2000-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_kx.c: more inline documentation

2000-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS: added my name

2000-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cipher.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
	lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
	lib/gnutls_kx.c: Added some kind of priorities for algorithms. Still
	experimental.

2000-05-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h, src/cli.c, src/port.h, src/serv.c: Improved
	client/server examples.

2000-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: removed an unneeded variable.

2000-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
	lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
	lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_handshake.c,
	lib/gnutls_kx.c, lib/gnutls_num.c, lib/gnutls_plaintext.c,
	src/cli.c, src/serv.c: Added copyright notices.

2000-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/defines.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
	src/Makefile.am, src/port.h: [no log message]

2000-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/defines.h, lib/gnutls.c, lib/gnutls_algorithms.c,
	lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, src/Makefile.am: Better
	mac algorithms handling.

2000-04-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/HACKING, lib/defines.h, lib/gnutls.c,
	lib/gnutls_algorithms.h, lib/gnutls_buffers.c,
	lib/gnutls_buffers.h, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
	src/Makefile.am, src/port.h: Changes in handshake messages handling.

2000-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_int.h: [no log message]

2000-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c: [no log message]

2000-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_dh.c,
	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
	lib/gnutls_plaintext.c, lib/gnutls_plaintext.h, src/Makefile.am,
	src/port.h: Corrected bug in gnutls_cipher.c that caused the library
	to fail in certain (random) situations.

2000-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_kx.c, src/serv.c: Better memory allocation in key
	exchange.

2000-04-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
	lib/gnutls_kx.c, src/cli.c, src/port.h: Some changes in peer's
	version checks.

2000-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
	lib/gnutls_int.h, src/port.h: Corrected bugs in MAC calculation.

2000-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cipher.c, lib/gnutls_errors.h, lib/gnutls_handshake.c: 
	Corrected bugs when setting cipher and mac.

2000-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/Makefile.am, lib/gnutls.c, lib/gnutls.h, lib/gnutls_errors.c,
	lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_kx.c,
	lib/gnutls_kx.h, src/serv.c: Better error control. Moved key
	exchange functions to gnutls_kx.c/h

2000-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README: [no log message]

2000-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_handshake.c, src/port.h: [no log message]

2000-04-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls.c, lib/gnutls_handshake.c, src/port.h: [no log message]

2000-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/debug.h, lib/gnutls_dh.c,
	lib/gnutls_handshake.c, src/port.h: Bugfixes in the diffie hellman.

2000-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/debug.c, lib/defines.h, lib/gnutls.c,
	lib/gnutls_algorithms.c, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
	lib/gnutls_compress.c, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_handshake.c,
	lib/gnutls_int.h, lib/gnutls_num.c, lib/gnutls_plaintext.c,
	src/port.h: Added anonymous diffie-hellman key exchange. It does not
	work yet, and the whole code is mess.

2000-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, lib/Makefile.am, lib/gnutls.c,
	lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
	lib/gnutls_cipher.c, lib/gnutls_dh.c, lib/gnutls_dh.h,
	lib/gnutls_handshake.c, lib/gnutls_int.h: Added the basics for key
	exchange.

2000-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* COPYING: Added ChangeLog and COPYING.

2000-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, src/cli.c, src/serv.c: [no log message]

2000-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, doc/Makefile.am, lib/Makefile.am, {src =>
	lib}/debug.c, {src => lib}/debug.h, {src => lib}/defines.h, {src =>
	lib}/gnutls.c, {src => lib}/gnutls.h, {src =>
	lib}/gnutls_algorithms.c, {src => lib}/gnutls_algorithms.h, {src =>
	lib}/gnutls_buffers.c, {src => lib}/gnutls_buffers.h, {src =>
	lib}/gnutls_cipher.c, {src => lib}/gnutls_cipher.h, {src =>
	lib}/gnutls_compress.c, {src => lib}/gnutls_compress.h, {src =>
	lib}/gnutls_dh.c, {src => lib}/gnutls_errors.c, {src =>
	lib}/gnutls_errors.h, {src => lib}/gnutls_handshake.c, {src =>
	lib}/gnutls_handshake.h, {src => lib}/gnutls_int.h, {src =>
	lib}/gnutls_num.c, {src => lib}/gnutls_num.h, {src =>
	lib}/gnutls_plaintext.c, {src => lib}/gnutls_plaintext.h,
	src/Makefile.am: Changed directory structure.

2000-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: corrected configure script

2000-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in: [no log message]

2000-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls.c, src/gnutls_handshake.c, src/gnutls_handshake.h,
	src/gnutls_int.h, src/port.h: corrected bugs in handshake.

2000-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls.c, src/gnutls_algorithms.c, src/gnutls_algorithms.h,
	src/gnutls_cipher.c, src/gnutls_handshake.c,
	src/gnutls_handshake.h, src/gnutls_int.h: Added some basics for key
	exchange.

2000-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls_dh.c: I've add gnutls_dh.c but is not ready yet, I have
	to eat something first:) It is taken from gsti.

