Imported Upstream version 3.4.11upstream/3.4.11submit/upstream/20160613.071414

Change-Id: I27697380abe4d8ad82d6b77153db65afd9dd3771
Signed-off-by: sangsu <sangsu.choi@samsung.com>

1 files changed, 10372 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 79e9127..14897e9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10363 @@
+2016-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: released 3.4.11
+
+2016-04-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: tests: do not enable valgrind in non-git builds
+
+2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/ocsp_output.c, lib/x509/output.c: x509 output: don't warn
+	about insecure algorithm when unknown
+
+2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/Makefile.am, tests/suite/testcompat-openssl.sh: tests:
+	disable unsupported curves from compatibility checks This allows running make check even when compiling with
+	disable-suiteb-curves.
+
+2016-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: dtls: added missing dtls.h to state.c
+
+2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, m4/hooks.m4: bumped version
+
+2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2016-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+	lib/minitasn1/element.c, lib/minitasn1/element.h,
+	lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
+	lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
+	lib/minitasn1/structure.c: minitasn1: updated to latest git version
+
+2016-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi: doc: Replace references to select with poll
+	and other fixes
+
+2016-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi: doc: replace inaccurate sentence with
+	reference to gnutls_record_discard_queued [ci skip]
+
+2016-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: gnutls_record_get_direction: doc update [ci
+	skip]
+
+2016-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/x509sign-verify2.c: tests: reduce the number of loops in
+	x509sign-verify2 This enables running the test in reasonable time under valgrind.
+
+2016-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkix.asn, lib/pkix_asn1_tab.c: pkix.asn: corrected byKey
+	definition OCSP is defined in an EXPLICIT tags module, and as such we must tag
+	explicitly all of its tags.
+
+2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c: name constraints: enforce the rules
+	for IP constraints when adding This will prevent gnutls from generating badly formed certificates.
+
+2016-04-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.c, lib/x509/common.h, lib/x509/x509.c: 
+	_gnutls_parse_general_name2: allow parsing empty names This allows parsing empty general names such as an empty DNSname
+	used in name constraints.
+
+2016-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2016-04-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/ocsptool-common.c: ocsptool: use HTTP/1.0 for requests This avoids issue with servers serving chunk encoding which ocsptool
+	doesn't support. Reported by Thomas Klute.
+
+2016-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/certtool-long-cn: tests: delete outfile in
+	certtool-long-cn
+
+2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/name-constraints,
+	tests/cert-tests/name-constraints-ip2.pem: tests: verify the output
+	of name constraints IP decoding
+
+2016-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/output.c: x509/output: simplified cidr_to_string()
+
+2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/output.c: x509/output: print RFC5280 CIDRs in name
+	constraints
+
+2016-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2016-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_state.c: dtls:
+	reset the record number sliding window on gnutls_record_set_state() This addresses issue where gnutls_record_set_state() was called with
+	a new state but the sliding window information was not updated, thus
+	blocking any incoming packets.  Resolves #82
+
+2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_record.c: DTLS: save last valid record sequence number This will allow to report a valid number to
+	gnutls_record_get_state() callers in case of DTLS. Reported by
+	Fridolin Pokorny.
+
+2016-03-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: gnutls_record_get_state: Allow for NULL
+	parameters
+
+2016-03-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/ocsptool.c: ocsptool: don't exit with error code on
+	verification failures when --ignore-errors is given
+
+2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/ocsptool.c: ocsptool: exit with error on verification failures
+
+2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/ocsp.c: ocsp: gnutls_ocsp_resp_verify_direct will skip
+	additional checks for certificates matching issuer That eliminates issue with ocsptool rejecting OCSP responses signed
+	by the same CA that signed the certificate. Reported by Thomas
+	Klute.
+
+2016-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/ocsptool-args.def, src/ocsptool.c: ocsptool: Allow saving
+	responses even if verification fails In addition do not enter a spurious newline to responses.
+
+2016-03-23  Maya Rashish <coypu@sdf.org>
+
+	* tests/dtls/dtls-stress.c: Avoid using strerror in dtls stress test Using it results in build failure on NetBSD: undefined reference to
+	`rpl_strerror'
+
+2016-03-23  Maya Rashish <coypu@sdf.org>
+
+	* tests/utils.h: Add missing header to testsuite This causes a problem for NetBSD+clang tests, because SIGTERM and
+	kill are undefined.  Resolves #80 Signed-off-by: Maya Rashish <coypu@sdf.org>
+
+2016-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update [ci skip]
+
+2016-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-x509-callbacks.c: tests: verify that the
+	post-client-hello callback has access to ALPN data
+
+2016-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c: handshake: parse the mandatory to parse
+	extension prior to any callback call This relates to the change of ALPN extension to mandatory to parse,
+	and allows applications to get ALPN data prior to handshake
+	completion.
+
+2016-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/resume.c: tests: added checks for session resumption and
+	ALPN This checks whether the ALPN extension is re-read on resumption and
+	is negotiated.
+
+2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/resume.c: tests: resume: simplified structure assignment
+	using C99 syntax
+
+2016-03-15  Yuriy M. Kaminskiy <yumkam@gmail.com>
+
+	* lib/ext/alpn.c: alpn: ALPN state is per-connection, it should not
+	be saved with session data In addition the extension was moved to the mandatory to parse to
+	ensure it is always parsed when sessions are resumed.  rfc7301:     Unlike many other TLS extensions, this extension does not
+	    establish properties of the session, only of the connection.
+	    When session resumption or session tickets [RFC5077] are used, the
+	    previous contents of this extension are irrelevant, and only the
+	    values in the new handshake messages are considered.  Signed-off-by: Yuriy M. Kaminskiy <yumkam@gmail.com> Signed-off-by:
+	Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2016-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/x86-common.c: x86-common: CPUID override will
+	only work if CPU has already the capability present This resolves test suite failure on CPUs with limited capabilities.
+	Reported by Andreas Metzler.
+
+2016-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2016-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/server_name.c: gnutls_server_name_set: accept non-null
+	terminated hostnames The introduction of IDNA support introduced a regression and this
+	function does not operate correctly when given non-null terminated
+	strings. Reported by Tim Ruehsen.  Relates #78
+
+2016-03-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-server-name.c: tests: added check for non-null
+	terminated server name This checks whether a non-null terminated server name, but with
+	correct length is correctly accepted by gnutls_server_name_set().  Relates #78
+
+2016-03-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/template-nc.pem: tests: template-test was updated
+	for OCSP key purpose reordering
+
+2016-03-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2016-03-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: do not require a CA for OCSP signing This follows the recommendations in RFC6960 in 4.2.2.2 which allow a
+	CA to delegate OCSP signing to another certificate without requiring
+	it to be a CA.  Reported by Thomas Klute.
+
+2016-03-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* devel/ABI-x86_64.dump, devel/abi-unchecked-symbols,
+	devel/abi-unchecked-symbols.txt: abi-check: corrected type of
+	gnutls_x509_crl_get_issuer_dn That will avoid any accidental ABI breakage on that symbol.
+
+2016-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: added abi-checker rule This allows to test ABI incompatibilities as soon as possible.
+
+2016-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* Makefile.am, devel/ABI-dane-x86_64.dump, devel/ABI-x86_64.dump,
+	devel/abi-unchecked-symbols, devel/abi-unchecked-symbols.txt,
+	devel/abi.xml, devel/abi3.2.xml, devel/abi3.4.xml: Makefile: made
+	abi-checks self-contained That is, they no longer assume a given directory structure to exist
+	outside git. It now includes a static dump of the symbols in 3.4.0
+	for x86_64 and we compare with it.
+
+2016-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli.c: gnutls-cli: fix invalid initialization in
+	cert_verify_ocsp()
+
+2016-03-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2016-03-08  Jan Vcelak <jan.vcelak@nic.cz>
+
+	* lib/pkcs11_privkey.c: pkcs11: implement correct DSA key pair
+	generating Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
+
+2016-02-25  Jan Vcelak <jan.vcelak@nic.cz>
+
+	* lib/pkcs11_int.c, lib/pkcs11_int.h: pkcs11: add interface for
+	C_GenerateKey Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
+
+2016-03-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11.sh: tests: testpkcs11: the test will always
+	fail in code path failures
+
+2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-loss-time.c: tests: mini-loss-time: improved timeout
+	detection
+
+2016-02-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-loss-time.c: tests: mini-loss-time: ensure client
+	timeouts after the server is This addresses issue with the server detecting the client
+	disconnection prior to its timeout. Reported by Steven Chamberlain,
+	Andreas Metzler.
+
+2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_ui.c: gnutls_ocsp_status_request_is_checked: document
+	the version the flag was introduced at
+
+2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/doc.mk: doc: generate manpages for all functions That addresses issue where certain manpages were created empty.  See
+	https://bugzilla.redhat.com/show_bug.cgi?id=1306800
+
+2016-03-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: doc: mention
+	gnutls_certificate_set_x509_trust_dir() It was not mentioned in the "Client or server certificate
+	verification" section.  Resolves #76
+
+2016-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/slow/Makefile.am: tests: include test-hash-large into dist
+
+2016-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2016-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* po/zh_CN.po.in: Sync with TP [ci skip]
+
+2016-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_global.c: Disable weak symbols for
+	_gnutls_global_init_skip() under windows That is to avoid an issue with running gnutls under windows; that
+	renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows.  Relates #74
+
+2016-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, m4/hooks.m4: bumped version [ci skip]
+
+2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/ecc.c: ecc: optimized extension parsing
+
+2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update [ci skip]
+
+2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: timespec_sub_ms: fixed operation in 32-bit
+	systems
+
+2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: Fixes to prevent undefined
+	behavior (found with libubsan)
+
+2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/cipher.c: cipher.c: Fixes to prevent undefined behavior
+	(found with libubsan)
+
+2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/opencdk/misc.c: opencdk: Fixes to prevent undefined behavior
+	(found with libubsan)
+
+2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/gnutls.h.in: gnutls.h: Fixes to prevent
+	undefined behavior (found with libubsan)
+
+2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_mem.h, lib/x509/x509.c: x509: Fixes to prevent
+	undefined behavior (found with libubsan)
+
+2016-02-28  Andreas Metzler <ametzler@bebt.de>
+
+	* src/p11tool-args.def: Let p11tool --provider option accept
+	filenames.  Drop 'file-exists = yes;' to allow specifying either an absolute
+	pathname or a file in P11_MODULE_PATH.
+
+2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-is-known.c,
+	tests/suite/softhsm.h, tests/suite/testpkcs11.softhsm,
+	tests/utils.c, tests/utils.h: tests: enable softhsmv2 test suite by
+	default Also do not fatally fail with known softhsmv2 bugs.
+
+2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2016-02-26  Jan Vcelak <jan.vcelak@nic.cz>
+
+	* tests/suite/testpkcs11.sh: pkcs11: tests for RSA, ECC, DSA private
+	key import Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
+
+2016-02-26  Jan Vcelak <jan.vcelak@nic.cz>
+
+	* tests/suite/testpkcs11.sh: pkcs11: tests for DSA key generating Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
+
+2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi: added getpid() to the list of system calls
+	used
+
+2016-02-25  Jan Vcelak <jan.vcelak@nic.cz>
+
+	* lib/x509/privkey_pkcs8.c: gnutls_x509_privkey_import: add missing
+	algorithm setting for DSA keys The algorithm number was set only in the private key structure, not
+	in the nested structure with parameters. This made certain
+	operations to fail (e.g., copying the key into a PKCS #11 token).  Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
+
+2016-02-24  Sebastian Dröge <sebastian@centricular.com>
+
+	* configure.ac: configure: Android is ELF too Without this, compiling Android for x86 or x86-64 fails because the
+	assembly optimizations are not compiled in.
+
+2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/pcert-list.c: tests: added tests for
+	gnutls_pcert_list_import_x509_raw()
+
+2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509.c: gnutls_x509_crt_list_import: corrected memory
+	leak This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was
+	specified and a failure occurred.
+
+2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.c: _gnutls_sort_clist: fixed issues when used with
+	func option This function would incorrectly call func() on elements that were
+	included in the list, and would not call func() if the size of the
+	final chain was one.
+
+2016-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/secparams.c: DH/DSA: allow the generation of larger
+	than 15360 bit parameters
+
+2016-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/slow/hash-large.c: tests: eliminated mem leak in hash-large
+
+2016-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update [ci skip]
+
+2016-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/slow/Makefile.am, tests/slow/hash-large.c,
+	tests/slow/test-hash-large: tests: check whether large buffer hashes
+	and MAC work as expected
+
+2016-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/hmac-padlock.c,
+	lib/accelerated/x86/hmac-x86-ssse3.c,
+	lib/accelerated/x86/sha-padlock.c,
+	lib/accelerated/x86/sha-padlock.h,
+	lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/mac.c: nettle: use
+	the correct type for hash and MAC functions
+
+2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/benchmark-cipher.c: gnutls-cli: improved indentation in
+	benchmark output
+
+2016-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/set_pkcs12_cred.c: tests: set_pkcs12_cred: existing tests
+	are disabled when in FIPS140-2 mode The tests require access to the RC4 cipher which is not available.
+
+2016-02-09  Andreas Metzler <ametzler@bebt.de>
+
+	* doc/cha-gtls-app.texi: improve doc on special keywords in priority
+	string Special keywords in priority strings like %COMPAT may not be
+	prefixed with +, - or !, "NORMAL:+%COMPAT is invalid.
+
+2016-02-06  Attila Molnar <attilamolnar@hush.com>
+
+	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
+	doc/cha-tokens.texi, lib/gnutls_auth.c, lib/gnutls_dtls.c,
+	lib/gnutls_extensions.c, src/tpmtool-args.def: doc: Fix some typos
+
+2016-02-06  Attila Molnar <attilamolnar@hush.com>
+
+	* doc/cha-gtls-app.texi, src/certtool-cfg.c, src/serv-args.def: 
+	Remove remaining RSA-EXPORT support leftovers from doc and messages
+
+2016-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/pkcs11-pubkey-import-ecdsa.c: tests:
+	pkcs11-pubkey-import-ecdsa will only work under softhsmv2
+
+2016-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, configure.ac, m4/hooks.m4: bumped version
+
+2016-01-31  Andreas Metzler <ametzler@bebt.de>
+
+	* lib/gnutls_pubkey.c, lib/openpgp/gnutls_openpgp.c,
+	lib/x509/pkcs12_bag.c, lib/x509/x509.c, lib/x509/x509_ext.c,
+	src/certtool-cfg.c: Fix some more typos.  certifcate, funtion, withing, missmatch
+
+2016-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update [ci skip]
+
+2016-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/template-date.pem,
+	tests/cert-tests/template-dn.pem,
+	tests/cert-tests/template-generalized.pem,
+	tests/cert-tests/template-nc.pem,
+	tests/cert-tests/template-overflow.pem,
+	tests/cert-tests/template-overflow2.pem,
+	tests/cert-tests/template-test.pem,
+	tests/cert-tests/template-unique.pem: Revert "tests: updated to
+	account for cert generation after
+	2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix" This reverts commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b.
+
+2016-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509_ext.c: Revert "Fix out-of-bounds read in
+	gnutls_x509_ext_export_key_usage" This was not really an out-of-bounds check. Added documentation to
+	make that clear.  This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d.
+
+2016-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_global.c: gnutls_global_init: log gnutls' version on
+	initialization
+
+2016-01-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: doc: corrected typo [ci skip]
+
+2016-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/output.c: x509: tolerate missing subject or issuer fields
+
+2016-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c: gnutls_pubkey_import_x509_raw: fixed memory
+	leak
+
+2016-01-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/output.c: x509: place newline when printing unsupported
+	othernames
+
+2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update [ci skip]
+
+2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/alpn.c: alpn: when parsing the list of protocols return at
+	the first mutually common That resolves an issue where the server wouldn't select the first
+	mutually supported.  Resolves #63
+
+2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-alpn.c: tests: mini-alpn: corrected protocol selection
+	order
+
+2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-alpn.c: tests: alpn: enhance the testing of ALPN
+	negotiation
+
+2016-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/alpn.c: alpn: document how the selected protocol is
+	selected [ci skip]
+
+2016-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-alpn.c: tests: verify that the selected ALPN protocol
+	is the first advertised
+
+2015-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* Makefile.am, src/Makefile.am: build: fix make distclean by
+	including src/gl only once
+
+2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* symbols.last: symbols.last: added new symbol
+
+2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, configure.ac, m4/hooks.m4: bumped version
+
+2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: trust_list_get_issuer_by_dn: fixed check
+	for DN or SPKI
+
+2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* Makefile.am: symbols.last: don't include internal symbols into
+	exported list
+
+2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
+	auto-generated files
+
+2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac: configure: no longer distribute lzip tarballs
+
+2016-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/template-date.pem,
+	tests/cert-tests/template-dn.pem,
+	tests/cert-tests/template-generalized.pem,
+	tests/cert-tests/template-nc.pem,
+	tests/cert-tests/template-overflow.pem,
+	tests/cert-tests/template-overflow2.pem,
+	tests/cert-tests/template-test.pem,
+	tests/cert-tests/template-unique.pem: tests: updated to account for
+	cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix
+
+2016-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2016-01-04  Tim Kosse <tim.kosse@filezilla-project.org>
+
+	* lib/x509/x509_ext.c: Fix out-of-bounds read in
+	gnutls_x509_ext_export_key_usage
+
+2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: optimized build process That is, in slow asan and valgrind builds don't check the full test
+	suite.
+
+2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update [ci skip]
+
+2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update [ci skip]
+
+2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
+	the writing of ECC private key
+
+2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/Makefile.am,
+	tests/suite/pkcs11-pubkey-import-ecdsa.c,
+	tests/suite/pkcs11-pubkey-import-rsa.c,
+	tests/suite/pkcs11-pubkey-import.c: tests: pkcs11-pubkey-import will
+	check both RSA and ECDSA keys
+
+2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
+	the type of the written object Previously only RSA objects were correctly written.
+
+2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-common.h: tests: added ECDSA key in cert-common.h
+
+2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11_privkey.c: pkcs11: import public keys from any
+	available object That is, load public keys from the public key object, or the
+	certificate object if they are present. That affects non-RSA public
+	keys which do not contain all required fields on the private key
+	object.
+
+2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_db.h: session DB: made the magic number depending on
+	gnutls' version That will make sure that sessions not stored by this version of
+	gnutls will not be resumed by another (which may be incompatible).
+
+2015-12-26  Andreas Metzler <ametzler@bebt.de>
+
+	* README, lib/ext/srtp.c, lib/gnutls_priority.c, lib/locks.c,
+	lib/opencdk/keydb.c, lib/x509/pkcs7.c,
+	tests/mini-handshake-timeout.c: Fix some typos [ci skip]
+
+2015-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: NEWS: doc update [ci skip]
+
+2015-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/max_record.c: max_record: don't consider this extension on
+	DTLS That is because it doesn't work as expected, and does not fragment
+	handshake messages. Relates with #61
+
+2015-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-crypto.texi, lib/includes/gnutls/gnutls.h.in: updated
+	documentation on supported algorithms [ci skip]
+
+2015-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-intro-tls.texi: Added SHA384 to the list of TLS support
+	MAC algorithms
+
+2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/no-signal.c: tests: don't run the no-signal test in systems
+	which MSG_NOSIGNAL is not available
+
+2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/manpages/tpmtool.1: doc: manpages: remove generated tpmtool.1
+	page
+
+2015-12-17  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* .gitignore: .gitignore: add m4/extern-inline.m4
+
+2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/pkcs7: tests: added check to verify that the
+	PKCS#7 embedded data are recovered as expected
+
+2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool.c: certtool: introduced the
+	--p7-show-data option This option allows printing the embedded data in a PKCS#7 signed
+	structure.
