2015-08-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: before dist ensure that included libopts matches
	autogen

2015-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/mini-eagain2.c: tests: backported fix in mini-eagain2

2015-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: pkcs11: increase attributes size in
	gnutls_pkcs11_copy_x509_privkey

2015-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2015-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-08-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-08-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: set
	the CKA_TOKEN attribute on generated public keys That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY
	flag, to simulate the previous behavior.

2015-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/safe_renegotiation.c: safe renegotiation: simulate
	receiving the extension on receival of SCSV

2015-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/safe_renegotiation.c: safe renegotiation: handle case
	where client didn't send any extension That was affected by the "don't try to send extensions we didn't
	receive".

2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h: 
	As server don't try to send extensions we didn't receive.

2015-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/common.c: Reset the output value on error in
	_gnutls_x509_dn_to_string() Reported by Kurt Roeckx.

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: gnutls_prf: document that this is not
	identical to RFC5705

2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/p11tool-args.def: p11tool: fix documentation for
	--generate-ecc and generate-dsa

2015-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2015-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/dumbfw.c: corrected function name

2015-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/dhe_psk.c: PSK: set the hint in DHE-PSK and ECDHE-PSK
	ciphersuites

2015-07-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/dumbfw.c: dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert.

2015-07-02  Daniel Kahn Gillmor <dkg@fifthhorseman.net>

	* src/certtool.c: certtool --outder should not emit signature
	verification status When emitting binary-formatted output, send signature verification
	status to stderr, since it is not binary-formatted output.  A simpler version of this patch would be to always send signature
	verification to stderr, but that would change the text-formatted
	output.

2015-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: DSA: the numeric number of bits returned from
	public key should depend on P not Y That allows to do the proper evaluation to check certificate
	strength.  Reported by Hubert Kario.

2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: don't reject
	certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS
	constraints, and the end certificate doesn't have an IPaddress name
	or a URI set.

2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: enhanced header matching code for private keys
	to skip unrelated data

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/ciphersuite/scan-gnutls.sh,
	tests/suite/ciphersuite/test-ciphers.js,
	tests/suite/ciphersuite/test-ciphersuites.sh,
	tests/suite/test-ciphersuite-names: tests: backported
	test-ciphersuite-names from master

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/privkey.c: gnutls_x509_privkey_import2: better behavior
	when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to
	trying all encrypted options.

2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/key_decode.c, lib/x509/mpi.c: _gnutls_get_asn_mpis() will
	release any data on failure Resolves #15

2015-06-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testcompat-main: tests: backported test-compat-main
	from master

2015-06-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: Corrected camellia256 set key in nettle3
	compat mode

2015-06-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c: drbg-aes: include gnutls_errors.h

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c: fips140: added check for
	reseed detection

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/rng-fork.c: tests: check random generator for long outputs
	as well

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only
	on reseed

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on
	the reseed and generate function

2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140:
	enforce the max_number_of_bits_per_request

2015-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp_output.c: Check the OID size for match when
	comparing for the OCSP nonce extension Reported by Hanno Böck.

2015-05-23  Armin Burgmeier <armin@arbur.net>

	* lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not
	used Before, the number of bits of a zero-length number was attempted to
	be extracted, resulting in an error. The changed behaviour is
	consistent with the documentation which explicitly states that 0
	should be returned if no DH key exchange was performed.

2015-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may
	include a leading zero

2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding
	the DH max prime size with 1007 bits or less

2015-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-05-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac, lib/accelerated/x86/aes-gcm-padlock.c,
	lib/accelerated/x86/aes-gcm-x86-aesni.c,
	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
	lib/accelerated/x86/aes-padlock.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am,
	lib/nettle/cipher.c, lib/nettle/int/dsa-fips.h,
	lib/nettle/int/dsa-keygen-fips186.c, lib/nettle/int/dsa-validate.c,
	lib/nettle/pk.c, m4/hooks.m4, tests/dsa/testdsa: Allow using nettle3
	with gnutls3.3

2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false
	failures

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: eliminate mem leaks in
	mini-loss-time

2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: backported mini-loss-time from
	master

2015-04-28  Jan Vcelak <jan.vcelak@nic.cz>

	* lib/nettle/pk.c: fix memory leak in ECDSA key parameters
	verification Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: updated NEWS

2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: released 3.3.15

2015-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly
	work with DTLS

2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/examples/ex-client-dtls.c: doc: fixed example with DTLS
	timeouts

2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
	minitasn1

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer
	for the MD5 acceptance issue Reported by Karthikeyan Bhargavan.

	http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.htmlConflicts: 	tests/Makefile.am

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c: before falling back to SHA1 as signature
	algorithm in TLS 1.2 check if it is enabled

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not
	consider any values from the extension data to decide acceptable
	algorithms

2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.c: set the value used by
	gnutls_certificate_client_get_request_status prior to selecting
	certificate That allows gnutls_certificate_client_get_request_status() to be
	properly operating from the callback. Reported by Anton Lavrentiev.

2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev

2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the
	certificate even if a callback was used This corrects a bug where this function would not work, when
	gnutls_certificate_set_retrieve_function2() was used.