2000-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/debug.c, src/gnutls.c, src/gnutls_algorithms.c,
	src/gnutls_buffers.c, src/gnutls_cipher.c, src/gnutls_compress.c,
	src/gnutls_errors.c, src/gnutls_errors.h, src/gnutls_handshake.c,
	src/gnutls_handshake.h, src/gnutls_int.h, src/gnutls_num.c,
	src/gnutls_plaintext.c, src/port.h, src/serv.c: Handshake
	implementation was improved. Still no key exchange algorithm.

2000-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls.c, src/gnutls_algorithms.c, src/gnutls_algorithms.h,
	src/gnutls_cipher.c: Corrected bugs in gnutls_algorithms and added
	_gnutls_get_iv_size().

2000-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/gnutls_algorithms.c,
	src/gnutls_algorithms.h, src/gnutls_cipher.c: Algorithms/Ciphers
	interface has changes.

2000-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c, src/gnutls.c, src/gnutls_buffers.c,
	src/gnutls_errors.c, src/serv.c: The gnutls_recv() semantics were
	changed. It may return less data than the specified. It operates
	similar to read().

2000-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls.c, src/gnutls_handshake.c, src/gnutls_handshake.h,
	src/port.h: Server now generates a session_id.

2000-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli.c, src/gnutls.c, src/gnutls.h,
	src/gnutls_errors.c, src/gnutls_errors.h, src/gnutls_num.c,
	src/gnutls_num.h, src/port.h, src/serv.c: [no log message]

2000-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli.c, src/gnutls.c, src/gnutls.h,
	src/gnutls_buffers.c, src/gnutls_errors.h, src/gnutls_handshake.c,
	src/gnutls_handshake.h, src/gnutls_int.h, src/serv.c: Corrected a
	lot of bugs. Handshake protocol is ready to be coded.

2000-03-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls.c, src/gnutls.h, src/gnutls_buffers.c,
	src/gnutls_buffers.h: Included a reliable version of read/write
	(that read/write will return exactly the bytes specified).

2000-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/cli.c, src/gnutls.c, src/gnutls.h,
	src/gnutls_handshake.c, src/gnutls_handshake.h, src/serv.c,
	src/test.c: [no log message]

2000-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls.c, src/gnutls_buffers.c, src/gnutls_buffers.h,
	src/gnutls_handshake.c: [no log message]

2000-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls.c, src/gnutls_cipher.c, src/gnutls_handshake.c,
	src/gnutls_int.h: Changes in the handshake.

2000-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls.c: Some memory leaks were fixed.

2000-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls.c, src/gnutls_cipher.c, src/gnutls_handshake.c,
	src/gnutls_int.h: Corrected bug in the record protocol. Now it holds
	2 states, 1 for encryption and 1 for decryption
	(mac/cipher/iv/compression).

2000-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/defines.h, src/gnutls.c,
	src/gnutls_handshake.c, src/gnutls_handshake.h, src/gnutls_int.h: 
	Added the client hello handshake message.

2000-03-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/HACKING: documentation.

2000-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/gnutls_handshake.h, src/gnutls_record.h: Incorporated in
	gnutls_int.h

2000-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/Makefile.am, src/debug.c, src/gnutls.c, src/gnutls_buffers.c,
	src/gnutls_buffers.h, src/gnutls_cipher.c, src/gnutls_compress.c,
	src/gnutls_errors.h, src/gnutls_int.h, src/gnutls_plaintext.c: 
	gnutls_recv() can now receive fatal alerts and closure alerts.

2000-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* README, src/Makefile.am, src/debug.c, src/gnutls.c, src/gnutls.h,
	src/gnutls_buffers.c, src/gnutls_buffers.h, src/gnutls_cipher.c,
	src/gnutls_compress.c, src/gnutls_errors.h, src/gnutls_handshake.h,
	src/gnutls_int.h, src/gnutls_plaintext.c, src/gnutls_record.h,
	src/test.c: In case of failure gnutls_recv, sends an alert message.
	but, it still cannot receive any.

2000-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.in, src/Makefile.am, src/gnutls.c, src/gnutls.h,
	src/gnutls_cipher.c, src/test.c: Added gnutls_recv... Works only for
	application data, and it is not tested.

2000-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* AUTHORS, Makefile.am, acconfig.h, buildconf, configure.in,
	src/Makefile.am, src/debug.c, src/debug.h, src/defines.h,
	src/gnutls.c, src/gnutls.h, src/gnutls_cipher.c,
	src/gnutls_cipher.h, src/gnutls_compress.c, src/gnutls_compress.h,
	src/gnutls_plaintext.c, src/gnutls_plaintext.h, src/test.c: [no log
	message]

2000-03-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* buildconf: [no log message]

2000-03-07  Werner Koch <wk@gnupg.org>

	* Initialized repository for GNU TLS

	-----

	Copyright (C) 2005-2012 Free Software Foundation, Inc.

	Copying and distribution of this file, with or without
	modification, are permitted provided the copyright notice
	and this notice are preserved.