+
+2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: 
+	gnutls_pkcs7_get_embedded_data: added function This function allows extracting the embedded data from a PKCS#7
+	signed structure.
+
+2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/pkcs7-gen.c: tests: updated pkcs7-gen to account for
+	content-type attribute
+
+2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/pkcs7: tests: check whether the content-type
+	attribute is set if we sign using time
+
+2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs7.c: pkcs7: set by default the content type attribute That is a requirement of rfc5652. Relates #59
+
+2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/crq.c, lib/x509/mpi.c, lib/x509/pkcs7.c,
+	lib/x509/sign.c, lib/x509/x509_int.h: pkcs7: use the
+	PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7
+	structures That is because there are implementations which cannot cope with the
+	normal RSA signature OIDs. Relates #59
+
+2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs7.c, tests/cert-tests/p7-combined.out: pkcs7: Disable
+	the optional fields prior to generating the PKCS#7 structure This resolves issue with our PKCS#7 structures not being parsed by
+	MacOSX' tools. Relates #59
+
+2015-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: warn if an ECDSA key is marked for
+	encryption
+
+2015-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: corrected invalid free
+
+2015-12-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_session_pack.c, lib/gnutls_state.c, lib/gnutls_ui.c: 
+	make sure gnutls_assert is present at the cases where
+	GNUTLS_E_INTERNAL_ERROR is returned
+
+2015-12-14  Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+	* configure.ac: configure: really make --disable-crywrap work The crywrap variable is set regardless of the state of
+	enable_crywrap, hence --disable-crywrap never works.  Just put the
+	tests for crywrap deps inside the enable_crywrap conditional.  Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+2015-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c: updated chacha20 ciphers to conform
+	to latest draft
+
+2015-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
+	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
+	lib/gnutls_int.h: Modified the CHACHA20 cipher to conform to
+	draft-ietf-tls-chacha20-poly1305-02
+
+2015-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug.c: gnutls-cli-debug: rephrased inappropriate
+	fallback test description to match the rest
+
+2015-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: valgrind build was moved at the
+	end as it is the slowest build
+
+2015-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def, src/certtool.c: certtool: the
+	--p7-include-cert option is enabled by default This allows to generate PKCS#7 structures by default that can be
+	read by iOS.
+
+2015-12-13  sskaje <sskaje@gmail.com>
+
+	* src/certtool-args.def, src/certtool.c: #56 Feature: certtool
+	--p7-sign support GNUTLS_PKCS7_INCLUDE_CERT
+
+2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS
+	#11 private keys for DSA and ECDSA This prevents the reading of the public key when non-RSA keys are
+	available. This is a much cleaner approach than
+	5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.
+
+2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h,
+	lib/pkcs11_privkey.c: Revert "Do not allow importing public keys
+	from PKCS #11 private keys for DSA and ECDSA" This reverts commit 9146ba63f5aa48358cb80aa7ccf9131cf2abdbe6.
+
+2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/cert-common.h: tests: cert-common.h:
+	backported from master branch
+
+2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/Makefile.am, tests/suite/pkcs11-pubkey-import.c: 
+	tests: check whether gnutls_pubkey_import_privkey() operates well
+	for PKCS#11 RSA keys
+
+2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h,
+	lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS
+	#11 private keys for DSA and ECDSA That is, because they do not contain all the required parameters for
+	a direct import. Reported by Jan Vcelak.
+
+2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11_privkey.c: pkcs11: avoid setting a variable which isn't
+	used
+
+2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
+	deinitialize gnutls_pkcs11_obj_t's pubkey on deinit
+
+2015-12-06  Jan Vcelak <jan.vcelak@nic.cz>
+
+	* lib/pkcs11_privkey.c: pkcs11: fix passing of incorrect variable in
+	privkey_get_pubkey The code worked for RSA because the content of the variables
+	matched.  But it doesn't match for ECC.  CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0)
+	CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3) Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
+
+2015-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/benchmark-tls.c: gnutls-cli: don't use RSA ciphersuites to
+	test chacha20 as they are not defined
+
+2015-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509.c: documented bug in
+	gnutls_x509_crt_get_*_unique_id()
+
+2015-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509.c: allow specifying NULL buffer in
+	gnutls_x509_crt_get_*_unique_id()
+
+2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/slow/override-ciphers, tests/slow/test-ciphers: tests:
+	cipher-test will forward the prog exit code as the script exit code
+
+2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am: tests: changes for running tests
+	under windows
+
+2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: backported from master
+
+2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/ocsp_output.c: ocsp_output: when next update is not
+	present don't print error message That is because this field is optional.  Resolves #53
+
+2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/slow/Makefile.am, tests/slow/override-ciphers: tests:
+	override-ciphers will not run mac tests on windows There is some issue with symbols for self tests not being exported.
+
+2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests:
+	updates for certtool test to run under windows
+
+2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
+	tests/cert-tests/certtool, tests/cert-tests/certtool-long-cn,
+	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
+	tests/cert-tests/pkcs7, tests/pkcs8-decode/pkcs8: tests: changes for
+	running tests under windows
+
+2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/system.c: use consistent terms in system.c and
+	system-keys-win.c
+
+2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: backported from master
+
+2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/libopts/text_mmap.c: libopts: use the O_BINARY flag in windows
+	for files
+
+2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
+	src/libopts/COPYING.mbsd, src/libopts/Makefile.am,
+	src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
+	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
+	src/libopts/autoopts.c, src/libopts/autoopts.h,
+	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
+	src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
+	src/libopts/check.c, src/libopts/compat/compat.h,
+	src/libopts/compat/pathfind.c, src/libopts/compat/windows-config.h,
+	src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c,
+	src/libopts/env.c, src/libopts/file.c, src/libopts/find.c,
+	src/libopts/genshell.c, src/libopts/genshell.h,
+	src/libopts/gettext.h, src/libopts/init.c, src/libopts/intprops.h,
+	src/libopts/libopts.c, src/libopts/load.c,
+	src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
+	src/libopts/m4/stdnoreturn.m4, src/libopts/makeshell.c,
+	src/libopts/nested.c, src/libopts/numeric.c,
+	src/libopts/option-value-type.c,
+	src/libopts/option-xat-attribute.c, src/libopts/parse-duration.c,
+	src/libopts/parse-duration.h, src/libopts/pgusage.c,
+	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
+	src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
+	src/libopts/stack.c, src/libopts/stdnoreturn.in.h,
+	src/libopts/streqvcmp.c, src/libopts/text_mmap.c,
+	src/libopts/time.c, src/libopts/tokenize.c, src/libopts/usage.c,
+	src/libopts/version.c: libopts: updated to 5.18.6
+
+2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/slow/Makefile.am: tests: use gnulib where needed
+
+2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* cross.mk: cross.mk: updated windows cross compile makefile
+
+2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/global-init-override.c: tests: disable global-init-override
+	test in windows Gcc does not support weak symbols on this platform.
+
+2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/socket.c: tools: don't call endservent in windows
+
+2015-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am: tests: included missing files
+
+2015-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/cipher.c: added cast to silence gcc warning
+
+2015-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: released 3.4.7
+
+2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/system-keys-win.c: system-keys-win: allow reinitialization of
+	the library after a deinitialization
+
+2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
+	auto-generated files
+
+2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/scripts/getfuncs.pl: getfuncs.pl: don't consider functions
+	with _gnutls prefix
+
+2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: gnutls_global_init_skip: prefixed with an
+	underscore
+
+2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, m4/hooks.m4: bumped version
+
+2015-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: check fread_file() for errors in all
+	situations This caused certtool to crash on invalid input on stdin.  Reported
+	by Christoph Biedl.
+
+2015-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509_write.c: doc update
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_ui.c: gnutls_certificate_set_flags: Added since
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/set_x509_key_mem.c: tests: check gnutls_certificate_flags
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_ui.c,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
+	gnutls_certificate_flags() and
+	GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH That allows a user of the credentials to disable the certificate
+	matching action. That is, to disable the calls to sign and verify on
+	initialization.
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/Makefile.am: link with libdl when trousers is enabled;
+	reported by Andreas Schneider
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests.c: enhanced cipher selftests with variable
+	key sizes on arcfour
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/cipher.c: Do not enforce a maximum key size on ARCFOUR That makes the library consistent with the behavior of previous
+	versions (3.3.x)
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/tests.c: gnutls-cli-debug: make TLS 1.6 fallback check more
+	reliable
+
+2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c, lib/x509/x509_write.c: doc update
+
+2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: disable non-suiteb curves in all
+	systems as we have multiple which are fedoras
+
+2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/global-init-override.c, tests/global-init.c: tests:
+	corrected copyright info
+
+2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/global-init-override.c: tests: added
+	check for overriding global initialization
+
+2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: documented GNUTLS_SKIP_GLOBAL_INIT macro
+
+2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow
+	programs skip implicit global initialization
+
+2015-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: backported
+
+2015-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi: doc: document how to use gnutls with
+	seccomp
+
+2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/auth/dh_common.c: deinitialize client_Y if needed to avoid
+	leak This is a more conservative fix comparing to
+	0e370b7b34c96f7929f9070ad8287c6cf52e7901 ("deinitialize all
+	handshake keys when handshake is over").
+
+2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: Revert "deinitialize all handshake keys when
+	handshake is over" This reverts commit 0e370b7b34c96f7929f9070ad8287c6cf52e7901.
+
+2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509_write.c: 
+	gnutls_x509_crt_set_subject/issuer_unique_id: added Since in doc
+
+2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c: doc update
+
+2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-crypto.texi, lib/includes/gnutls/pkcs7.h,
+	lib/x509/pkcs7.c: Added documentation on PKCS #7 signing
+
+2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: disable guile in asan builds
+
+2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: deinitialize all handshake keys when handshake
+	is over
+
+2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/Makefile.am, tests/suite/eagain,
+	tests/suite/eagain.sh, tests/suite/invalid-cert,
+	tests/suite/invalid-cert.sh, tests/suite/testcompat-openssl.sh,
+	tests/suite/testcompat-polarssl.sh, tests/suite/testdane,
+	tests/suite/testdane.sh, tests/suite/testrandom,
+	tests/suite/testrandom.sh, tests/suite/testrng,
+	tests/suite/testrng.sh, tests/suite/testsrn, tests/suite/testsrn.sh: 
+	tests: suite: more shell scripts were given the .sh suffix and
+	simplified makefile
+
+2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/Makefile.am, tests/suite/chain, tests/suite/chain.sh,
+	tests/suite/test-ciphersuite-names,
+	tests/suite/test-ciphersuite-names.sh, tests/suite/testpkcs11,
+	tests/suite/testpkcs11.sh: tests: suite: don't run shell scripts
+	with valgrind
+
+2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testsrn: tests: testsrn: output errors on stderr
+
+2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
+	tests/cert-tests/template-unique.pem,
+	tests/cert-tests/template-unique.tmpl: tests: verify that unique IDs
+	are generated as expected
+
+2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
+	src/certtool.c: certtool: Allow writing unique IDs in generated
+	certificates
+
+2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
+	lib/x509/x509_write.c: Added gnutls_x509_crt_set_issuer_unique_id()
+	and gnutls_x509_crt_set_subject_unique_id()
+
+2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/output.c: properly indent unique IDs
+
+2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: documented the GNUTLS_NO_EXPLICIT_INIT
+	environment variable
+
+2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-api.c: crypto-api: doc update
+
+2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/auth/dhe.c, lib/auth/ecdhe.c: Allow switching a ciphersuite to
+	DHE and ECDHE on a rehandshake
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: eliminate leaks in _verify_x509_mem()
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testdane: testdane: improved error detection in sites
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/Makefile.am, tests/suite/chain,
+	tests/suite/pkcs11-is-known.c, tests/suite/suppressions.valgrind,
+	tests/suite/testsrn, tests/suite/x509paths/suppressions.valgrind: 
+	tests: suite: eliminate many leaks in the tests and run them under
+	valgrind
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/openpgp-certs/Makefile.am,
+	tests/openpgp-certs/suppressions.valgrind,
+	tests/openpgp-certs/testcerts: tests: openpgp-certs: use valgrind
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/openpgp/extras.c: openpgp: eliminate leaks in
+	gnutls_openpgp_keyring_import()
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/mini-eagain2.c: tests: eliminate leaks in
+	mini-eagain2.c
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: eliminate memory leaks in certificate
+	generation
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/key-tests/Makefile.am, tests/key-tests/key-id,
+	tests/key-tests/pkcs8, tests/key-tests/suppressions.valgrind: tests:
+	key-tests: use valgrind
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_pubkey.c: gnutls_x509_crt_set_pubkey: clarify usage
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
+	tests/pkcs12-decode/suppressions.valgrind: tests: run the PKCS #12
+	tests under valgrind
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: pkcs12: correctly set
+	salt size in gnutls_pkcs12_mac_info Also eliminate leaks in PKCS #12 parsing.
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: make sure that pkcs12 structures are
+	deinitialized
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-backend.c: crypto-backend: ensure there are no leaks on
+	deinitialization
+
+2015-11-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c, tests/mini-etm.c,
+	tests/mini-record.c: Require TLS 1.2 for all the ciphersuites which
+	are defined for it only This solves an interoperability issue with openssl. Reported by
+	Viktor Dukhovni.
+
+2015-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
+	src/pkcs11.c: p11tool: introduced --only-urls option This option allows printing a compact listing containing only of
+	URLs.
+
+2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-x509-default-prio.c: tests: added
+	check for gnutls_priority_set_default
+
+2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: use static libasan This prevents issues with tests which use LD_PRELOAD.
+
+2015-11-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* .gitlab-ci.yml: .gitlab-ci.yml: disable non-suiteb curves on build
+	on Fedora system
+
+2015-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/socket.c: tools: better ftp auth tls negotiation
+
+2015-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/socket.c: tools: only check for status code in FTP starttls
+	negotiation
+
+2015-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/socket.c: tools: print more info in starttls negotiation when
+	--verbose is given
+
+2015-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls.pc.in: gnutls.pc: don't use the libtool version of the
+	link options Reported by Dan Kegel.  Resolves #49
+
+2015-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/heartbeat.c: removed inacurate text
+
+2015-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-bib.texi, doc/cha-intro-tls.texi, doc/latex/gnutls.bib: 
+	doc: updated supplemental data documentation
+
+2015-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testdane: tests: testdane will not check hosts which
+	are unreachable
+
+2015-10-20  Andreas Metzler <ametzler@bebt.de>
+
+	* lib/auto-verify.c, lib/gnutls_state.c: Documentation update The new simple verification functions were backported to 3.4.6,
+	correct "Since:" to reflect this.
+
+2015-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
+	auto-generated files
+
+2015-10-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: released 3.4.6
+
+2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: doc: documented future level
+
+2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h: pkcs11.h: relocated
+	gnutls_pkcs11_copy_pubkey to allow discovery by buggy doc scripts
+
+2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/ext_master_secret.c: ext master secret: extension is
+	marked as mandatory This forces the extension to be sent even where resuming sessions.
+	Resolves #45
+
+2015-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/resume.c: tests: Check whether a resumed session contains
+	the ext master secret extension Relates #45
+
+2015-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/pkcs11-certs/server.pub, tests/suite/testpkcs11: 
+	tests: adapted testpkcs11 for use with 3.4.x certtool
+
+2015-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11, tests/suite/testpkcs11.softhsm: tests:
+	verify that public keys are properly written Also disable parts of the suite that softhsm2 cannot properly work
+	with, to allow running parts of the suite even with broken softhsm.
+
+2015-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: Allow writing a PKCS #11 pubkey object
+
+2015-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+	lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11:
+	introduced gnutls_pkcs11_copy_pubkey That allows copying a public key to a PKCS #11 module.
+
+2015-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am: doc: set a path which includes new binaries when
+	running autogen That makes sure that autogen will discover the binaries to obtain
+	the --help output.
+
+2015-10-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug-args.def: gnutls-cli-debug: updated doc
+
+2015-10-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug-args.def, src/cli-debug.c, src/cli.c,
+	src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h: 
+	tools: when the starttls-proto is specified automatically detect the
+	port if not given
+
+2015-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitlab-ci.yml: backport: .gitlab-ci.yml: combined the slow build
+	with the separate build dir
+
+2015-10-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/ciphers.c, lib/gnutls_cipher_int.c,
+	lib/gnutls_priority.c: Disable the NULL cipher on runtime when
+	FIPS140 mode is enabled instead of statically That way the NULL cipher can be used when not in FIPS140 mode.
+
+2015-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/algorithms/kx.c,
+	lib/gnutls_int.h, lib/gnutls_priority.c: backport: Tolerate priority
+	strings with names of legacy ciphers and key exchanges That enables better backwards compatibility with old applications
+	which disable or enable algorithms which no longer are supported.
+	Relates #44
+
+2015-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_write.c: pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER
+	when writing on a certificate That allows NSS to read and use the written certificate.  Relates
+	#43
+
+2015-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/sec-params.c: tests: enhanced sec-params check to account
+	for future sec-param
+
+2015-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-common.c: certtool: recognize the future sec-param
+
+2015-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/secparams.c, lib/includes/gnutls/gnutls.h.in: 
+	Introduced the security parameter future (256) and switched ultra to
+	192 bits For ultra, this was its documented strength, and now follows RFC3766
+	recommendations for sizes.
+
+2015-10-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-common.c: certtool: be more specific on the help
+	message for --sec-param when --bits are given
+
+2015-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testpkcs11.softhsm: tests: better detection of softhsm
+	library
+
+2015-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, m4/hooks.m4: bumped version
+
+2015-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
+	doc/examples/ex-client-x509.c, lib/Makefile.am, lib/auto-verify.c,
+	lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
+	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+	lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map, tests/Makefile.am, tests/auto-verify.c: 
+	Backported new verification functions for clients from 3.5.x branch The major use-case for the TLS protocol is verification of PKIX
+	certificates. However, certificate verification support while is
+	similar for almost all projects it requires around 100 lines of code
+	(a callback) to be duplicated to all applications. That patch set
+	gets rid of the callback and simplifies certificate verification
+	support, by introducing a very simple API; one that would accept the
+	session and the hostname only.  Resolves #27
+
+2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/eagain-common.h,
+	tests/mini-session-verify-function.c: tests: added test for
+	gnutls_session_set_verify_function
+
+2015-08-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
+	gnutls_session_set_verify_function That allows to set a verification callback per session rather than
+	only globally on the credentials structure.
+
+2015-10-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_record.c: gnutls_record_recv: simplified text on
+	GNUTLS_E_REHANDSHAKE
+
+2015-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-common.c: certtool: print 16-bytes of hex values per
+	line Also avoid a colon on the end of the line.
+
+2015-09-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-common.c: certtool: switched the default level to
+	HIGH for key generation That requires 3072 bits for RSA and DSA keys.
+
+2015-09-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
+	src/socket.c: tools: added xmpp into the starttls-proto options
+
+2015-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
+	src/socket.c: tools: added ldap into the starttls-proto options
+
+2015-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/system.c: system.c: simplify gnutls_system_recv_timeout
+
+2015-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c: gnutls-cli-debug: use RFC7627 instead of
+	draft-ietf-tls-session-hash
+
+2015-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/gnutls.h.in: updated documentation on
+	gnutls_vdata_types_t based on DKG's suggestions
+
+2015-09-16  Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+	* lib/gnutls_cert.c: improve docs for
+	gnutls_certificate_verify_peers*() The gnutls_certificate_verify_peers{,2,3}() functions all return
+	GNUTLS_E_SUCCESS (0) even in situations when the peer's certificate
+	was not verified.  This is explained in the first paragraphs ("i.e.