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: ensure that the X.509 version number is one byte
	only

2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: Check for invalid length in the X.509 version
	field If such an invalid length is detected, reject the certificate.
	Reported by Hanno Böck.

2015-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/mini-loss-time.c: tests: mini-loss-time: ignore sigpipe

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.3.14

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: tests: change the default port in
	testcompat to avoid clash with testsrn

2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/texinfo.css: doc: increase border spacing in HTML tables

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_int.h: do not penalize CBC ciphers with the maximum
	send data size That reduced the maximum send size for CBC ciphers from 16384 to
	16384-(block size), which was unnecessary and was causing issues:
	https://bugs.winehq.org/show_bug.cgi?id=37500

2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c,
	tests/suite/ciphersuite/scan-gnutls.sh: made ciphersuites.c more
	self-contained to be handled by test-ciphersuites.sh

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: Better fix for the double free in dist point
	parsing

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated
	libtasn1

2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c,
	lib/x509/x509_ext.c: gnutls_subject_alt_names_set and
	gnutls_x509_aki_set_cert_issuer will set null-terminated strings

2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/x509_ext.c: eliminated double-free in the parsing of dist
	points Reported by Robert Święcki.

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased
	the size of ck_attributes

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error
	condition

2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a
	CKA_ID on key generation

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags
	when writing a private key

2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/server_name.c: When an application calls
	gnutls_server_name_set() with a name of zero size disable the
	extension Resolves #2

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/name_constraints.c: name constraints: when no name of the
	type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos.

2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_supplemental.c: Fixed handling of supplemental data
	with types > 255.  Patch by Thierry Quemerais.

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: doc update

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_priority.c: gnutls_priority_init: document that
	priorities can be NULL

2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: corrected self test for 3DES

2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: only set ID and label when both size and
	data are set

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac: configure: check for /usr/share/dns/root.key as well
	for dns root key

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* m4/hooks.m4: corrected macro which checks libtasn1 for
	asn1_decode_simple_ber

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h,
	lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3

2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-internals.texi: rearranged internal documentation

2015-03-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
	src/socket.c: tools: added ftp as a starttls protocol

2015-03-09  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-args.def: gnutls-cli: starttls and starttls-proto can't
	mix

2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: expand on SECURE256 being an alias to
	SECURE192

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: corrected check of certificate
	chain order

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/x509cert.c: tests: added small test to verify that
	GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable
	unsupported TLS protocols as soon

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: cli sockets: check for a digit prior using atoi

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: a cert list of size 1 is always
	sorted

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: gnutls-cli-debug: do not warn multiple times about
	unknown protocols

2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-support.texi: updated documentation on FIPS140-2

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-basic.pem,
	tests/cert-tests/template-basic.tmpl,
	tests/cert-tests/template-test: Revert "tests: template-test: added
	a baseline check to detect slow systems" This reverts commit 2ee2a78178a842c9b0ef2ca3e12909ca3bb9fe79.

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-test: tests: don't perform the overflow
	check in 32-bit systems

2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/template-date.pem,
	tests/cert-tests/template-date.tmpl: tests: date parsing test was
	modified to work in 32-bit systems

2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am,
	tests/cert-tests/template-basic.pem,
	tests/cert-tests/template-basic.tmpl,
	tests/cert-tests/template-test: tests: template-test: added a
	baseline check to detect slow systems

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: do not ignore the failure to
	write a trusted CA

2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testpkcs11: testpkcs11: detect softhsm2

2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c,
	lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c,
	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c,
	m4/hooks.m4: use asn1_decode_simple_ber if available

2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/abstract.h: list
	gnutls_pubkey_get_verify_algorithm as deprected

2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_handshake.c: corrected typo in gnutls_handshake(),
	spotted by Andris Mednis

2015-02-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: released 3.3.13

2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
	tests/cert-tests/invalid-sig2.pem,
	tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid
	X.509 certificate signatures

2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_session.c: doc update: document that session_get_data()
	must be used in non-resumed sessions

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testcompat-main: tests: testcompat: disable tests with
	NULL ciphersuites; debian doesn't support them

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-overhead.c, tests/mini-record.c: tests: require DTLS
	1.2 when using GCM

2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphersuites.c: corrected check which prevented
	client to sent an unacceptable for the version ciphersuite

2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_record.c: fixed sequence number copy

2015-02-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: when importing a certificate ensure that the
	signature parameters match

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in
	x86

2015-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli.c: handle differently OCSP responses that are revoked and
	of unknown status

2015-02-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/common.c: compilation fix with return on void function;
	reported by David Marx

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: doc update

2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: set the appropriate direction when
	_gnutls_io_write_flush() is called

2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: documented using a session with fork or
	multiple threads

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: print errno in a more uniform way

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: on certificate import check whether the two
	signature algorithms match

2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the
	total length

2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be
	so verbose about the OCSP nonce; it is universally unsupported

2015-01-17  Tim Ruehsen <tim.ruehsen@gmx.de>

	* src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2015-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.3.12

2015-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped versions

2015-01-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* libdane/errors.c: corrected typos Reported by Guido Kroon.