+	failure to trust a certificate does not imply a negative return
+	value"), but the Returns: line isn't comparably clear.
+
+2015-09-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_str.c: _gnutls_hex2bin: avoid overrun in the provided
+	buffer
+
+2015-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, configure.ac, m4/hooks.m4: bumped version
+
+2015-09-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/manpages/tpmtool.1: tpmtool.1: updated
+
+2015-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/output.c: Don't use formatted output for fixed strings Resolves #35
+
+2015-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: pkcs11: when storing public keys, make sure
+	they are marked as not private
+
+2015-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/tests.c: gnutls-cli-debug: corrected typo in inappropriate
+	fallback check
+
+2015-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
+	check for inappropriate fallback support
+
+2015-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/examples/ex-serv-anon.c: corrected typo in ex-server-anon
+
+2015-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_str.c: hex decoding: more reasonable error codes That is, return GNUTLS_E_PARSING_ERROR instead of base64 decoding
+	error, and document that fact.
+
+2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/ext_master_secret.c, lib/gnutls_db.c: Set the extended
+	master secret status based on resumption data only That is, don't require a new negotiation with extensions.
+
+2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/resume-dtls.c, tests/resume.c: tests: corrected resumption
+	tests to disable tickets when needed That is, perform the tests that require no tickets, with tickets
+	disabled.
+
+2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_session_pack.c: session packing: corrected issue in PSK
+	session unpack
+
+2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/auth/psk.c: PSK: save the username in client side in the auth
+	structure
+
+2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_hash_int.h: _gnutls_hash() returns error code if any.  Ideally we would like to eliminate any return codes from that
+	function. However, since that's on exported API we cannot easily do
+	without breaking the ABI. Reported by Benedikt Klotz.  Resolves #28
+
+2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c, lib/x509/verify-high2.c: x509: when
+	appending CRLs to a trust list ensure that we don't have duplicates That is, overwrite CRLs if they have been obsoleted.
+
+2015-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: allow exporting very long CRLs
+
+2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/crl: tests: verify whether CRL date setting works
+	as expected
+
+2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
+	src/certtool.c: certtool: Allow specifying CRL dates as fixed dates
+
+2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/crl: tests: verify CRL appending effectiveness
+
+2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/crl_write.c: gnutls_x509_crl_set_authority_key_id,
+	gnutls_x509_crl_set_number allow overwritting That allows them to overwrite values which were previously set
+	(e.g., on an imported CRL).
+
+2015-08-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool.c: certtool: allow appending
+	certificates to a CRL
+
+2015-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: removed limit on maximum imported
+	certificates in the -i option
+
+2015-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/crl: tests: check
+	whether the CRL generation code works as expected
+
+2015-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-common.c, src/certtool.c: certtool: eliminated memory
+	leaks due to new cert loading code
+
+2015-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-common.c, src/certtool-common.h: certtool: lifted
+	limits on file size to load
+
+2015-08-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* Makefile.am: before dist ensure that included libopts matches
+	autogen
+
+2015-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: corrected date
+
+2015-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am: include all cert-tests into dist
+
+2015-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
+	auto-generated files for new functions
+
+2015-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: test-sign will not fail if a pubkey is not
+	found
+
+2015-08-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/privkey.c: key decoding: set key to null for consistency
+
+2015-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: key decoding: simplify decoding logic by
+	removing the fallback
+
+2015-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: key decoding: corrected regression with PKCS
+	#8 key decoding Reported by Daniel Berrange.
+
+2015-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/pkcs8-key-decode.c: tests: added check
+	for decoding of a PKCS #8 key as fallback
+
+2015-08-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-08-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11: set
+	the CKA_TOKEN attribute on generated public keys That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY
+	flag, to simulate the previous behavior.
+
+2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cfg.mk: cfg.mk: fix order of arguments in gnulib-tool
+
+2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/fallback-scsv.c: tests: added check for
+	the fallback SCSV
+
+2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c: handshake: check inappropriate fallback
+	against the configured max version That allows to operate on a server which is explicitly configured to
+	utilize earlier than TLS 1.2 versions.
+
+2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/gnutls.h.in: corrected
+	GNUTLS_E_INAPPROPRIATE_FALLBACK error code
+
+2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c: copy_ciphersuites: use definition for
+	reserved ciphersuites
+
+2015-08-01  Alessandro Ghedini <alessandro@ghedini.me>
+
+	* doc/cha-gtls-app.texi, lib/gnutls_handshake.c, lib/gnutls_int.h,
+	lib/gnutls_priority.c, lib/priority_options.gperf: handshake: add
+	FALLBACK_SCSV priority option This allows clients to enable the TLS_FALLBACK_SCSV mechanism during
+	the handshake, as defined in RFC7507.
+
+2015-08-01  Alessandro Ghedini <alessandro@ghedini.me>
+
+	* lib/algorithms.h, lib/gnutls_alert.c, lib/gnutls_errors.c,
+	lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: handshake:
+	check for TLS_FALLBACK_SCSV If TLS_FALLBACK_SCSV was sent by the client during the handshake,
+	and the advertised protocol version is lower than
+	GNUTLS_TLS_VERSION_MAX, send the "Inappropriate fallback" fatal
+	alert and abort the handshake.  This mechanism was defined in RFC7507.
+
+2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* build-aux/gendocs.sh, gl/Makefile.am, gl/m4/codeset.m4,
+	gl/m4/extern-inline.m4, gl/m4/gettext.m4, gl/m4/glibc2.m4,
+	gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
+	gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/intdiv0.m4,
+	gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
+	gl/m4/intmax.m4, gl/m4/lcmessage.m4, gl/m4/lock.m4,
+	gl/m4/manywarnings.m4, gl/m4/nls.m4, gl/m4/po.m4,
+	gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/stdio_h.m4,
+	gl/m4/sys_time_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
+	gl/m4/uintmax_t.m4, gl/m4/valgrind-tests.m4, gl/m4/visibility.m4,
+	gl/stddef.in.h, gl/stdio.in.h, gl/string.in.h, gl/tests/init.sh,
+	gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
+	gl/tests/test-stddef.c, gl/time.in.h, gl/wchar.in.h,
+	src/gl/Makefile.am, src/gl/error.c, src/gl/error.h,
+	src/gl/fseeko.c, src/gl/m4/extern-inline.m4,
+	src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-common.m4,
+	src/gl/m4/stdio_h.m4, src/gl/m4/sys_time_h.m4, src/gl/m4/time_h.m4,
+	src/gl/stddef.in.h, src/gl/stdio.in.h, src/gl/string.in.h,
+	src/gl/time.in.h, src/gl/wchar.in.h, src/gl/xalloc.h: use the
+	gettext-h gnulib module
+
+2015-08-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/certtool-long-cn: tests: added missing
+	certtool-long-cn
+
+2015-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/safe_renegotiation.c: safe renegotiation: simulate
+	receiving the extension on receival of SCSV
+
+2015-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.c: made data2hex() safer, and eliminated mem leak
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/very-long-dn.pem: 
+	tests: added check for proper handling of very long CNs
+
+2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/status-request-ok.c,
+	tests/status-request.c: tests: added check for server sending (or
+	not) status request messages
+
+2015-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-07-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: updated the required gettext version to match the
+	macros from gnulib
+
+2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/safe_renegotiation.c: safe renegotiation: handle case
+	where client didn't send any extension That was affected by the "don't try to send extensions we didn't
+	receive".
+
+2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/tpm.c: tpm: avoid warning
+
+2015-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h: 
+	As server don't try to send extensions we didn't receive.
+
+2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/tpm.c: tpm: use gnutls_hex_decode for uuid decoding
+
+2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/auth/psk_passwd.c: psk: use gnutls_hex_decode2 for key
+	decoding
+
+2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/system-keys-win.c: system-keys-win: use gnutls_hex_decode for
+	ID decoding
+
+2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/openpgp/gnutls_openpgp.c: openpgp: use gnutls_hex_decode for
+	keyid decoding
+
+2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.c: DN decoding: use gnutls_hex_encode
+
+2015-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/extras/Makefile.am, lib/extras/hex.c, lib/extras/hex.h,
+	lib/extras/licenses/CC0, lib/gnutls_str.c,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Introduced
+	gnutls_hex_encode2() and gnutls_hex_decode2() These also use safer hex decoding functions which don't skip invalid
+	input.
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.c: x509: simplified data to hex conversion in
+	unknown DN names
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_state.c, tests/prf.c: gnutls_prf_rfc5705: Allow for
+	non-null context and zero context length
+
+2015-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, configure.ac, m4/hooks.m4: bumped version
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/prf.c: tests: added cross-check between gnutls_prf_rfc5705()
+	and gnutls_prf()
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/safe-renegotiation/Makefile.am,
+	tests/suite/Makefile.am: removed legacy libgcrypt flags
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c, tests/prf.c: gnutls_prf_rfc5705: optimize in
+	the common use case, by avoiding malloc Also don't handle specially the case of non-NULL context and
+	context_size of zero.
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* .gitignore: ignore more files
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def: p11tool: fix documentation for
+	--generate-ecc and generate-dsa
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: gnutls_prf_rfc5705: mention the version it was
+	introduced at
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/prf.c: tests: added check for
+	gnutls_prf() and gnutls_prf_rfc5705
+
+2015-07-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: gnutls_prf_rfc5705: added That includes support for RFC5705 when the context field is used.
+	Initial patch by Rick van Rein.
+
+2015-07-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-tokens.texi: doc update: explain more about PKCS #11 and
+	fork
+
+2015-07-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac: configure: print the trousers lib only when set
+
+2015-07-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/tpmtool-args.def, src/tpmtool.c: tpmtool: Added --test-sign
+	parameter
+
+2015-07-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_global.c, lib/tpm.c: Deinitialize the TPM subsystem
+	only when trousers support is enabled
+
+2015-07-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/Makefile.am, lib/gnutls_errors.c,
+	lib/gnutls_global.c, lib/gnutls_global.h,
+	lib/includes/gnutls/gnutls.h.in, lib/tpm.c: TPM: don't link to
+	trousers, use dlopen() That introduces --with-trousers-lib which can be used to specify the
+	library to dlopen().  Resolves #18
+
+2015-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
+	auto-generated files
+
+2015-07-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, configure.ac, m4/hooks.m4: bumped version
+
+2015-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs11.h: pkcs11: mention the version
+	GNUTLS_PKCS11_TOKEN_MODNAME is available from
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/auth/dhe_psk.c: PSK: set the hint in DHE-PSK and ECDHE-PSK
+	ciphersuites
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/pskself.c: tests: updated pskself to check the hint in all
+	PSK ciphersuites
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: be more compact in token URL printing
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def: p11tool: group the provided options for
+	readability
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def, src/p11tool.c: p11tool: keep backwards
+	compatibility by introducing --list-token-urls That is, the output of --list-tokens remains the same.
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: print the module name of a token in verbose
+	mode
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+	lib/pkcs11_write.c, lib/pkcs11x.c: Added GNUTLS_PKCS11_TOKEN_MODNAME
+	for gnutls_pkcs11_token_get_info That allows to obtain the shared module name of a token URL.
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h: pkcs11.h: doc  update
+
+2015-07-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def, src/p11tool.c: p11tool: less verbose output
+	in --list-tokens unless --verbose is specified
+
+2015-07-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suppressions.valgrind: tests: added suppression for bash mem
+	leak
+
+2015-07-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, tests/Makefile.am, tests/cert-tests/Makefile.am: 
+	tests: don't run certtool-utf8 when libidn is 1.30 or less This avoids test suite failures due to libidn.
+
+2015-07-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-args.def: gnutls-cli: doc update
+
+2015-07-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/dumbfw.c: dumbfw: don't append a size prefix in the pad Reported by Hannes Mehnert.
+
+2015-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* gl/m4/valgrind-tests.m4: gl: use /bin/true to run valgrind during
+	configure Bash has memory leaks, which prevents the valgrind check to operate
+	using the SHELL variable.
+
+2015-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/certtool-utf8: 
+	tests: added check for invalid UTF8 encoded string
+
+2015-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac: Revert "libidn support is disabled by default" This reverts commit 5fdffb2c177cb990480fb8b93c9257ccc5dfcaad.
+
+2015-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* : commit d63c088edd15f20318b396f2298744cbf9e1a392 Author: Daniel
+	Kahn Gillmor <dkg@fifthhorseman.net> Date:   Thu Jul 2 14:28:32 2015
+	-0400
+
+2015-07-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c: DSA: the numeric number of bits returned from
+	public key should depend on P not Y That allows to do the proper evaluation to check certificate
+	strength.  Reported by Hubert Kario.
+
+2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/dsa/Makefile.am, tests/dsa/dsa-pubkey-1018.pem,
+	tests/dsa/testdsa: tests: check whether we print the prime size in
+	DSA keys
+
+2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c: name constraints: simplified
+	gnutls_x509_name_constraints_check_crt()
+
+2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/name-constraints,
+	tests/cert-tests/name-constraints-ip.pem: tests: verify that
+	unsupported name constraints are properly handled
+
+2015-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c: name constraints: don't reject
+	certificates if a CA has the URI or IPADDRESS constraints Don't reject certificates if a CA has the URI or IPADDRESS
+	constraints, and the end certificate doesn't have an IPaddress name
+	or a URI set.
+
+2015-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* po/ms.po.in: Sync with TP.
+
+2015-06-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: libidn support is disabled by default That is until the issues with libidn get resolves.  Relates #10
+
+2015-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/atfork.c: tests: added a test for the
+	fork detection interface
+
+2015-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/resume-dtls.c: tests: resume-dtls: increased timeouts
+
+2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/atfork.c, lib/atfork.h: Don't use
+	pthread_atfork(), it is not safe to use with dlopen() http://austingroupbugs.net/view.php?id=851
+
+2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/atfork.c, lib/atfork.h: atfork: added underscore to
+	gnutls_forkid
+
+2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/atfork.c, lib/atfork.h, lib/nettle/rnd-fips.c,
+	lib/nettle/rnd.c, lib/pkcs11.c: simplified fork detection
+
+2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: enhanced header matching code for private keys
+	to skip unrelated data
+
+2015-06-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/privkey-import,
+	tests/cert-tests/privkey1.pem, tests/cert-tests/privkey2.pem,
+	tests/cert-tests/privkey3.pem: tests: added private key import
+	checks
+
+2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: gnutls_x509_privkey_import: optimized private
+	key loading
+
+2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: gnutls_x509_privkey_import2: better behavior
+	when provided with an unencrypted file That is, it will attempt to decode it first as plain file prior to
+	trying all encrypted options.
+
+2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/key-openssl.c: tests: added check to verify that
+	gnutls_x509_privkey_import2 works for plain keys That is, when a password is provided and the key is non encrypted.
+
+2015-06-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/key_decode.c, lib/x509/mpi.c: _gnutls_get_asn_mpis() will
+	release any data on failure Resolves #15
+
+2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/cert-tests/aki, tests/cert-tests/certtool,
+	tests/cert-tests/crq, tests/cert-tests/dane,
+	tests/cert-tests/email, tests/cert-tests/invalid-sig,
+	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
+	tests/cert-tests/pkcs7, tests/cert-tests/template-test,
+	tests/dsa/testdsa, tests/dtls/dtls, tests/dtls/dtls-nb,
+	tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8,
+	tests/nist-pkits/gnutls_test_entry, tests/nist-pkits/pkits_crl,
+	tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
+	tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test,
+	tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs,
+	tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
+	tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test,
+	tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2,
+	tests/sha2/sha2-dsa, tests/slow/override-ciphers,
+	tests/slow/test-ciphers, tests/suite/certs/create-chain.sh,
+	tests/suite/chain, tests/suite/crl-test, tests/suite/eagain,
+	tests/suite/invalid-cert, tests/suite/testcompat-main-openssl,
+	tests/suite/testcompat-main-polarssl,
+	tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl,
+	tests/suite/testdane, tests/suite/testpkcs11,
+	tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
+	tests/suite/testpkcs11.softhsm, tests/suite/testrandom,
+	tests/suite/testrng, tests/suite/testsrn, tests/userid/userid: 
+	tests: tab indent + minor style changes Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/ciphersuite/scan-gnutls.sh: tests: modified
+	test-ciphersuite-names to work with cpp 5.1.1
+
+2015-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/test-ciphersuite-names: tests: test-ciphersuite-names:
+	create any needed dirs
+
+2015-06-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/Makefile.am, tests/suite/ciphersuite/scan-gnutls.sh,
+	tests/suite/ciphersuite/test-ciphersuites.sh,
+	tests/suite/test-ciphersuite-names: tests: moved
+	test-ciphersuites.sh one level up That simplifies running the script outside make check.
+
+2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/suite/ciphersuite/scan-gnutls.sh,
+	tests/suite/ciphersuite/test-ciphers.js,
+	tests/suite/ciphersuite/test-ciphersuites.sh: tests: suite:
+	ciphersuite: fixups fix separate builddir issue, without modifying locations, quite
+	ugly.  re-indent using tab.  fix shebang.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/pkcs1-padding/pkcs1-pad, tests/suite/testcompat-openssl,
+	tests/suite/testcompat-polarssl: tests: enforce UTC timezone in
+	datefudge tests Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/cert-tests/aki, tests/cert-tests/certtool,
+	tests/cert-tests/crq, tests/cert-tests/dane,
+	tests/cert-tests/email, tests/cert-tests/invalid-sig,
+	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
+	tests/cert-tests/pkcs7, tests/cert-tests/template-test,
+	tests/ecdsa/ecdsa, tests/key-tests/key-id, tests/key-tests/pkcs8,
+	tests/openpgp-certs/testselfsigs: tests: misc: shell cleanup leftovers minor sync.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* configure.ac, tests/suite/certs/create-chain.sh,
+	tests/suite/chain, tests/suite/crl-test, tests/suite/eagain,
+	tests/suite/invalid-cert, tests/suite/testcompat-common,
+	tests/suite/testcompat-main-openssl,
+	tests/suite/testcompat-main-polarssl,
+	tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl,
+	tests/suite/testdane, tests/suite/testpkcs11,
+	tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
+	tests/suite/testpkcs11.softhsm, tests/suite/testrandom,
+	tests/suite/testrng, tests/suite/testsrn: tests: suite: cleanup
+	shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup indentation to be consistent with other tests.  Fix separate builddir issues.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-21  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
+	tests/pkcs8-decode/pkcs8, tests/rfc2253-escape-test,
+	tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/sha2,
+	tests/sha2/sha2-dsa, tests/slow/override-ciphers,
+	tests/slow/test-ciphers, tests/userid/userid: tests: misc: cleanup
+	shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup indentation to be consistent with other tests.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am: tests: fixed includes
+
+2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
+	lib/gnutls_global.c, lib/gnutls_str.h, lib/x509/ocsp_output.c: move
+	all gettext definitions in gnutls_str.h
+
+2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cross.mk: cross.mk: updated for 3.4.2
+
+2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_str.h: gnutls_str: include gettext.h when dgettext is
+	available
+
+2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/mini-dtls-fork.c, tests/mini-dtls-mtu.c,
+	tests/mini-dtls-pthread.c, tests/mini-dtls-record-asym.c,
+	tests/openpgp-auth.c, tests/openpgp-auth2.c, tests/pkcs12_simple.c,
+	tests/rsa-encrypt-decrypt.c, tests/utils.c, tests/utils.h,
+	tests/x509sign-verify.c, tests/x509sign-verify2.c: tests: don't
+	depend on gnulib That dependency unfortunately causes many portability problems on
+	platforms where it should have worked out of the box.
+
+2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-06-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* devel/perlasm/cpuid-x86.pl, doc/scripts/cleanup-autogen.pl,
+	doc/scripts/gdoc, doc/scripts/getfuncs-map.pl,
+	doc/scripts/getfuncs.pl, doc/scripts/sort1.pl,
+	doc/scripts/sort2.pl, doc/scripts/split-texi.pl,
+	doc/scripts/split.pl, tests/nist-pkits/build-chain: use the same
+	shebang for perl
+
+2015-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/certtool: tests: added a verify-chain test case
+
+2015-06-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/scripts/common.sh: tests: don't quote provider in common.sh That caused testpkcs11 to fail.
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-alignment.c: tests: don't enforce alignment rules for
+	caller buffers
+
+2015-06-17  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/cert-tests/aki, tests/cert-tests/certtool,
+	tests/cert-tests/crq, tests/cert-tests/dane,
+	tests/cert-tests/email, tests/cert-tests/invalid-sig,
+	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
+	tests/cert-tests/pkcs7, tests/cert-tests/template-test: tests:
+	cert-tests: cleanup shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup trailing spaces.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* .gitlab-ci.yml: Added gitlab-ci.yml
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map: reduced the exported functions to the minimum
+	needed
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_extensions.c: _gnutls_ext_register was made static
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map: libgnutls.map: use a 3.4 related name for
+	private functions This eliminates any collisions with functions from 3.3.x
+
+2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/nist-pkits/build-chain, tests/nist-pkits/gnutls_test_entry,
+	tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
+	tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
+	tests/nist-pkits/pkits_smime, tests/nist-pkits/pkits_test: tests:
+	nist-pkits: cleanup shell/perl usage Add quotes for most usages of variables.  Added ${} for variables.  Consistent indent.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am: tests: force link with nettle of mini-alignment
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/oids.c: tests: Check the OID functions
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms.h, lib/algorithms/ecc.c, lib/algorithms/mac.c,
+	lib/algorithms/publickey.c, lib/algorithms/sign.c, lib/gnutls_pk.c,
+	lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map, lib/x509/common.c, lib/x509/crl.c,
+	lib/x509/key_decode.c, lib/x509/key_encode.c, lib/x509/mpi.c,
+	lib/x509/ocsp.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
+	lib/x509/privkey_pkcs8.c: Exported functions to convert from and to
+	OIDs
+
+2015-06-18  Saurav Babu <saurav.babu@samsung.com>
+
+	* src/cli.c: gnutls-cli: Fixed Possible Memory Leak This patch fixes possible memory leak in psk_callback() function,
+	rawkey is allocated memory by gnutls_malloc() and is not freed when
+	gnutls_hex_decode() returns with error Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs7.c: pkcs7: corrected write_signer_id() when
+	GNUTLS_PKCS7_WRITE_SPKI was used
+
+2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs: 
+	tests: openpgp-certs: cleanup shell usage Add quotes for most usages of variables.  Added ${} for variables.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/key-tests/key-id, tests/key-tests/pkcs8: tests: key-tests:
+	cleanup shell usage Add quotes for most usages of variables.  Added ${} for variables.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/ecdsa/ecdsa: tests: ecdsa: cleanup shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup trailing spaces.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-18  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/dsa/testdsa, tests/scripts/common.sh: tests: dsa: cleanup
+	shell usage Add quotes for most usages of variables.  Added ${} for variables.  Cleanup trailing spaces.  Removal of unneeded ';'.  Minor fix in tests/scripts/common.sh at trap to pass message and
+	avoid killing.  Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_mbuffers.c: indentation fix
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_int.h: Always align in 16-byte boundary our input to
+	crypto That allows faster operations in almost all instruction sets.
+
+2015-06-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-alignment.c: tests: added check for
+	memory alignment
+
+2015-06-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/template-test: tests: only run test with long
+	dates in 64-bit systems
+
+2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/template-date.pem,
+	tests/cert-tests/template-dn.pem,
+	tests/cert-tests/template-generalized.pem,
+	tests/cert-tests/template-nc.pem,
+	tests/cert-tests/template-overflow.pem,
+	tests/cert-tests/template-overflow2.pem,
+	tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
+	tests/cert-tests/template-utf8.pem: tests: regenerate the results in
+	template-test using UTC times
+
+2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c: ensure that gnutls_pubkey_verify_data2
+	returns 0 on success
+
+2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: 
+	Added gnutls_pkcs7_get_signature_count
+
+2015-06-17  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/suite/Makefile.am: tests: suite: run testpkcs11 if PKCS#11
+	is enabled Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-17  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/nist-pkits/gnutls_test_entry,
+	tests/suite/certs/create-chain.sh: tests: remove bash usage Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/template-date.pem,
+	tests/cert-tests/template-dn.pem,
+	tests/cert-tests/template-generalized.pem,
+	tests/cert-tests/template-generalized.tmpl,
+	tests/cert-tests/template-nc.pem,
+	tests/cert-tests/template-overflow.pem,
+	tests/cert-tests/template-overflow2.pem,
+	tests/cert-tests/template-test, tests/cert-tests/template-test.pem,
+	tests/cert-tests/template-utf8.pem: tests: verify that we generate
+	dates with UTCTime prior to 2050 Also that we generate dates with GeneralizedTime format after 2050.
+
+2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.c, lib/x509/common.h: When writing the Time ASN.1
+	structure follow the RFC5280 recommendations
+
+2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.c: Set time in PKCS #7 structures properly (in
+	UTCTime format).
+
+2015-06-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-06-16  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/cert-tests/pkcs7: tests: cert-tests: pkcs7: support separate
+	builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* symbols.last: account new symbols
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: updated
+	makefiles for the new functions
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/pkcs7.c, lib/x509/x509_ext.c: doc update
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/Makefile.am, lib/x509/pkcs7-output.c,
+	lib/x509/pkcs7_output.c: use common base for pkcs7 files
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, lib/libgnutls.map: added missing symbol
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: released 3.4.2
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool.c, tests/cert-tests/pkcs7: 
+	certtool: made explicit the inclusion of time in PKCS #7 signatures
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs7.c: pkcs7:
+	write the DER encoded time
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: include the signature time in PKCS #7
+	signatures
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs7.c: pkcs7: corrected usage of
+	GNUTLS_PKCS7_INCLUDE_TIME flag
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out: 
+	tests: minor updates in pkcs7 output checks to match new certtool
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: rely on gnutls_pkcs7_print() even more
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs7_output.c: pkcs7: print certificates and CRLs in
+	FULL mode
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: use gnutls_pkcs7_print() - partially
+
+2015-06-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
+	lib/x509/Makefile.am, lib/x509/pkcs7.c, lib/x509/pkcs7_output.c: 
+	Added gnutls_pkcs7_print()
+
+2015-06-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, m4/hooks.m4: bumped version
+
+2015-06-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/x509sign-verify2.c: tests: added
+	signature/verification stress test
+
+2015-06-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testcompat-main-openssl,
+	tests/suite/testcompat-main-polarssl: tests: check also individual
+	ciphers for interoperability
+
+2015-06-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c: fips140: better debug messages when verifying MAC
+
+2015-06-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/tpmtool.c: tpmtool: added newline in error messages
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/drbg-aes-self-test.c: fips140: added check for
+	reseed detection
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/rng-fork.c: tests: check random generator for long outputs
+	as well
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c: fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is
+	setup do not perform integrity tests
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/drbg-aes.c: fips140: reset the reseed counter only
+	on reseed
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/rnd-fips.c: fips140: when reseeding only reseed the
+	required context not all
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/drbg-aes-self-test.c: fips140: added more checks on
+	the reseed and generate function
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/drbg-aes.c, lib/nettle/int/drbg-aes.h: fips140:
+	enforce the max_number_of_bits_per_request
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/full.p7b.out, tests/cert-tests/pkcs7,
+	tests/cert-tests/single-ca.p7b.out: tests: do not include times in
+	the PKCS #7 checks as they depend on local timezone
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs7.c: pkcs7: addressed memory leaks
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs7-attrs.c: doc update
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/pkcs7-gen.c: tests: Added PKCS #7
+	attribute generation check
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/full.p7b.out, tests/cert-tests/single-ca.p7b.out: 
+	tests: updated for new certtool output
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: print signed and unsigned PKCS #7
+	attributes
+
+2015-06-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/pkix.asn,
+	lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/pkcs7-attrs.c,
+	lib/x509/pkcs7.c, lib/x509/x509_int.h: Added code to parse and set
+	PKCS #7 attributes
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/pkcs7: tests: added PKCS #7 verification check
+	with MD5
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_errors.c, lib/gnutls_pubkey.c,
+	lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
+	lib/includes/gnutls/x509.h, lib/x509/pkcs7.c, lib/x509/x509.c: use
+	the same flags in all verification functions
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/pkcs7.c: _decode_pkcs7_signed_data: fixed mem leaks
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.h, lib/x509/x509.c, lib/x509/x509_int.h: 
+	Initialization of gnutls_x509_dn_t was modified to allow
+	deinitialization after failure Part2: made gnutls_x509_crt_get_subject() and
+	gnutls_x509_crt_get_issuer() return a constant value and avoid
+	leaks.
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/cha-functions.texi, doc/doc.mk: doc:
+	Separated the PKCS #7 in manual
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/pkcs7: tests: check PKCS #7 structure signature
+	generation
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/p7-combined.out,
+	tests/cert-tests/pkcs7: tests: check PKCS #7 bundle generation
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def, src/certtool-common.c,
+	src/certtool-common.h, src/certtool.c: certtool: added
+	--p7-generate, --p7-sign and --p7-detached-sign
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map,
+	lib/x509/common.c, lib/x509/pkcs7.c: Added gnutls_pkcs7_sign()
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: 
+	Added gnutls_pkcs7_get_crl_raw2
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: print the signing time when available
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs7.h, lib/x509/common.c, lib/x509/pkcs7.c: 
+	pkcs7 verification: parse the signing time
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/pkcs7.c: on PKCS #7 verification check the the content
+	type matches the signed data
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: print more info about the PKCS #7 struct
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def, src/certtool-common.c, src/certtool.c: 
+	certtool: allow verification against a direct PKCS #7 signer
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
+	tests/cert-tests/pkcs7-detached.txt: tests: added checks with PKCS
+	#7 detached data
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/pkcs7.c: pkcs7 verification: return
+	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when no encapsulated data
+	exist
+
+2015-06-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def, src/certtool-common.h, src/certtool.c: 
+	certtool: allow verifying PKCS #7 with detached data
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def, src/certtool.c: certtool: improved PKCS #7
+	verification output
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/pkcs7: tests: check the key purpose in PKCS #7
+	verification
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/full.p7b.out,
+	tests/cert-tests/pkcs7: tests: added PKCS #7 test with more than 1
+	certs
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool-common.h, src/certtool.c: 
+	certtool: allow verification of PKCS #7 structures
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/x509.h, lib/x509/common.h, lib/x509/dn.c,
+	lib/x509/x509.c: Initialization of gnutls_x509_dn_t was modified to
+	allow deinitialization after failure
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/Makefile.am, lib/includes/gnutls/pkcs7.h,
+	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkix.asn,
+	lib/pkix_asn1_tab.c, lib/x509/dn.c, lib/x509/pkcs7.c: Added PKCS #7
+	signature(s) verification
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+	lib/x509/verify-high.c: Added
+	gnutls_pkcs11_get_raw_issuer_by_subject_key_id and
+	gnutls_x509_trust_list_get_issuer_by_subject_key_id
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/dn.c: tests: added check for gnutls_x509_dn_get_str
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map, lib/x509/x509.c: added gnutls_x509_dn_get_str
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_privkey.c: doc update
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/compat.h, lib/includes/gnutls/x509.h,
+	lib/x509/privkey.c, lib/x509/x509.c: Added
+	gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data()
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs7.c: verify PKCS
+	#7 signed data
+
+2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs7.c, lib/x509/x509_int.h: updated PKCS #7 code to
+	cache signed_data
+
+2015-06-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: When manual PKCS #11 configuration is requested
+	don't initialize other providers
+
+2015-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: deinitialize PKCS #7 resources
+
+2015-05-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/pkcs7,
+	tests/cert-tests/single-ca.p7b.out: tests: Added tests for PKCS7
+	cert extraction
+
+2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
+	gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
+	gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
+	gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
+	gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
+	gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
+	src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
+	src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: Revert
+	"updated gnulib" This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c.
+
+2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac: silence format-signness warnings in gcc5
+
+2015-05-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* gl/m4/codeset.m4, gl/m4/extern-inline.m4, gl/m4/gettext.m4,
+	gl/m4/iconv.m4, gl/m4/intl.m4, gl/m4/intldir.m4,
+	gl/m4/intlmacosx.m4, gl/m4/lcmessage.m4, gl/m4/manywarnings.m4,
+	gl/m4/nls.m4, gl/m4/po.m4, gl/m4/stdio_h.m4, gl/stddef.in.h,
+	gl/string.in.h, gl/tests/inttypes.in.h, gl/tests/test-read-file.c,
+	gl/tests/test-stddef.c, src/gl/error.h, src/gl/fseeko.c,
+	src/gl/m4/extern-inline.m4, src/gl/m4/stdio_h.m4,
+	src/gl/stddef.in.h, src/gl/string.in.h, src/gl/xalloc.h: updated
+	gnulib
+
+2015-05-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/ocsp_output.c: Check the OID size for match when
+	comparing for the OCSP nonce extension Reported by Hanno Böck.
+
+2015-05-23  Armin Burgmeier <armin@arbur.net>
+
+	* lib/gnutls_ui.c: gnutls_dh_get_prime_bits: return 0 if DH is not
+	used Before, the number of bits of a zero-length number was attempted to
+	be extracted, resulting in an error. The changed behaviour is
+	consistent with the documentation which explicitly states that 0
+	should be returned if no DH key exchange was performed.
+
+2015-05-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_ui.c: gnutls_dh_get_group: mention that the values may
+	include a leading zero
+
+2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_ui.c: gnutls_dh_set_prime_bits: warn when overriding
+	the DH max prime size with 1007 bits or less
+
+2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/verify-tofu.c: cleanup unused variable
+
+2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/verify-tofu.c: corrected allocation check
+
+2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: removed useless check
+
+2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c: document intentional fallthrough in switch
+
+2015-05-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/ecc.c: ecc ext: check return code of
+	_gnutls_buffer_append_data
+
+2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/no-signal.c: tests: enhance the no-signal check to include
+	proper data sending
+
+2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/no-signal.c: tests: check the operation
+	of GNUTLS_NO_SIGNAL
+
+2015-05-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+	lib/system.c, lib/system.h: Allow the usage of MSG_NOSIGNAL in send
+	functions That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(), which
+	is available in systems that support the MSG_NOSIGNAL flag to
+	send(). That eases the usage of the library within other libraries.
+	Resolves #11
+
+2015-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/aes-gcm-x86-pclmul.c,
+	lib/accelerated/x86/hmac-padlock.c: include nettle/memxor when
+	needed
+
+2015-05-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/serv.c: gnutls-serv: send alert when wrong data have been
+	received from client
+
+2015-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-05-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/cipher.c: camellia256-gcm: corrected regression Reported by Manuel Pegourie-Gonnard.
+
+2015-05-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_x509.c: doc update
+
+2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-bib.texi, doc/cha-cert-auth.texi, doc/latex/gnutls.bib: 
+	doc: added section about subject alternative names
+
+2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
+	lib/gnutls_int.h: handshake_start_time was moved out of the
+	DTLS-specific variables
+
+2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c: apply default timeout for DTLS in
+	gnutls_handshake_set_timeout
+
+2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/hostname-check.c: tests: do not perform internationalized
+	name checks without libidn
+
+2015-05-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/sign-md5-rep.c: tests: updated sign-md5-rep to reduce false
+	failures
+
+2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-loss-time.c: tests: eliminate mem leaks in
+	mini-loss-time
+
+2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testdane: tests: testdane: remove dane.nox.su from the
+	list of known to be good hosts
+
+2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-loss-time.c: tests: mini-loss-time enhanced to check
+	proper timeouts in both client and server
+
+2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_int.h,
+	lib/gnutls_state.c: dtls: combined the total timeouts of DTLS and
+	TLS handshake That also makes the waits for packets more robust against blocking.
+
+2015-05-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/compat.h: define
+	GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA
+
+2015-05-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-tokens.texi: doc: updated text to account for pkcs11-url
+	standardization
+
+2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-dtls-mtu.c: tests: mini-dtls-mtu: compile in windows
+
+2015-05-04  Jaak Ristioja <jaak.ristioja@cyber.ee>
+
+	* doc/cha-intro-tls.texi: doc: Fixed typo in heartbeat
+	documentation.
+
+2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cross.mk: cross.mk: updated for 3.4.1
+
+2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* devel/abi3.4.xml: updated abi base for 3.4
+
+2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: NEWS: updated
+
+2015-05-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, configure.ac, m4/hooks.m4: released 3.4.1
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_dtls.c: doc: updated gnutls_dtls_set_timeouts
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/examples/ex-client-dtls.c: doc: fixed example with DTLS
+	timeouts
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: use
+	macro for DTLS default timeout
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c: gnutls_handshake_set_timeout will properly
+	work with DTLS
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c, lib/gnutls_record.c: document the need for
+	gnutls_transport_set_pull_timeout_function
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: doc: updated async operation text
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c, lib/gnutls_state.c: disable default
+	handshake timeout It caused issues with non-blocking TLS clients and servers which may
+	not want to block while the pull timeout function waits.
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-tls-nonblock.c: tests: added check
+	to verify that pull timeout is not called on non-blocking sessions
+
+2015-04-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_dtls.c, lib/gnutls_dtls.h, lib/gnutls_handshake.c,
+	lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
+	lib/includes/gnutls/gnutls.h.in, lib/system_override.c: 
+	GNUTLS_NONBLOCK can be used for non-DTLS sessions as well
+
+2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/system_override.c: doc update
+
+2015-04-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c: doc update
+
+2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/keygen.c, tests/slow/Makefile.am,
+	tests/slow/keygen.c: tests: key generation test was moved to main
+	checks This will allow to catch memory leaks with valgrind.
+
+2015-04-28  Jan Vcelak <jan.vcelak@nic.cz>
+
+	* lib/nettle/pk.c: fix memory leak in ECDSA key parameters
+	verification Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>
+
+2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
+	minitasn1
+
+2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c, tests/name-constraints.c: Handle DNS
+	name constraints with leading dot Patch by Fotis Loukos.  Resolves 3 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+2015-04-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-upgrade.texi: doc update
+
+2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: updated text for gnutls_pkcs11_init
+
+2015-04-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-tokens.texi: updated pkcs11 loading documentation
+
+2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-etm.c: tests: mini-etm: use TLS as the transport layer
+
+2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/sign-md5-rep.c: tests: added comment for sign-md5-rep
+
+2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitignore: more files to ignore
+
+2015-04-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* po/fr.po.in: Sync with TP.
+
+2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/sign-md5-rep.c: tests: added reproducer
+	for the MD5 acceptance issue Reported by Karthikeyan Bhargavan.
+
+	http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html
+
+2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/signature.c: before falling back to SHA1 as signature
+	algorithm in TLS 1.2 check if it is enabled
+
+2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/signature.c: _gnutls_session_sign_algo_enabled: do not
+	consider any values from the extension data to decide acceptable
+	algorithms
+
+2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-x509-cert-callback.c: tests: added unit tests for
+	gnutls_certificate_client_get_request_status
+
+2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/auth/cert.c: set the value used by
+	gnutls_certificate_client_get_request_status prior to selecting
+	certificate That allows gnutls_certificate_client_get_request_status() to be
+	properly operating from the callback. Reported by Anton Lavrentiev.