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of
	obsolete versions That prevents using these versions as record version numbers, unless
	they are the only protocol supported. This avoids the issues with
	servers that have banned SSL 3.0 record versions.

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool: follow the documented process for
	gnutls_x509_crt_get_authority_info_access

2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc
	update

2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/ocsptool-common.c: ocsptool-common: iterate through all AIA
	items prior to decidig the OCSP server

2015-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def: simplified text for inline-commands-prefix

2015-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update: added urls of savannah reports

2015-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added
	--starttls-proto option

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: cleanup the name of types Conflicts: 	lib/pkcs11.c

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c: pkcs11: when importing a public key, import it's
	data as well (version 2 fix)

2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify.c: doc update

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c: pkcs11: when importing a public key, import it's
	data as well

2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_cert.c: doc update

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP
	from a client, the server verifies if it supports the extension’s
	contents in _gnutls_session_cert_type_supported().  This function
	checks for cred->get_cert_callback but not cred->get_cert_callback2.
	As a result, servers setup for OpenPGP certificate credential
	callback with gnutls_certificate_set_retrieve_function2() are unable
	to use the OpenPGP certificate type.  The solution is to consider cred->get_cert_callback2 alongside
	cred->get_cert_callback in _gnutls_session_cert_type_supported().  Patch by Rick van Rein.

2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not
	release the cached value

2015-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS
	record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712

2015-01-08  Ludovic Courtès <ludo@gnu.org>

	* NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both
	during expansion and at run time.  Fixes <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>.  * guile/modules/gnutls.in: Wrap '%libdir' definition and   'load-extension' call in 'eval-when'.  * NEWS: Update.

2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: in DTLS don't combine multiple packets which
	exceed MTU Resolves: https://savannah.gnu.org/support/?108715

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_buffers.c: Added more precise check of push functions
	availability

2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/Makefile.am: danetool: only compile when dane is enabled

2014-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-backend.c: Allow a random generator with the same
	priority to re-register That corrects an issue where the library is deinitialized, and
	reinitialization wouldn't register the same rnd module.  Reported by
	Stanislav Zidek.

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: modified check for READ_NUMERIC

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: use 64-bit type for CRL serial
	number

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c: certtool: check for overflows when reading
	serial numbers

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as
	type for integers read

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/socket.c: gnutls-cli-debug: more precise handling of SMTP
	protocol Patch by Andreas Metzler.

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c,
	gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c,
	gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c,
	gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c,
	gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
	gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c,
	gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4,
	gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4,
	gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4,
	gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
	gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
	gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
	gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
	gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4,
	gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
	gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4,
	gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
	gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
	gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4,
	gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
	gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
	gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
	gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
	gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
	gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
	gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
	gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
	gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
	gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
	gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4,
	gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
	gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4,
	gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
	gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4,
	gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
	gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
	gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
	gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
	gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
	gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
	gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
	gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
	gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
	gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
	gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h,
	gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h,
	gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
	gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h,
	gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c,
	gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
	gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
	gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h,
	gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c,
	gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h,
	gl/tests/signature.h, gl/tests/test-alloca-opt.c,
	gl/tests/test-base64.c, gl/tests/test-binary-io.c,
	gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
	gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
	gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
	gl/tests/test-float.c, gl/tests/test-fputc.c,
	gl/tests/test-fread.c, gl/tests/test-fstat.c,
	gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
	gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
	gl/tests/test-ftello4.c, gl/tests/test-func.c,
	gl/tests/test-fwrite.c, gl/tests/test-getdelim.c,
	gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
	gl/tests/test-iconv.c, gl/tests/test-init.sh,
	gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
	gl/tests/test-memchr.c, gl/tests/test-netdb.c,
	gl/tests/test-netinet_in.c, gl/tests/test-read-file.c,
	gl/tests/test-snprintf.c, gl/tests/test-stdalign.c,
	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
	gl/tests/test-stdint.c, gl/tests/test-stdio.c,
	gl/tests/test-stdlib.c, gl/tests/test-string.c,
	gl/tests/test-strings.c, gl/tests/test-strnlen.c,
	gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c,
	gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
	gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
	gl/tests/test-sys_wait.h, gl/tests/test-time.c,
	gl/tests/test-u64.c, gl/tests/test-unistd.c,
	gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
	gl/tests/test-vc-list-files-cvs.sh,
	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
	gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
	gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h,
	gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
	gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h,
	src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
	src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c,
	src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
	src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
	src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
	src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
	src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c,
	src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
	src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
	src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
	src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c,
	src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c,
	src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c,
	src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4,
	src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
	src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
	src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
	src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
	src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
	src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4,
	src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4,
	src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4,
	src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4,
	src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
	src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
	src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
	src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
	src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
	src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
	src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
	src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4,
	src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4,
	src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
	src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4,
	src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4,
	src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4,
	src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4,
	src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4,
	src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4,
	src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4,
	src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4,
	src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4,
	src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4,
	src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4,
	src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4,
	src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4,
	src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4,
	src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
	src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
	src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
	src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
	src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
	src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c,
	src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
	src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h,
	src/gl/parse-datetime.y, src/gl/printf-args.c,
	src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
[--snip--]