+
+2015-04-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_cert.c: updated doc for retrieve function
+
+2015-04-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-bib.texi, doc/latex/gnutls.bib: updated PKCS #11 URL
+	references to rfc7512
+
+2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cert.c: doc update
+
+2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/x509self.c: tests: added check for gnutls_credentials_get
+
+2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_auth.c, lib/gnutls_cert.c: doc update
+
+2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cert.c: fixed doc: reported by Anton Lavrentiev
+
+2015-04-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-upgrade.texi: doc: corrected typo
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/resume-dtls.c: tests: resume-dtls: remove global variables
+
+2015-04-21  Andreas Metzler <ametzler@bebt.de>
+
+	* doc/cha-gtls-app.texi: List all certificate type priority strings.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/auth/rsa.c: tls-rsa: keep a common code path when doing RSA
+	decryption Suggested by Nimrod Aviram.
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-dtls-rehandshake.c, tests/mini-handshake-timeout.c,
+	tests/mini-key-material.c, tests/mini-loss-time.c,
+	tests/mini-record-retvals.c, tests/mini-rehandshake-2.c: tests:
+	initialize status where needed
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/openpgp-auth2.c: tests: cleanup openpgp-auth2
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-dtls-rehandshake.c: tests: cleanup
+	mini-dtls-rehandshake
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/resume-dtls.c, tests/resume.c: tests: resume: check for
+	signals
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/certificate_set_x509_crl.c, tests/mini-record-range.c,
+	tests/mini-x509-callbacks.c, tests/openpgp-auth2.c,
+	tests/record-sizes-range.c, tests/resume.c: tests: reduced compiler
+	warnings
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-x509.c: tests: verify the return value of
+	gnutls_certificate_get_ours when no cert is sent
+
+2015-04-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/resume-dtls.c, tests/resume.c: tests: close unused file
+	descriptors in resume checks
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, src/Makefile.am: libopts: fixed the reading of the
+	--enable-local-libopts flag
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli.c, src/common.c, src/common.h: gnutls-cli: when no
+	certificate is sent, notify the user
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-x509-cert-callback.c: tests: added
+	check with X.509 certificates and callbacks That corresponds to functionality checked in openpgp-callback.c
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/openpgp-callback.c: tests: added check for
+	gnutls_certificate_get_ours() when used in combination with
+	callbacks
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/x509dn.c: tests: improved x509dn check
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_ui.c: gnutls_certificate_get_ours: will return the
+	certificate even if a callback was used This corrects a bug where this function would not work, when
+	gnutls_certificate_set_retrieve_function2() was used.
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-args.def: gnutls-cli: when a certificate is specified
+	require the corresponding private key
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509.c: ensure that the X.509 version number is one byte
+	only
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509.c: Check for invalid length in the X.509 version
+	field If such an invalid length is detected, reject the certificate.
+	Reported by Hanno Böck.
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/ocsp.c: ocsp: initialize certs to NULL
+
+2015-04-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/serv.c: gnutls-serv: print when the peer's certificate is not
+	verified
+
+2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* po/fr.po.in: Sync with TP.
+
+2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>
+
+	* lib/system-keys-win.c: ncrypt.h lacks some defines with some
+	versions of MinGW.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2015-04-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
+	auto-generated files
+
+2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>
+
+	* lib/system-keys-win.c: Fix a preprocessor warning about mismatched
+	quotes.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>
+
+	* lib/system-keys-win.c: Set _WIN32_WINNT to 0x600, at least with
+	some MinGW versions ncrypt.h checks this define to be at least
+	0x600.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2015-04-18  Tim Kosse <tim.kosse@filezilla-project.org>
+
+	* lib/gnutls_supplemental.c: Fix include order, include gnutls_int.h
+	before gnutls.h, otherwise undefined external references to
+	gnutls_free and gnutls_strdup are the result when statically linking
+	against GnuTLS built by MinGW.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/benchmark-cipher.c: gnutls-cli: removed CCM from the ciphers
+	tested with the old API That prevents a crash of the benchmark. Reported by James Cloos.
+
+2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_cipher_int.c: refuse to use the old cipher API with
+	AEAD-only ciphers
+
+2015-04-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-termination.c, tests/resume-dtls.c, tests/resume.c: 
+	tests: ignore sigpipe in resume and termination tests
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-internals.texi: doc: added error check in example
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-internals.texi: doc update
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-internals.texi: doc: removed stray @end
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_pubkey.c: doc update
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, lib/x509/x509.c: doc update
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/output.c: x509: when printing the keyid of a certificate
+	use the curve name for randomart
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/x509.c: gnutls_x509_crt_get_pk_* are based on
+	gnutls_pubkey_export_*
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_pubkey.c: gnutls_pubkey_export_* are tolerable in null
+	input
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
+	lib/libgnutls.map, lib/x509/x509.c: Added
+	gnutls_x509_crt_get_pk_ecc_raw()
+
+2015-04-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/extras/randomart.c: randomart: corrected usage of snprintf
+
+2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: when generating an ECDSA key use the
+	curve name in random art
+
+2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/extras/randomart.c: randomart: only print key size if it is
+	non-zero
+
+2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cross.mk: cross.mk: updated for 3.4.0
+
+2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/utils.c: Remove SOCK_CLOEXEC from socket() call.  That allows compilation in systems where this flag doesn't exist.
+	Resolves #7
+
+2015-04-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi: document the recommended re-handshake
+	process
+
+2015-04-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/manpages/Makefile.am: remove duplicate entries from manpages
+	Makefile
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/certtool: tests: enhanced cert tests with SHA256
+	key IDs
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: modified to allow different key ID
+	algorithms
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c, lib/includes/gnutls/x509.h,
+	lib/x509/common.h, lib/x509/crq.c, lib/x509/privkey.c,
+	lib/x509/x509.c: Added flags which modify the algorithm used for key
+	ID calculation
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def: doc update
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_record.c: doc update
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_record.c: gnutls_record_discard_queued() is both for
+	TLS and DTLS
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-internals.texi: document the new crypto register functions
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-args.def: doc update
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-tokens.texi: doc: avoid spaces in showfunc
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/slow/Makefile.am: tests: added files into dist
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* m4/hooks.m4: configure: ask for nettle 3.1
+
+2015-04-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: released 3.4.0
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-args.def: gnutls-cli: document the method to override the
+	detected ciphers
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/aes-ccm-x86-aesni.c: fixed AESNI CCM
+	encryption
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/aes-ccm-x86-aesni.c: cleanups in CCM-aesni
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testcompat-main-polarssl: tests: test CCM-8 against
+	polarssl
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: test
+	for AES-CCM
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* README.md: doc: added 'git submodule update' to clone steps
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, doc/announce.txt: doc update
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/announce.txt: doc update
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/crypto-backend.c: removed unused functions
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-backend.c, lib/gnutls_cipher_int.c: extend the fallback
+	to setkey in addition to init
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-backend.c: doc update
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/slow/Makefile.am, tests/slow/cipher-override2.c,
+	tests/slow/override-ciphers: tests: verify the behavior of
+	GNUTLS_E_NEED_FALLBACK
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-backend.c, lib/gnutls_cipher_int.c,
+	lib/includes/gnutls/gnutls.h.in: introduced GNUTLS_E_NEED_FALLBACK
+	to allow falling back from registered ciphers That allows a registered cipher to indicate that it cannot operate (e.g., due to memory constraints, or internal limits), and gnutls
+	should proceed with the default algorithms.
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c: ciphersuites: moved CCM
+	ciphersuites in the appropriate ifdefs
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/ciphersuite/test-ciphers.js: tests: ciphersuite test
+	will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8 That is because the names in rfc6655 are for some reason different
+	than the expected.
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-intro-tls.texi: document CCM and CCM-8
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-record-2.c, tests/mini-record-failure.c,
+	tests/mini-record.c: tests: added CCM and CCM_8 into ciphersuite
+	tests
+
+2015-04-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/aes-ccm-x86-aesni.c,
+	lib/accelerated/x86/x86-common.c, lib/algorithms/ciphers.c,
+	lib/algorithms/ciphersuites.c, lib/includes/gnutls/gnutls.h.in,
+	lib/nettle/cipher.c: Added CCM-8 ciphersuites
+
+2015-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/announce.txt: updated announce text
+
+2015-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* symbols.last: symbols: added the new supplemental functions
+
+2015-04-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-upgrade.texi: doc update
+
+2015-04-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/template-test: tests: delay tests that depend on
+	timing when they fail That often prevents failures on busy systems.
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/cipher.c: don't enforce iv_size > block_size; it is no
+	longer true for all ciphers
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_cipher.c: simplified calc_enc_length_stream
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-supplementaldata.c: tests: updated supplemental API
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_extensions.c: gnutls_ext_register will fail on double
+	registration
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: 
+	gnutls_supplemental_register will fail on double registration
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, symbols.last: symbols: added new exported functions
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am,
+	doc/scripts/getfuncs-map.pl: doc: updated makefiles to include new
+	functions
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/libgnutls.map: libgnutls.map: remove
+	gnutls_record_set_max_empty_records
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/libgnutls.map: account for the renamed
+	gnutls_supplemental_recv/send
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-internals.texi: document the export supplemental data API
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: 
+	gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send Also added the gnutls_ prefix to new types.
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: Added
+	documentation for gnutls_do_send/recv_supplemental
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/crypto-api.c, lib/gnutls_mem.c, lib/gnutls_privkey.c,
+	lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+	lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
+	lib/pkcs11_write.c, lib/safe-memfuncs.c, lib/tpm.c: doc updates
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-shared-key.texi, lib/auth/srp_sb64.c,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
+	lib/tpm.c, lib/x509_b64.c: the base64 xxx_alloc functions were
+	renamed to xxx2 That brings them in par with the rest of the allocation functions.
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
+	src/pkcs11.c: p11tool: use the key usage flags to set PKCS #11
+	properties
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_int.h,
+	lib/pkcs11_privkey.c, lib/pkcs11_write.c: pkcs11: use key_usage to
+	set the appropriate flags
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in: 
+	cleanups in supplemental data support
+
+2015-04-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/auth/dh_common.c: DH: do not warn on zero q_bits
+
+2015-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: NEWS: rearrange entries
+
+2015-04-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-common.c: certtool: certtool --generate-dh-params
+	will account for --outder Resolves #5
+
+2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c: chacha20-poly1305: ciphersuite
+	numbers correspond to the latest draft
+
+2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: improved output message
+
+2015-04-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: removed unecessary warning
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-tokens.texi, lib/includes/gnutls/abstract.h,
+	lib/includes/gnutls/compat.h: doc update: account for new functions
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: better output text
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: added
+	GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY Also enforce the expected flags despite any given flags in the URL.
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
+	p11tool: added the --test-sign parameter That allows to check an existing key for signing/verification.
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_privkey.c, lib/gnutls_pubkey.c,
+	lib/includes/gnutls/abstract.h, lib/libgnutls.map: 
+	gnutls_priv/pubkey_import_url replace:
+	gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: corrected import of pubkey in DER format
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-etm.c: tests: added check for EtM
+	negotiation
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/ext/etm.c,
+	lib/gnutls_int.h, lib/gnutls_priority.c: only send EtM extension if
+	we have CBC ciphersuites
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-upgrade.texi: mention gnutls_privkey_sign_raw_data in
+	upgrade section
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_privkey.c, lib/includes/gnutls/compat.h,
+	lib/libgnutls.map: gnutls_privkey_sign_raw_data: converted to macro
+	over gnutls_privkey_sign_hash
+
+2015-04-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/x509sign-verify.c: tests: added check for the legacy
+	gnutls_privkey_sign_raw_data
+
+2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests.c: avoid compilation warnings in self checks
+	(take 2)
+
+2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests.c: Revert "selftests: avoid compilatio
+	warnings" This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603.
+
+2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11: tests: check whether PKCS #11 ID set on
+	copy/generation is correct
+
+2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
+	p11tool: allow setting the CKA_ID on object
+	initialization/generation
+
+2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map: exported new functions
+
+2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
+	enhanced key generation functions to allow specifying a CKA_ID
+
+2015-03-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests.c: selftests: avoid compilatio warnings
+
+2015-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c: enhanced copy
+	functions to allow specifying a CKA_ID
+
+2015-03-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-server-name.c: tests: mini-server-name: ignore sigpipe
+
+2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suppressions.valgrind: tests: added more libidn-related
+	valgrind suppressions
+
+2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/texinfo.css: doc: increase border spacing in HTML tables
+
+2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-intro-tls.texi: doc: list chacha20-poly1305 to the list of
+	ciphers
+
+2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/manpages/Makefile.am: manpages: automatically adjust the
+	copyright year on generated pages
+
+2015-03-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/mini-server-name.c: tests: added check
+	for gnutls_server_name_get and gnutls_server_name_set
+
+2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/ciphersuite/test-ciphers.js: test-ciphers.js: improved
+	ciphersuite checks
+
+2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/ciphersuites.c: corrected
+	GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305
+
+2015-03-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/ciphersuite/scan-gnutls.sh: updated
+	test-ciphersuite.sh for new types
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/x509_ext.c: Better fix for the double free in dist point
+	parsing
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h: updated
+	minitasn1
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey: increase size
+	for attributes
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/ciphersuites.c: moved chacha20-poly1305
+	ciphersuites to the 0xCD space
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/crypto-api.c: doc update: replace cryptographic algorithm by
+	encryption algorithm
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_datum.c, lib/gnutls_datum.h, lib/x509/gnutls-idna.c,
+	lib/x509/x509_ext.c: gnutls_subject_alt_names_set and
+	gnutls_x509_aki_set_cert_issuer will set null-terminated strings
+
+2015-03-27  Jiří Klimeš <jklimes@redhat.com>
+
+	* lib/crypto-api.c: doc: be consistent in the function descriptions Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
+
+2015-03-27  Jiří Klimeš <jklimes@redhat.com>
+
+	* lib/crypto-api.c: doc: correct the description of crypto API
+	functions Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
+
+2015-03-27  Jiří Klimeš <jklimes@redhat.com>
+
+	* doc/examples/ex-client-x509.c, lib/ext/server_name.c,
+	lib/x509/output.c: Fix a few compiler warnings about unused
+	variables [-Wunused-variable] Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_cipher.c: fixed CHACHA20-POLY1305 in DTLS
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/benchmark-cipher.c, src/benchmark-tls.c: gnutls-cli: added
+	chacha-poly1305 into benchmarks
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_dtls.c: when calculating record overhead account for
+	chacha20 which doesn't send the nonce on the wire
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-record-2.c, tests/mini-record.c: tests: include
+	chacha20 into transfer tests
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
+	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_int.h: Added
+	the CHACHA20-POLY1305 ciphersuites (with random IDs)
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/ciphers.c, lib/crypto-selftests.c,
+	lib/includes/gnutls/gnutls.h.in, lib/nettle/cipher.c: added
+	chacha20-poly1305 as cipher
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-record-retvals.c: tests: check retvals in block ciphers
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_int.h: do not penalize CBC ciphers with the maximum
+	send data size That reduced the maximum send size for CBC ciphers from 16384 to
+	16384-(block size), which was unnecessary and was causing issues:
+	https://bugs.winehq.org/show_bug.cgi?id=37500
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-03-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_record.c,
+	lib/includes/gnutls/gnutls.h.in: 
+	gnutls_record_set_max_empty_records: removed
+
+2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/x509_ext.c: eliminated double-free in the parsing of dist
+	points Reported by Robert Święcki.
+
+2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_buffers.c: Added a tight loop around the legacy push
+	function That reduces the need for more expensive outer loops.  Originally
+	suggested by Anton Lavrentiev.
+
+2015-03-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/gl/Makefile.am, src/gl/fseeko.c, src/gl/m4/dup2.m4,
+	src/gl/m4/printf.m4, src/gl/m4/stdio_h.m4, src/gl/m4/time_h.m4,
+	src/gl/signal.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
+	src/gl/time.in.h, src/gl/vasnprintf.c, src/gl/xalloc.h: updated
+	gnulib
+
+2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def: p11tool: more precise documentation of
+	--set-id parameter
+
+2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* m4/hooks.m4: depend on nettle 3.1 or later
+
+2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/email: tests: updated email check for renamed
+	--verify-email option
+
+2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: increased
+	the size of ck_attributes
+
+2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: pkcs11: check gnutls_rnd() for error
+	condition
+
+2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_generate2: set a
+	CKA_ID on key generation
+
+2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool.c: p11tool: reduced debugging output
+
+2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-03-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool.c: certtool: --purpose,
+	--hostname were renamed to --verify-purpose, --verify-hostname
+
+2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def, src/p11tool.c: p11tool: added --mark-no-sign
+	and --mark-no-decrypt options
+
+2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c,
+	lib/pkcs11_write.c: pkcs11: added flags to mark keys as not-being
+	signable or decryptable That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN which can be set during
+	generation or write of keys.
+
+2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_write.c: pkcs11: set the CKA_SIGN and CKA_DECRYPT flags
+	when writing a private key
+
+2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/resume-dtls.c: tests: cleanups in resume-dtls
+
+2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/server_name.c: ext: server_name: move name length check
+	prior to IDN convertion
+
+2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/server_name.c: When an application calls
+	gnutls_server_name_set() with a name of zero size disable the
+	extension Resolves #2
+
+2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/hostname-verify.c: gnutls_x509_crt_check_hostname2: check
+	CN for match only if certificate would have been acceptable for
+	GNUTLS_KP_TLS_WWW_SERVER
+
+2015-03-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c: Apply DNS name constraints on CN
+	field only on certificates acceptable for TLS WWW SERVER purpose Suggested by Fotis Loukos.
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-loss-time.c: tests: mini-loss-time is less prone to
+	timeouts
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/suppressions.valgrind: tests: added valgrind
+	suppressions in cert-tests for libidn
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: eliminated memory leaks on verification
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/email,
+	tests/cert-tests/email-certs/chain.exclude.test.example.com,
+	tests/cert-tests/email-certs/chain.invalid.example.com,
+	tests/cert-tests/email-certs/chain.test.example.com,
+	tests/cert-tests/email-certs/chain.test.example.com-2: tests: Added
+	email verification tests with certtool
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool.c: certtool: added the --email
+	option, to use in verification
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
+	lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
+	lib/libgnutls.map, lib/openpgp/compat.c,
+	lib/openpgp/gnutls_openpgp.h, lib/openpgp/pgp.c,
+	lib/x509/Makefile.am, lib/x509/email-verify.c,
+	lib/x509/verify-high.c: Added gnutls_x509_crt_check_email(),
+	gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/test-chains.h: tests: verify that we accept a certificate
+	with no name even if its CA has nameconstraints
+
+2015-03-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c: name constraints: when no name of the
+	type is found, accept the certificate This follows RFC5280 advice closely. Reported by Fotis Loukos.
+
+2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/resume-dtls.c: tests: increase the timeout in resume-dtls
+
+2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: gnutls_pkcs11_obj_export3: allow operation when
+	raw.data is NULL and we have a public key
+
+2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: simplified export of objects That also allows to export public keys, even when a CKA_VALUE with
+	the public key is not present. For that we use the key parameters,
+	which we encode into a key. Issue reported by Frank Leavis.
+
+2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* GNUmakefile, build-aux/config.rpath, build-aux/gendocs.sh,
+	build-aux/pmccabe2html, build-aux/snippet/arg-nonnull.h,
+	build-aux/snippet/c++defs.h, build-aux/snippet/warn-on-use.h,
+	build-aux/useless-if-before-free, build-aux/vc-list-files,
+	doc/gendocs_template, gl/Makefile.am, gl/m4/gnulib-cache.m4,
+	gl/m4/gnulib-comp.m4, gl/m4/ld-version-script.m4, gl/m4/printf.m4,
+	gl/m4/stdio_h.m4, gl/m4/time_h.m4, gl/m4/ungetc.m4,
+	gl/stdio-impl.h, gl/stdio.in.h, gl/tests/Makefile.am,
+	gl/tests/init.sh, gl/tests/test-u64.c, gl/time.in.h, gl/u64.c,
+	gl/u64.h, gl/vasnprintf.c, maint.mk: gnulib: removed u64 module
+
+2015-03-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/aes-gcm-x86-pclmul.c, lib/gnutls_int.h: drop
+	support for gnulib's u64
+
+2015-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testcompat-main-openssl: tests: check legacy RC4 in
+	testcompat That would prevent losing compatibility without detecting it.  That
+	is currently the case since it is no longer enabled by default.
+
+2015-03-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-record-retvals.c: tests: added check
+	to verify the correctness of the record function return values
+
+2015-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/common.c, src/crywrap/crywrap.c, src/tests.c: tools: enable
+	compilation with all options disabled
+
+2015-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_auth.c, lib/gnutls_ui.c: enable compilation with
+	several options disabled
+
+2015-03-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_auth.c, lib/gnutls_state.c, lib/pkcs11.c,
+	lib/pkcs11_privkey.c, lib/x509/crq.c, lib/x509/pkcs7.c: doc: avoid
+	mentioning pointers when not needed
+
+2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac: increase the maximum stack frame the compiler will
+	warn for
+
+2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c, lib/crypto-api.c, lib/ext/alpn.c,
+	lib/ext/etm.c, lib/ext/ext_master_secret.c, lib/ext/heartbeat.c,
+	lib/ext/max_record.c, lib/ext/safe_renegotiation.c,
+	lib/ext/server_name.c, lib/ext/session_ticket.c,
+	lib/ext/signature.c, lib/ext/srtp.c, lib/ext/status_request.c,
+	lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+	lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_db.c,
+	lib/gnutls_dh.c, lib/gnutls_dtls.c, lib/gnutls_handshake.c,
+	lib/gnutls_pcert.c, lib/gnutls_priority.c, lib/gnutls_privkey.c,
+	lib/gnutls_privkey_raw.c, lib/gnutls_psk.c, lib/gnutls_pubkey.c,
+	lib/gnutls_range.c, lib/gnutls_record.c, lib/gnutls_session.c,
+	lib/gnutls_session_pack.c, lib/gnutls_srp.c, lib/gnutls_state.c,
+	lib/gnutls_ui.c, lib/gnutls_x509.c, lib/openpgp/extras.c,
+	lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
+	lib/openpgp/privkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
+	lib/pkcs11x.c, lib/system-keys-win.c, lib/system_override.c,
+	lib/tpm.c, lib/verify-tofu.c, lib/x509/crl.c, lib/x509/crl_write.c,
+	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
+	lib/x509/hostname-verify.c, lib/x509/name_constraints.c,
+	lib/x509/ocsp.c, lib/x509/ocsp_output.c, lib/x509/output.c,
+	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
+	lib/x509/privkey.c, lib/x509/privkey_openssl.c,
+	lib/x509/privkey_pkcs8.c, lib/x509/verify-high.c,
+	lib/x509/verify-high2.c, lib/x509/x509.c, lib/x509/x509_ext.c,
+	lib/x509/x509_write.c: doc: avoid using structure for opaque types
+
+2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-extension.c: tests: include gnutls_ext_s/get_data into
+	tests of mini-extension
+
+2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_extensions.c: updated documentation on non-return value
+	of gnutls_ext_set_data
+
+2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-dtls0-9.c: tests: fixed buffers in mini-dtls0-9
+
+2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c: avoid overflow when receiving DTLS 0.9 CCS
+
+2015-03-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/auth/srp.c, lib/ext/alpn.c, lib/ext/etm.c,
+	lib/ext/heartbeat.c, lib/ext/max_record.c,
+	lib/ext/safe_renegotiation.c, lib/ext/server_name.c,
+	lib/ext/session_ticket.c, lib/ext/signature.c, lib/ext/srp.c,
+	lib/ext/srtp.c, lib/ext/status_request.c, lib/gnutls_extensions.c,
+	lib/gnutls_extensions.h, lib/gnutls_int.h, lib/gnutls_str.h,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: added
+	gnutls_ext_set_data() and gnutls_ext_get_data() As a side effect the type which holds private data was reduced from
+	union to void * pointer. That simplifies the exported API without
+	reducing the options in the internal API.
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitignore: more files to ignore
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/gnutls.h.in: set GNUTLS_DTLS_VERSION_MIN to be
+	DTLS0.9 That allows standard DTLS ciphersuites to be used with DTLS0.9
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/mini-dtls0-9.c: tests: added test for
+	DTLS 0.9
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-extension.c: tests: updated mini-extension
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-internals.texi: mention the new functionality briefly in
+	documentation
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_extensions.c, lib/gnutls_supplemental.c: mention that
+	the registration functions are not thread safe
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_extensions.c, lib/gnutls_extensions.h: store a copy of
+	the extensions name
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_global.c: deinitialize supplemental data on deinit
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+	lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: removed
+	unused epoch change callback
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_global.c, lib/gnutls_supplemental.c,
+	lib/gnutls_supplemental.h: deinitialize supplemental data on deinit
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_hash_int.h, lib/gnutls_supplemental.c: reduce warnings
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_extensions.c, lib/gnutls_str.c, lib/gnutls_str.h,
+	lib/gnutls_supplemental.c: added documentation for the new functions
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-supplementaldata.c: tests: remove warnings in
+	mini-supplementaldata.c
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/gnutls.h.in, tests/mini-supplementaldata.c: 
+	updated types
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitignore: more files to ignore
+
+2015-03-19  Thierry Quemerais <tquemerais@awox.com>
+
+	* lib/gnutls_supplemental.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map, tests/Makefile.am, tests/mini-supplementaldata.c: 
+	Added a way to add custom supplemental data from public API.  Signed-off-by: Thierry Quemerais <tquemerais@awox.com>
+
+2015-03-19  Thierry Quemerais <tquemerais@awox.com>
+
+	* tests/mini-extension.c: Fixed extension test.  Signed-off-by: Thierry Quemerais <tquemerais@awox.com>
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_str.h, lib/includes/gnutls/gnutls.h.in,
+	tests/Makefile.am, tests/mini-extension.c: renamed gnutls_buffer_st
+	-> gnutls_buffer_t
+
+2015-03-19  Thierry Quemerais <tquemerais@awox.com>
+
+	* lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+	lib/gnutls_int.h, lib/gnutls_str.c, lib/gnutls_str.h,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+	tests/mini-extension.c: Added a way to add custom extensions from
+	public API.  Signed-off-by: Thierry Quemerais <tquemerais@awox.com>
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitignore: more files to ignore
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h: 
+	gnutls_x509_crt_import_pkcs11_url moved to pkcs11.h as it was always
+	defined there
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/inet_ntop.c: inet_ntop replacement: include sys/socket.h
+
+2015-03-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/inet_ntop.c, lib/system.h: inet_ntop replacement: do not
+	depend on socklen_t
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/slow/Makefile.am: tests: link cipher tests directly with
+	nettle when needed
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-dtls-record.c: tests: mini-dtls-record: increase
+	timeouts to avoid failure of test due to slow system
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-dtls-record.c: tests: mini-dtls-record: removed the
+	need for 64-bit number
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-dtls-record.c: tests: increase verbosity of
+	mini-dtls-record
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-crypto.texi: document the cipher override API
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/slow/Makefile.am, tests/slow/mac-override.c,
+	tests/slow/override-ciphers: added test suite for overriden digests
+	and MACs
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/cryptodev.c, lib/accelerated/x86/x86-common.c,
+	lib/crypto-backend.c, lib/crypto-backend.h,
+	lib/includes/gnutls/crypto.h, lib/libgnutls.map: Added API to
+	register MAC and digest algorithms.
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/slow/Makefile.am, tests/slow/cipher-override.c,
+	tests/slow/override-ciphers: added test suite for overriden ciphers
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/cryptodev-gcm.c, lib/accelerated/cryptodev.c,
+	lib/accelerated/x86/x86-common.c, lib/crypto-backend.c,
+	lib/crypto-backend.h, lib/includes/gnutls/crypto.h,
+	lib/libgnutls.map: Added API to register AEAD and legacy ciphers.
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/cryptodev-gcm.c: cryptodev: provide the new AEAD
+	API
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_global.c: Added environment variable which can override
+	automatic global initialization
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-backend.c, lib/crypto-backend.h: removed unused
+	functions
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* m4/hooks.m4: configure: fail compilation if the minimum required
+	libtasn1 is not present
+
+2015-03-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/long-session-id.c: tests: long-session-id uses the test
+	framework
+
+2015-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-03-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, lib/pkcs11.c: depend on p11-kit 0.23.1 to conform to
+	draft-pechanec-pkcs11uri-21
+
+2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-dtls-record.c: tests: fixed shadowed variable in
+	mini-dtls-record
+
+2015-03-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/long-session-id.c, tests/mini-dtls-fork.c,
+	tests/mini-dtls-pthread.c, tests/mini-dtls-rehandshake.c,
+	tests/mini-handshake-timeout.c, tests/utils.c, tests/utils.h: tests:
+	use nanosleep for sleeping
+
+2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* README.md: README-alpha: move valgrind to testing tools
+
+2015-03-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* README.md: updated README-alpha
+
+2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_supplemental.c: Fixed handling of supplemental data
+	with types > 255.  Patch by Thierry Quemerais.
+
+2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: doc update
+
+2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: gnutls_priority_init: document that
+	priorities can be NULL
+
+2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11.softhsm: testpkcs11: disallow softhsm
+	2.0.0b1 from being used to test PKCS #11
+
+2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/mini-eagain2.c: tests: mini-eagain2: call
+	gnutls_handshake_set_timeout() at the proper time
+
+2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* README.md: added libasan as dependency
+
+2015-03-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests.c: corrected self test for 3DES
+
+2015-03-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: pkcs11: correctly set the size of type
+
+2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: pkcs11: combined the fill for object attributes set
+
+2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: pkcs11: only set ID and label when both size and
+	data are set
+
+2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: exit with non-zero reason if no objects are
+	found
+
+2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11: tests: added checks for p11tool --set-id
+	and --set-label
+
+2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
+	p11tool: added --set-id and --set-label options
+
+2015-03-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+	lib/pkcs11_int.c, lib/pkcs11_int.h: added
+	gnutls_pkcs11_obj_set_info() This function allows setting information such as the CKA_ID and the
+	CKA_LABEL of an object.  Resolves #1
+
+2015-03-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
+	tests/cert-tests/invalid-sig.pem: Added check for GNUTLS-SA-2015-1
+
+2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/test-chains.h: tests: removed test with invalid DER encoding
+	in chainverify These certificates are now rejected earlier.
+
+2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/strict-der.c: tests: added a check for
+	certificates with invalid DER encodings
+
+2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+	lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
+	lib/x509/mpi.c, lib/x509/ocsp.c, lib/x509/privkey.c,
+	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_ext.c: 
+	x509: use libtasn1's strict DER decoding rules in network obtained
+	structures
+
+2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.c, m4/hooks.m4: depend on libtasn1 4.3
+
+2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h,
+	lib/minitasn1/parser_aux.c: minitasn1: updated to libtasn1 4.3
+
+2015-03-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-internals.texi: rearranged internal documentation
+
+2015-03-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-args.def, src/cli-debug-args.def, src/danetool-args.def,
+	src/socket.c: tools: added ftp as a starttls protocol
+
+2015-03-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-args.def: gnutls-cli: starttls and starttls-proto can't
+	mix
+
+2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi: expand on SECURE256 being an alias to
+	SECURE192
+
+2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testcompat-polarssl: tests: do not run polarssl
+	interop test on VIA
+
+2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testcompat-common: use common license in all
+	testcompat scripts
+
+2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/pk.c: removed unused function
+
+2015-03-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/TODO: doc update
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* Makefile.am, README-alpha, README.md: README-alpha is README.md on
+	repository It contains information for developers.
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* Makefile.am, README, README.md: Revert "auto-generate README from
+	README.md" This reverts commit aff4b2151b42c6a59e490c3714d3e1e64d2921dd.
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* README.md: cleaned up licensing
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* Makefile.am, README, README.md: auto-generate README from
+	README.md
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* README.md: Revert "added README.md as link to README" This reverts commit 041d4f947eb6937d4af62eb35055668825c36833.
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* README.md: added README.md as link to README
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* README, README-alpha, README-alpha.md, README.md: Revert "renamed
+	README files" This reverts commit 05b4fa46667d3f5972f6de6ac61ff959382c67a5.
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* README, README-alpha, README-alpha.md, README.md: renamed README
+	files
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* README, README-alpha: README: converted to mark-down
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/tests.c: gnutls-cli-debug: corrected check of certificate
+	chain order
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/x509cert.c: tests: added small test to verify that
+	GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/tests.c: gnutls-cli-debug: disable
+	unsupported TLS protocols as soon
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/socket.c: cli sockets: check for a digit prior using atoi
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/tests.c: gnutls-cli-debug: a cert list of size 1 is always
+	sorted
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/socket.c: gnutls-cli-debug: do not warn multiple times about
+	unknown protocols
+
+2015-03-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-support.texi: updated documentation on FIPS140-2
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testcompat-main-openssl,
+	tests/suite/testcompat-main-polarssl: tests: speed up testcompat
+	check by remove less important options
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/softhsm.h: tests: updated paths for softhsm detection
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* README-alpha: README: mention nodejs
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: configure: check for /usr/share/dns/root.key as well
+	for dns root key
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* README-alpha: README: mention dependency on dns-root-data
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/template-test: tests: don't perform the overflow
+	check in 32-bit systems
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/template-date.pem,
+	tests/cert-tests/template-date.tmpl: tests: date parsing test was
+	modified to work in 32-bit systems
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-cfg.c: certtool: in 32-bit systems use PRIu64 to
+	print 64-bit values
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-cfg.c: certtool: exit when there is an overflow in
+	parsing days
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* README-alpha: README: mention that openssl and polarssl will be
+	used for interop testing
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/template-test: Revert "tests: increased the
+	retries with datefudge cert generation" This reverts commit a381fd148d2e181e19aad9ab9a9c5993080ce869.
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am,
+	tests/cert-tests/template-basic.pem,
+	tests/cert-tests/template-basic.tmpl,
+	tests/cert-tests/template-test: Revert "tests: template-test: added
+	a baseline check to detect slow systems" This reverts commit b7ef1265810ec55d0912db2e3fa4204d8c412377.
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am,
+	tests/cert-tests/template-basic.pem,
+	tests/cert-tests/template-basic.tmpl,
+	tests/cert-tests/template-test: tests: template-test: added a
+	baseline check to detect slow systems
+
+2015-03-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/template-test: tests: increased the retries with
+	datefudge cert generation There are slow systems that are not always capable of generating the
+	certificate within a single second.
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* README-alpha: add bison as a dependency
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* Makefile.am: build documentation last That allows the examples to depend on libgnu_gpl.la
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* README-alpha: list unbound dependency for DANE
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testdane: tests: removed dane hosts which don't behave
+	well
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* README-alpha: updated instructions for installed packages
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/latex/cover.tex: latex doc: updated copyright dates
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/gnutls.texi: updated copyright date
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c, lib/tpm.c, lib/x509/common.c,
+	lib/x509/common.h, lib/x509/dn.c, lib/x509/ocsp.c,
+	lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_ext.c,
+	m4/hooks.m4: use asn1_decode_simple_ber if available
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-library.texi: corrected typo
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-library.texi: mention libidn
+
+2015-03-04  Ilya V. Matveychikov <i.matveychikov@securitycode.ru>
+
+	* tests/suite/asn1random.pl: asn1random.pl: generate simple tags
+	only Do not emit tags with numbers greater than or equal 31 as they must
+	be encoded an octet sequence (ref X.690-0207 # 8.1.2.4) Signed-off-by: Ilya V. Matveychikov <i.matveychikov@securitycode.ru>
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: doc update
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/invalid-sig,
+	tests/cert-tests/invalid-sig2.pem,
+	tests/cert-tests/invalid-sig3.pem: tests: added checks for invalid
+	X.509 certificate signatures
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-upgrade.texi: added the change of priority string NORMAL
+	in documentation
+
+2015-03-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-library.texi: document the usage of a PKCS #11 trust
+	module for verification
+
+2015-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testcompat-main-openssl: tests: updated the suite to
+	account for the removal of DSA by default
+
+2015-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/dsa/testdsa, tests/openpgp-callback.c, tests/openpgpself.c,
+	tests/priorities.c: tests: updated the suite to account for the
+	removal of DSA by default
+
+2015-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testcompat-main-openssl,
+	tests/suite/testcompat-main-polarssl,
+	tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl: 
+	cross-implementation test suite was relicensed to 3-clause BSD That way the suite can be used by projects with other licenses.
+
+2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-03-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: DSA signatures and DHE-DSS are disabled by
+	default DSA was an algorithm that was never deployed on the Internet and
+	had, until very recently, several limitations such as restriction of
+	its keys to 1024 bits, SHA1-only etc. Given that there are literally
+	0 internet (HTTPS) certificates using DSA, there is no point to
+	enable it by default and increase our attack surface.
+
+2015-03-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/benchmark-cipher.c: gnutls-cli: include AES_128_CCM in
+	benchmark-ciphers
+
+2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_session.c: doc update
+
+2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_privkey.c: doc update
+
+2015-02-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/Makefile.am, lib/inet_ntop.c, lib/system.c, lib/system.h,
+	lib/x509/output.c: bundle inet_ntop in systems that don't have it
+
+2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
+	auto-generated files
+
+2015-02-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/abstract.h: removed
+	gnutls_pubkey_get_verify_algorithm from abstract.h
+
+2015-02-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c: corrected typo in gnutls_handshake(),
+	spotted by Andris Mednis
+
+2015-02-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_session.c: doc update: document that session_get_data()
+	must be used in non-resumed sessions
+
+2015-02-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-tokens.texi: doc update
+
+2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/ciphersuites.c, lib/gnutls_handshake.c: added
+	comments
+
+2015-02-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, lib/pkcs11.c: Use p11_kit_uri_get_pin_value() if
+	available in p11-kit
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_buffers.c: fixed handling of GNUTLS_E_INT_CHECK_AGAIN
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/ciphersuites.c: removed unnecessary check and
+	optimized function
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/ciphersuites.c: corrected check which prevented
+	client to sent an unacceptable for the version ciphersuite
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-key-material.c: tests: mini-key-material: avoid memory
+	leak
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-dtls-lowmtu.c, tests/mini-overhead.c,
+	tests/mini-record.c: tests: require DTLS 1.2 when using GCM
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_buffers.c: handle GNUTLS_E_INT_CHECK_AGAIN
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms.h, lib/algorithms/ciphersuites.c,
+	lib/gnutls_handshake.c: check the negotiated TLS/DTLS version prior
+	to offering a ciphersuite a server
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_priority.c: remove unnecessary assert
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-upgrade.texi: doc update
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cve-2009-1415.c, tests/x509sign-verify.c: tests: modified
+	tests with obsolete APIs with their replacement API
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-upgrade.texi: doc: added deprecated functions into upgrade
+	plan
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/x509cert-tl.c: tests: added checks for
+	gnutls_x509_crt_get_signature_algorithm and
+	gnutls_x509_crt_get_preferred_hash_algorithm
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/crypto-backend.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
+	lib/gnutls_pubkey.c, lib/libgnutls.map, lib/nettle/pk.c,
+	lib/x509/verify.c, lib/x509/x509.c: removed
+	gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/compat.h, lib/libgnutls.map, lib/x509/x509.c: 
+	removed gnutls_x509_crt_get_verify_algorithm()
+
+2015-02-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+	lib/libgnutls.map: removed gnutls_pubkey_verify_hash() and
+	gnutls_pubkey_verify_data()
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-common.h: certtool: use unsigned for bits
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c, src/p11tool.c: certtool/p11tool: avoid cast to
+	function call
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def, src/certtool.c: certtool: allow specifying
+	a purpose and a hostname for chain verification
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/x509cert-invalid.c: tests: added check
+	for invalid X.509 certificate
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-key-material.c: tests: added check
+	for gnutls_record_get_state()
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_constate.c: removed unused constants
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: memcpy fix in gnutls_record_get_state
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* ltmain.sh: removed ltmain.sh from root
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: Added gnutls_record_get_state() and
+	gnutls_record_set_state() These functions allow to export the key material and sequence
+	numbers.  That allows offloading the sending and receiving of
+	individual records.
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_record.c: fixed sequence number copy
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-02-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in: 
+	gnutls_handshake_set_hook_function: will provide the raw handshake
+	data
+
+2015-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/gnutls.h.in: use explicit casts to unsigned
+	int in the CURVE_TO_BITS et al
+
+2015-02-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/pkcs12_encr.c: use cast in _gnutls_hash_fast
+
+2015-02-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509.c: when importing a certificate ensure that the
+	signature parameters match
+
+2015-02-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/x86-common.c: Allow AESNI GCM accelaration in
+	x86
+
+2015-02-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-args.def, src/cli.c: gnutls-cli: added --save-cert option
+
+2015-02-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/gnutls.h.in: added missing prototypes
+
+2015-02-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli.c: handle differently OCSP responses that are revoked and
+	of unknown status
+
+2015-02-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/common.c: compilation fix with return on void function;
+	reported by David Marx
+
+2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: doc update
+
+2015-01-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c: set the appropriate direction when
+	_gnutls_io_write_flush() is called
+
+2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-dtls-pthread.c: tests: added check
+	for operation under different threads and DTLS
+
+2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-dtls-fork.c: tests: added check for
+	operation under different processes and DTLS
+
+2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: Revert "doc update" This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7.
+
+2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: Revert "Added gnutls_record_is_async()" This reverts commit 2232822aabe473d124f924d64ff52981d685fd41.
+
+2015-01-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: documented using a session with fork or
+	multiple threads
+
+2015-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2015-01-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: Added gnutls_record_is_async() That function indicates whether gnutls_record_recv() and
+	gnutls_record_send() can be used independently and in parallel.
+
+2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_buffers.c: print errno in a more uniform way
+
+2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, lib/system.c: doc update
+
+2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/system.c,
+	lib/system.h, lib/system_override.c: exported
+	gnutls_system_recv_timeout()
+
+2015-01-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_buffers.c: simplified _gnutls_writev() by requiring the
+	total length
+
+2015-01-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/opencdk/kbnode.c, lib/opencdk/read-packet.c: opencdk: small
+	fixed to reduce warnings
+
+2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_ui.c: doc update
+
+2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli.c, src/ocsptool-common.c, src/ocsptool-common.h: don't be
+	so verbose about the OCSP nonce; it is universally unsupported
+
+2015-01-17  Tim Ruehsen <tim.ruehsen@gmx.de>
+
+	* src/cli.c, src/ocsptool-common.c: OCSP check the whole cert chain Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+2015-01-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509.c: on certificate import check whether the two
+	signature algorithms match
+
+2015-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cross.mk: cross.mk: use 3.3.12
+
+2015-01-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/key_decode.c: doc update
+
+2015-01-12  Luke Dashjr <luke-jr+git@utopios.org>
+
+	* Makefile.am, configure.ac, doc/manpages/Makefile.am: Added
+	configure option --disable-tools
+
+2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* libdane/errors.c: corrected typos Reported by Guido Kroon.
+
+2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/protocols.c, lib/gnutls_int.h: Added the notion of
+	obsolete versions That prevents using these versions as record version numbers, unless
+	they are the only protocol supported. This avoids the issues with
+	servers that have banned SSL 3.0 record versions.
+
+2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/ocsptool-common.c: ocsptool: follow the documented process for
+	gnutls_x509_crt_get_authority_info_access
+
+2015-01-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509.c: gnutls_x509_crt_get_authority_info_access: doc
+	update
+
+2015-01-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/ocsptool-common.c: ocsptool-common: iterate through all AIA
+	items prior to decidig the OCSP server
+
+2015-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c: use a FIPS key that agree's with fedora's fipshmac
+
+2015-01-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* devel/DCO/people-dco.txt: DCO: Added Luke Dashjr
+
+2015-01-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-args.def: simplified text for inline-commands-prefix
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-args.def, src/cli.c, src/socket.c: gnutls-cli: added
+	--starttls-proto option
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: cleanup the name of types
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/softhsm.h: tests: updates in softhsm detection
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: when importing a public key, import it's
+	data as well (version 2 fix)
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify.c: doc update
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11: testpkcs11: do not ignore the failure to
+	write a trusted CA
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map: removed gnutls_pubkey_get_pk_* from the
+	exported function list
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/key-import-export.c: tests: key-import-export: enhanced to
+	test gnutls_pubkey_*_ecc_x962
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c: gnutls_pubkey_t: allow the import of another
+	parameter set without a leak
+
+2015-01-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c: removed ABI-compatibility functions
+
+2015-01-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def: doc update
+
+2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testpkcs11.softhsm: testpkcs11: modified to support
+	both softhsmv1 and v2
+
+2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: pkcs11: when importing a public key, import it's
+	data as well
+
+2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/key-import-export.c: tests: enhanced key-import-export to
+	check output of pubkeys
+
+2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/openpgp-callback.c: tests: eliminated leaks
+
+2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_cert.c: doc update
+
+2015-01-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/key-import-export.c: tests: added checks
+	for private key import/export functions
+
+2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/TODO: doc update
+
+2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/openpgp-callback.c: tests: Added test
+	case for openpgp keys loaded by callback
+
+2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_state.c: When setting up TLS with cert-type OpenPGP
+	from a client, the server verifies if it supports the extension’s
+	contents in _gnutls_session_cert_type_supported().  This function
+	checks for cred->get_cert_callback but not cred->get_cert_callback2.
+	As a result, servers setup for OpenPGP certificate credential
+	callback with gnutls_certificate_set_retrieve_function2() are unable
+	to use the OpenPGP certificate type.  The solution is to consider cred->get_cert_callback2 alongside
+	cred->get_cert_callback in _gnutls_session_cert_type_supported().  Patch by Rick van Rein.
+
+2015-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_privkey.c: gnutls_privkey_import_openpgp_raw: do not
+	release the cached value
+
+2015-01-08  Ludovic Courtès <ludo@gnu.org>
+
+	* NEWS, guile/modules/gnutls.in: guile: Call 'load-extension' both
+	during expansion and at run time.  Fixes <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>.  * guile/modules/gnutls.in: Wrap '%libdir' definition and   'load-extension' call in 'eval-when'.
+
+2015-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c, lib/gnutls_errors.h: When receiving a TLS
+	record with multiple handshake packets, parse them in one go That resolves: https://savannah.gnu.org/support/?108712
+
+2015-01-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-dtls-record-asym.c: tests: updated
+	mini-dtls-record-asym
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-dtls-record-asym.c: tests: better documentation of
+	mini-dtls-record-asym purpose
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-dtls-mtu.c, tests/utils.c, tests/utils.h: tests: moved
+	udp_socketpair to utils
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-dtls-record-asym.c: tests: corrected asymmetric MTU
+	test for DTLS and added caching
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-dtls-record-asym.c: Added test case
+	for DTLS handshake packet reconstruction when it exceeds MTU https://savannah.gnu.org/support/?108712
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c: simplified _gnutls_dgram_read()
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/Makefile.am: danetool: only compile when dane is enabled
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c: in DTLS don't combine multiple packets which
+	exceed MTU Resolves: https://savannah.gnu.org/support/?108715
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c: Added more precise check of push functions
+	availability
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
+	lib/system.h: Revert "in DTLS don't use writev() when multiple
+	packets which exceed MTU are queued" This reverts commit 43082a67c7514d65301d157fb567a133138a85ab.
+
+2015-01-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c: Revert "Give precedence to vector push
+	function" This reverts commit cb4ea413569803cbbf291abb27d30d14bfa971c5.
+
+2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c: Give precedence to vector push function
+
+2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c, lib/gnutls_state.c, lib/system.c,
+	lib/system.h: in DTLS don't use writev() when multiple packets which
+	exceed MTU are queued That change requires the system_write() to be registered
+	unconditionally, even when writev() is available.  Resolves:
+	https://savannah.gnu.org/support/?108715
+
+2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-dtls-mtu.c: tests: added check to
+	ensure that DTLS handshake packets will not exceed MTU
+
+2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: warn when setting a certificate's
+	expiration longer than the CA's expiration
+
+2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11: testpkcs11: detect softhsm2
+
+2015-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-global-load.c, tests/mini-x509.c, tests/priorities.c,
+	tests/record-sizes.c: tests: account for disabling of ARCFOUR where
+	needed
+
+2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-cfg.c: certtool: modified check for READ_NUMERIC
+
+2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-cfg.c: certtool: use 64-bit type for CRL serial
+	number
+
+2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-cfg.c: certtool: check for overflows when reading
+	serial numbers
+
+2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-cfg.c, src/certtool-cfg.h: certtool: use int64_t as
+	type for integers read
+
+2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/socket.c: gnutls-cli-debug: more precise handling of SMTP
+	protocol Patch by Andreas Metzler.
+
+2015-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* gl/Makefile.am, gl/alloca.in.h, gl/asnprintf.c, gl/asprintf.c,
+	gl/base64.c, gl/base64.h, gl/byteswap.in.h, gl/c-ctype.c,
+	gl/c-ctype.h, gl/errno.in.h, gl/float+.h, gl/float.c,
+	gl/float.in.h, gl/fstat.c, gl/ftell.c, gl/ftello.c, gl/getdelim.c,
+	gl/getline.c, gl/gettext.h, gl/gettimeofday.c, gl/hash-pjw-bare.c,
+	gl/hash-pjw-bare.h, gl/intprops.h, gl/itold.c, gl/lseek.c,
+	gl/m4/00gnulib.m4, gl/m4/absolute-header.m4, gl/m4/alloca.m4,
+	gl/m4/base64.m4, gl/m4/byteswap.m4, gl/m4/codeset.m4,
+	gl/m4/errno_h.m4, gl/m4/exponentd.m4, gl/m4/extensions.m4,
+	gl/m4/extern-inline.m4, gl/m4/fcntl-o.m4, gl/m4/fcntl_h.m4,
+	gl/m4/fdopen.m4, gl/m4/float_h.m4, gl/m4/fpieee.m4,
+	gl/m4/fseeko.m4, gl/m4/fstat.m4, gl/m4/ftell.m4, gl/m4/ftello.m4,
+	gl/m4/func.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
+	gl/m4/getpagesize.m4, gl/m4/gettext.m4, gl/m4/gettimeofday.m4,
+	gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
+	gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4,
+	gl/m4/iconv.m4, gl/m4/include_next.m4, gl/m4/intdiv0.m4,
+	gl/m4/intl.m4, gl/m4/intldir.m4, gl/m4/intlmacosx.m4,
+	gl/m4/intmax.m4, gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4,
+	gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/largefile.m4,
+	gl/m4/lcmessage.m4, gl/m4/ld-output-def.m4,
+	gl/m4/ld-version-script.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
+	gl/m4/lib-prefix.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
+	gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
+	gl/m4/math_h.m4, gl/m4/memchr.m4, gl/m4/memmem.m4, gl/m4/minmax.m4,
+	gl/m4/mmap-anon.m4, gl/m4/msvc-inval.m4, gl/m4/msvc-nothrow.m4,
+	gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
+	gl/m4/nls.m4, gl/m4/off_t.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
+	gl/m4/printf.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
+	gl/m4/realloc.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
+	gl/m4/socklen.m4, gl/m4/sockpfaf.m4, gl/m4/ssize_t.m4,
+	gl/m4/stdalign.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
+	gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
+	gl/m4/stdlib_h.m4, gl/m4/strcase.m4, gl/m4/string_h.m4,
+	gl/m4/strings_h.m4, gl/m4/strndup.m4, gl/m4/strnlen.m4,
+	gl/m4/strtok_r.m4, gl/m4/strverscmp.m4, gl/m4/sys_socket_h.m4,
+	gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/sys_types_h.m4,
+	gl/m4/sys_uio_h.m4, gl/m4/threadlib.m4, gl/m4/time_h.m4,
+	gl/m4/time_r.m4, gl/m4/uintmax_t.m4, gl/m4/ungetc.m4,
+	gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4, gl/m4/vasnprintf.m4,
+	gl/m4/vasprintf.m4, gl/m4/visibility.m4, gl/m4/vsnprintf.m4,
+	gl/m4/warn-on-use.m4, gl/m4/warnings.m4, gl/m4/wchar_h.m4,
+	gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/malloc.c,
+	gl/memchr.c, gl/memmem.c, gl/minmax.h, gl/msvc-inval.c,
+	gl/msvc-inval.h, gl/msvc-nothrow.c, gl/msvc-nothrow.h,
+	gl/netdb.in.h, gl/netinet_in.in.h, gl/printf-args.c,
+	gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
+	gl/read-file.c, gl/read-file.h, gl/realloc.c, gl/size_max.h,
+	gl/snprintf.c, gl/stdalign.in.h, gl/stdbool.in.h, gl/stddef.in.h,
+	gl/stdint.in.h, gl/stdio-impl.h, gl/stdio.in.h, gl/stdlib.in.h,
+	gl/str-two-way.h, gl/strcasecmp.c, gl/string.in.h, gl/strings.in.h,
+	gl/strncasecmp.c, gl/strndup.c, gl/strnlen.c, gl/strtok_r.c,
+	gl/strverscmp.c, gl/sys_socket.in.h, gl/sys_stat.in.h,
+	gl/sys_time.in.h, gl/sys_types.in.h, gl/sys_uio.in.h,
+	gl/tests/Makefile.am, gl/tests/binary-io.h, gl/tests/fcntl.in.h,
+	gl/tests/fdopen.c, gl/tests/fpucw.h, gl/tests/getpagesize.c,
+	gl/tests/init.sh, gl/tests/inttypes.in.h, gl/tests/macros.h,
+	gl/tests/signature.h, gl/tests/test-alloca-opt.c,
+	gl/tests/test-base64.c, gl/tests/test-binary-io.c,
+	gl/tests/test-byteswap.c, gl/tests/test-c-ctype.c,
+	gl/tests/test-errno.c, gl/tests/test-fcntl-h.c,
+	gl/tests/test-fdopen.c, gl/tests/test-fgetc.c,
+	gl/tests/test-float.c, gl/tests/test-fputc.c,
+	gl/tests/test-fread.c, gl/tests/test-fstat.c,
+	gl/tests/test-ftell.c, gl/tests/test-ftell3.c,
+	gl/tests/test-ftello.c, gl/tests/test-ftello3.c,
+	gl/tests/test-ftello4.c, gl/tests/test-func.c,
+	gl/tests/test-fwrite.c, gl/tests/test-getdelim.c,
+	gl/tests/test-getline.c, gl/tests/test-gettimeofday.c,
+	gl/tests/test-iconv.c, gl/tests/test-init.sh,
+	gl/tests/test-intprops.c, gl/tests/test-inttypes.c,
+	gl/tests/test-memchr.c, gl/tests/test-netdb.c,
+	gl/tests/test-netinet_in.c, gl/tests/test-read-file.c,
+	gl/tests/test-snprintf.c, gl/tests/test-stdalign.c,
+	gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
+	gl/tests/test-stdint.c, gl/tests/test-stdio.c,
+	gl/tests/test-stdlib.c, gl/tests/test-string.c,
+	gl/tests/test-strings.c, gl/tests/test-strnlen.c,
+	gl/tests/test-strverscmp.c, gl/tests/test-sys_socket.c,
+	gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
+	gl/tests/test-sys_types.c, gl/tests/test-sys_uio.c,
+	gl/tests/test-sys_wait.h, gl/tests/test-time.c,
+	gl/tests/test-u64.c, gl/tests/test-unistd.c,
+	gl/tests/test-vasnprintf.c, gl/tests/test-vasprintf.c,
+	gl/tests/test-vc-list-files-cvs.sh,
+	gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
+	gl/tests/test-vsnprintf.c, gl/tests/test-wchar.c,
+	gl/tests/zerosize-ptr.h, gl/time.in.h, gl/time_r.c, gl/u64.h,
+	gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h, gl/vasprintf.c,
+	gl/verify.h, gl/vsnprintf.c, gl/wchar.in.h, gl/xsize.h,
+	src/gl/Makefile.am, src/gl/accept.c, src/gl/alloca.in.h,
+	src/gl/arpa_inet.in.h, src/gl/asnprintf.c, src/gl/bind.c,
+	src/gl/c-ctype.c, src/gl/c-ctype.h, src/gl/close.c,
+	src/gl/connect.c, src/gl/dup2.c, src/gl/errno.in.h, src/gl/error.c,
+	src/gl/error.h, src/gl/exitfail.c, src/gl/exitfail.h,
+	src/gl/fd-hook.c, src/gl/fd-hook.h, src/gl/float+.h,
+	src/gl/float.c, src/gl/float.in.h, src/gl/fseek.c, src/gl/fseeko.c,
+	src/gl/fstat.c, src/gl/ftell.c, src/gl/ftello.c,
+	src/gl/gai_strerror.c, src/gl/getaddrinfo.c, src/gl/getdelim.c,
+	src/gl/getline.c, src/gl/getpass.c, src/gl/getpass.h,
+	src/gl/getpeername.c, src/gl/gettext.h, src/gl/gettime.c,
+	src/gl/gettimeofday.c, src/gl/inet_ntop.c, src/gl/inet_pton.c,
+	src/gl/intprops.h, src/gl/itold.c, src/gl/listen.c, src/gl/lseek.c,
+	src/gl/m4/00gnulib.m4, src/gl/m4/absolute-header.m4,
+	src/gl/m4/alloca.m4, src/gl/m4/arpa_inet_h.m4, src/gl/m4/bison.m4,
+	src/gl/m4/clock_time.m4, src/gl/m4/close.m4, src/gl/m4/dup2.m4,
+	src/gl/m4/eealloc.m4, src/gl/m4/environ.m4, src/gl/m4/errno_h.m4,
+	src/gl/m4/error.m4, src/gl/m4/exponentd.m4,
+	src/gl/m4/extensions.m4, src/gl/m4/extern-inline.m4,
+	src/gl/m4/float_h.m4, src/gl/m4/fseek.m4, src/gl/m4/fseeko.m4,
+	src/gl/m4/fstat.m4, src/gl/m4/ftell.m4, src/gl/m4/ftello.m4,
+	src/gl/m4/getaddrinfo.m4, src/gl/m4/getdelim.m4,
+	src/gl/m4/getline.m4, src/gl/m4/getpass.m4, src/gl/m4/gettime.m4,
+	src/gl/m4/gettimeofday.m4, src/gl/m4/gnulib-cache.m4,
+	src/gl/m4/gnulib-common.m4, src/gl/m4/gnulib-comp.m4,
+	src/gl/m4/gnulib-tool.m4, src/gl/m4/hostent.m4,
+	src/gl/m4/include_next.m4, src/gl/m4/inet_ntop.m4,
+	src/gl/m4/inet_pton.m4, src/gl/m4/intmax_t.m4,
+	src/gl/m4/inttypes_h.m4, src/gl/m4/largefile.m4,
+	src/gl/m4/longlong.m4, src/gl/m4/lseek.m4, src/gl/m4/malloc.m4,
+	src/gl/m4/malloca.m4, src/gl/m4/math_h.m4, src/gl/m4/memchr.m4,
+	src/gl/m4/minmax.m4, src/gl/m4/mktime.m4, src/gl/m4/mmap-anon.m4,
+	src/gl/m4/msvc-inval.m4, src/gl/m4/msvc-nothrow.m4,
+	src/gl/m4/multiarch.m4, src/gl/m4/netdb_h.m4,
+	src/gl/m4/netinet_in_h.m4, src/gl/m4/off_t.m4,
+	src/gl/m4/parse-datetime.m4, src/gl/m4/printf.m4,
+	src/gl/m4/read-file.m4, src/gl/m4/realloc.m4, src/gl/m4/select.m4,
+	src/gl/m4/servent.m4, src/gl/m4/setenv.m4, src/gl/m4/signal_h.m4,
+	src/gl/m4/size_max.m4, src/gl/m4/snprintf.m4,
+	src/gl/m4/socketlib.m4, src/gl/m4/sockets.m4, src/gl/m4/socklen.m4,
+	src/gl/m4/sockpfaf.m4, src/gl/m4/ssize_t.m4, src/gl/m4/stdalign.m4,
+	src/gl/m4/stdbool.m4, src/gl/m4/stddef_h.m4, src/gl/m4/stdint.m4,
+	src/gl/m4/stdint_h.m4, src/gl/m4/stdio_h.m4, src/gl/m4/stdlib_h.m4,
+	src/gl/m4/strdup.m4, src/gl/m4/strerror.m4, src/gl/m4/string_h.m4,
+	src/gl/m4/sys_select_h.m4, src/gl/m4/sys_socket_h.m4,
+	src/gl/m4/sys_stat_h.m4, src/gl/m4/sys_time_h.m4,
+	src/gl/m4/sys_types_h.m4, src/gl/m4/sys_uio_h.m4,
+	src/gl/m4/time_h.m4, src/gl/m4/time_r.m4, src/gl/m4/timespec.m4,
+	src/gl/m4/tm_gmtoff.m4, src/gl/m4/unistd_h.m4,
+	src/gl/m4/vasnprintf.m4, src/gl/m4/warn-on-use.m4,
+	src/gl/m4/wchar_h.m4, src/gl/m4/wchar_t.m4, src/gl/m4/wint_t.m4,
+	src/gl/m4/xalloc.m4, src/gl/m4/xsize.m4, src/gl/malloc.c,
+	src/gl/malloca.c, src/gl/malloca.h, src/gl/memchr.c,
+	src/gl/minmax.h, src/gl/mktime.c, src/gl/msvc-inval.c,
+	src/gl/msvc-inval.h, src/gl/msvc-nothrow.c, src/gl/msvc-nothrow.h,
+	src/gl/netdb.in.h, src/gl/netinet_in.in.h, src/gl/parse-datetime.h,
+	src/gl/parse-datetime.y, src/gl/printf-args.c,
+	src/gl/printf-args.h, src/gl/printf-parse.c, src/gl/printf-parse.h,
+	src/gl/progname.c, src/gl/progname.h, src/gl/read-file.c,
+	src/gl/read-file.h, src/gl/realloc.c, src/gl/recv.c,
+	src/gl/recvfrom.c, src/gl/select.c, src/gl/send.c, src/gl/sendto.c,
+	src/gl/setenv.c, src/gl/setsockopt.c, src/gl/shutdown.c,
+	src/gl/signal.in.h, src/gl/size_max.h, src/gl/snprintf.c,
+	src/gl/socket.c, src/gl/sockets.c, src/gl/sockets.h,
+	src/gl/stdalign.in.h, src/gl/stdbool.in.h, src/gl/stddef.in.h,
+	src/gl/stdint.in.h, src/gl/stdio-impl.h, src/gl/stdio.in.h,
+	src/gl/stdlib.in.h, src/gl/strdup.c, src/gl/strerror-override.c,
+	src/gl/strerror-override.h, src/gl/strerror.c, src/gl/string.in.h,
+	src/gl/sys_select.in.h, src/gl/sys_socket.in.h,
+	src/gl/sys_stat.in.h, src/gl/sys_time.in.h, src/gl/sys_types.in.h,
+	src/gl/sys_uio.in.h, src/gl/time.in.h, src/gl/time_r.c,
+	src/gl/timespec.h, src/gl/unistd.in.h, src/gl/unsetenv.c,
+	src/gl/vasnprintf.c, src/gl/vasnprintf.h, src/gl/verify.h,
+	src/gl/w32sock.h, src/gl/wchar.in.h, src/gl/xalloc-die.c,
+	src/gl/xalloc-oversized.h, src/gl/xalloc.h, src/gl/xmalloc.c,
+	src/gl/xsize.h: updated gnulib
+
+2015-01-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug.c: gnutls-cli-debug: corrected the skip of ignored
+	checks
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/output.c: use explicit casts in the dummy ip conversion
+	functions
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi,
+	lib/gnutls_priority.c: ARCFOUR-128 is disabled by default
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/system-keys-win.c: system-keys-win: use LoadLibraryA to load
+	ncrypt.dll
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* Makefile.am, devel/abi3.4.xml: Updated abi-compliance-checker for
+	3.4 API
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* Makefile.am, symbols.last: updated export symbols list (due to ABI
+	breakage)
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am: doc: updated auto-generated files
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/doc.mk, doc/manpages/Makefile.am: generate manpages for urls.h
+	and system-keys.h
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/pkcs11-get-issuer.c: tests: added check for
+	gnutls_x509_trust_list_get_issuer_by_dn()
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/libgnutls.map: updated libgnutls.map for new functions
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/doc.mk, doc/manpages/Makefile.am: doc:
+	updated auto-generated files and added urls.h
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests:
+	added checks for the new --key-id and --fingerprint certtool options
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def, src/certtool.c: certtool: Added
+	--fingerprint and --key-id options
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: --pubkey-info will load a public key
+	from stdin
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/system.h: include netinet/in.h if present to access ipv6
+	related structures Based on patch by Rumko.  https://savannah.gnu.org/support/?108713
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_priority.c: VERS-ALL adds all protocols if used with
+	'+'
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: priority strings
+	VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding
+	protocols That introduces VERS-ALL which behaves as VERS-TLS-ALL previously.
+
+2014-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/gnutls.h.in: gnutls.h: made DTLS protocol
+	version numbering distinct
+
+2014-12-30  Matthias-Christian Ott <ott@mirix.org>
+
+	* lib/gnutls_cipher_int.c: Don't call _gnutls_cipher_encrypt2 with
+	textlen = 0 in _gnutls_auth_cipher_encrypt2_tag If the plaintext is shorter than the block size of the used cipher,
+	_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
+	textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in
+	this case and thus does not need to be called.
+
+2014-12-30  Matthias-Christian Ott <ott@mirix.org>
+
+	* lib/accelerated/x86/aes-gcm-padlock.c,
+	lib/accelerated/x86/aes-padlock.c: Handle zero length plaintext for
+	VIA PadLock functions If the plaintext is shorter than the block size of the used cipher,
+	_gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with
+	textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that
+	the plaintext length (last parameter) is greater than zero and
+	segfault otherwise. The assembler code for both functions is
+	automatically generated and imported from OpenSSL, so to ease
+	maintenance the length should be validated in the functions that
+	call padlock_ecb_encrypt or padlock_cbc_encrypt.
+
+2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/system.c: use backslashes in windows path
+
+2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/openpgp-keyring.c: tests: enhanced openpgp-keyring test
+
+2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/openpgp/output.c: openpgp: properly print names in oneline
+	output as well
+
+2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/openpgp/output.c: updates in openpgp DSA key printing
+
+2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/openpgp/output.c: properly print openpgp names
+
+2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/opencdk/Makefile.am: opencdk: print all warnings on
+	compilation
+
+2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/opencdk/armor.c: opencdk: eliminated warning from armor.c
+
+2014-12-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/opencdk/keydb.c: removed cache support for opencdk's keydb It's implementation looked buggy.
+
+2014-12-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: updated guile comments
+
+2014-12-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug.c, src/common.c, src/tests.c: tools: use OCSP
+	functions only when OCSP is enabled
+
+2014-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_pubkey.c: Corrected encoding and decoding of ANSI X9.62 That affects gnutls_pubkey_export_ecc_x962() and
+	gnutls_pubkey_import_ecc_x962().
+
+2014-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def, src/p11tool-args.def: tools: document the
+	available curves
+
+2014-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
+	tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
+	tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
+	tests/suite/testpkcs11.softhsm: PKCS #11 tests: ported to softhsmv2 The C programs still rely on softhsmv1 since there are issues with
+	softhsmv2 and CKA_TRUSTED.
+	https://bugzilla.redhat.com/show_bug.cgi?id=1177086
+
+2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/safe-memfuncs.c: updated documentation of gnutls_memcmp()
+
+2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-tokens.texi, lib/x509/x509.c: use everywhere the new name
+	of gnutls_x509_crt_import_pkcs11_url
+
+2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11_privkey.c: better cleanup in
+	gnutls_pkcs11_privkey_import_url and allow reuse
+
+2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/examples/Makefile.am, src/Makefile.am, src/gl/Makefile.am,
+	src/gl/m4/gnulib-cache.m4, src/gl/m4/gnulib-comp.m4: completely
+	separated the two gnulibs to avoid conflicts
+
+2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* gl/Makefile.am, gl/m4/extensions.m4, gl/m4/extern-inline.m4,
+	gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/printf.m4,
+	gl/m4/stdalign.m4, gl/m4/stddef_h.m4, gl/m4/stdio_h.m4,
+	gl/stdalign.in.h, gl/stddef.in.h, gl/tests/test-fcntl-h.c,
+	gl/tests/test-stddef.c, gl/unistd.in.h, gl/vasnprintf.c,
+	src/gl/Makefile.am, src/gl/m4/extensions.m4,
+	src/gl/m4/extern-inline.m4, src/gl/m4/gnulib-comp.m4,
+	src/gl/m4/printf.m4, src/gl/m4/stdalign.m4, src/gl/m4/stddef_h.m4,
+	src/gl/m4/stdio_h.m4, src/gl/parse-datetime.y,
+	src/gl/stdalign.in.h, src/gl/stddef.in.h, src/gl/timespec.h,
+	src/gl/unistd.in.h, src/gl/vasnprintf.c: updated gnulib
+
+2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_privkey.c, lib/pkcs11_privkey.c, lib/urls.c,
+	lib/urls.h, lib/x509/x509.c: dropped the sanitize URL approach
+
+2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+	lib/pkcs11_privkey.c, lib/pkcs11_secret.c, lib/pkcs11_write.c: 
+	Instead of sanitizing URLs, use hints to support incomplete PKCS#11
+	URIs
+
+2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/x509.c: 
+	gnutls_x509_crt_import_url replaces
+	gnutls_x509_crt_import_pkcs11_url
+
+2014-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: use p11_kit_uri_get_pin_source instead of
+	p11_kit_uri_get_pinfile
+
+2014-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/examples/ex-pkcs11-list.c: ex-pkcs11-list.c: updated for new
+	API
+
+2014-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+	lib/x509/verify-high.c, lib/x509/verify-high2.c: combined
+	gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags That was done in an API-backwards compatible way. That introduces
+	gnutls_pkcs11_obj_list_import_url3() and
+	gnutls_pkcs11_obj_list_import_url4().
+
+2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
+	lib/x509/verify-high2.c: first attempt to unify obj_attrs with
+	obj_flags
+
+2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/pkcs11-is-known.c: tests: pkcs11-is-known checks
+	whether the import of PKCS #11 objects as trusted certs works
+
+2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-combo.c,
+	tests/suite/pkcs11-get-issuer.c, tests/suite/pkcs11-is-known.c,
+	tests/suite/pkcs11-privkey.c, tests/suite/softhsm.h,
+	tests/suite/testpkcs11.softhsm: Added softhsm.h to share code in
+	softhsm detection
+
+2014-12-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11_int.h, lib/x509/verify-high2.c: Directly import PKCS
+	#11 object URLs as trusted certificates That is, don't treat them as trusted modules, because they aren't a
+	token URL, but rather a direct reference to specific objects.
+
+2014-12-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_psk.c: PSK: added sanity check on PSK key size set
+
+2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/tests.c: gnutls-cli-debug: removed ARCFOUR-40 from the ciphers
+	to use It is no longer supported.
+
+2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_str.c: _gnutls_buffer_append_data returns zero on
+	success
+
+2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_buffers.c, lib/gnutls_record.c: corrected documentation
+	for the cork/uncork functions Reported by Jaak Ristioja.
+
+2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_record.c: doc update
+
+2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/protocols.c: Added more precise version check in
+	_gnutls_version_lowest
+
+2014-12-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_record.c: corrected documentation of gnutls_cork()
+
+2014-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_str.c: Added 32-bit overflow protection in
+	_gnutls_buffer_append_data()
+
+2014-12-17  Jaak Ristioja <jaak.ristioja@cyber.ee>
+
+	* lib/gnutls_str.c: Remove redundant condition in
+	align_allocd_with_data().  At all call-sites of align_allocd_with_data() dest->data is
+	non-NULL.  Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
+
+2014-12-17  Jaak Ristioja <jaak.ristioja@cyber.ee>
+
+	* lib/gnutls_str.c: Deduplicated some code in
+	_gnutls_buffer_append_data().  Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
+
+2014-12-17  Jaak Ristioja <jaak.ristioja@cyber.ee>
+
+	* lib/gnutls_str.c: Explicitly marked some variables const in
+	_gnutls_buffer_append_data().  Signed-off-by: Jaak Ristioja <jaak.ristioja@cyber.ee>
+
+2014-12-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* devel/DCO/people-dco.txt: DCO: added Jaak Ristioja
+
+2014-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/slow/cipher-test.c: test-ciphers: do not fail on processor
+	which don't have the AES-NI instructions
+
+2014-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_str.c: _gnutls_buffer_*: moved common operations to
+	function
+
+2014-12-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_str.c: _gnutls_buffer_append_data: moved common code
+	outside the if-clause
+
+2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testcompat-main-polarssl: tests: disable SSL 3.0
+	checks with polarssl It seems that SSL 3.0 is disabled in Debian's polarssl.
+
+2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testdane: testdane: removed www.vulcano.cl from good
+	hosts
+
+2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/x509cert-tl.c: tests: enhanced x509cert-tl Verify gnutls_x509_trust_list_verify_crt2() in combination with
+	gnutls_x509_trust_list_add_named_crt().
+
+2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: use
+	gnutls_x509_trust_list_verify_named_crt in
+	gnutls_x509_trust_list_verify_crt2
+
+2014-12-12  Ludovic Courtès <ludo@gnu.org>
+
+	* NEWS: Update 'NEWS'.
+
+2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/random.c: gnutls_rnd: doc update
+
+2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/pkcs12.c: gnutls_pkcs12_simple_parse: doc update
+
+2014-12-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* libdane/dane.c: improved documentation on dane
+
+2014-12-11  Ludovic Courtès <ludo@gnu.org>
+
+	* guile/tests/openpgp-keyring.scm: guile: Open binary file in binary
+	mode, for the sake of MinGW.  Reported by Eli Zaretskii <eliz@gnu.org>.  * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead
+	  of 'open-input-file'.
+
+2014-12-11  Ludovic Courtès <ludo@gnu.org>
+
+	* guile/src/Makefile.am: guile: Link with '-no-undefined'.  Fixes builds on MinGW.  Reported by Eli Zaretskii <eliz@gnu.org>.  * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add   -no-undefined.
+
+2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/pkcs11.c: p11tool: use Sleep() in windows
+
+2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-cfg.c: certtool: ensure that default_serial_int is
+	64-bits or more
+
+2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/socket.c: use select() instead of alarm for better portability Based on patch by Eli Zaretskii.
+
+2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cross.mk: cross.mk: updated for 3.3.11
+
+2014-12-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-backend.c: Allow a random generator with the same
+	priority to re-register That corrects an issue where the library is deinitialized, and
+	reinitialization wouldn't register the same rnd module.  Reported by
+	Stanislav Zidek.
+
+2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/x509cert.c: tests: x509cert: verify that length returned
+	from gnutls_x509_crt_get_dn matches strlen
+
+2014-12-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testcompat-main-openssl: testcompat: corrected usage
+	of null cipher
+
+2014-12-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/rnd-fips.c: added the .check function in FIPS140-2 code
+
+2014-12-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.c: corrected typo
+
+2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: configure: added option --without-idn
+
+2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/aes-gcm-padlock.c,
+	lib/accelerated/x86/aes-gcm-x86-aesni.c,
+	lib/accelerated/x86/aes-gcm-x86-ssse3.c: accelerated: added required
+	casts
+
+2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi, lib/gnutls_priority.c: the priority string
+	EXPORT is no more
+
+2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/aes-ccm-x86-aesni.c: aesni-ccm: removed unused
+	struct entries
+
+2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/Makefile.am,
+	lib/accelerated/x86/aes-ccm-x86-aesni.c,
+	lib/accelerated/x86/aes-x86.h, lib/accelerated/x86/x86-common.c: 
+	added AESNI accelerated CCM
+
+2014-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/aes-gcm-padlock.c,
+	lib/accelerated/x86/aes-gcm-x86-aesni.c,
+	lib/accelerated/x86/aes-gcm-x86-ssse3.c: more nettle3 related
+	changes
+
+2014-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* libdane/dane.c: dane: use the new _gnutls_buffer_to_datum
+
+2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/ocsp.c: tests: corrected the expected lengths in ocsp
+
+2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cert.c, lib/gnutls_session_pack.c, lib/gnutls_str.c,
+	lib/gnutls_str.h, lib/openpgp/output.c, lib/pkcs11.c, lib/tpm.c,
+	lib/x509/dn.c, lib/x509/ocsp_output.c, lib/x509/output.c: 
+	_gnutls_buffer_to_datum: includes code for exporting strings
+
+2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: when the trusted list contains a non-CA
+	certificate warn via the audit log
+
+2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c: modified the CCM ciphersuite's name
+	to match the one in the IANA registry
+
+2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/ciphersuite/scan-gnutls.sh,
+	tests/suite/ciphersuite/test-ciphers.js: ciphersuite test: enhanced
+	check for correct ciphersuites
+
+2014-12-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/ciphersuite/scan-gnutls.sh: ciphersuites tests: add
+	missing includes
+
+2014-12-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/ciphersuite/scan-gnutls.sh: ciphersuite tests: define
+	HAVE_CONFIG_H
+
+2014-12-04  Ludovic Courtès <ludo@gnu.org>
+
+	* guile/src/Makefile.am: guile: Build with warnings.  * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra   -Wno-unused-parameter.
+
+2014-12-04  Ludovic Courtès <ludo@gnu.org>
+
+	* guile/modules/Makefile.am, guile/modules/gnutls.in,
+	guile/modules/gnutls/build/priorities.scm, guile/src/Makefile.am,
+	guile/src/core.c, guile/src/make-session-priorities.scm,
+	guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: 
+	guile: Remove the deprecated priority API.  * guile/modules/gnutls/build/priorities.scm: Remove.  * guile/src/make-session-priorities.scm: Remove.  * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly.  * guile/src/Makefile.am (EXTRA_DIST): Likewise.    (GENERATED_BINDINGS): Remove 'priorities.i.c'.    (priorities.i.c): Remove target.  * guile/src/core.c: Don't include it.    (scm_gnutls_set_default_priority_x): Remove.  * guile/modules/gnutls.in (gnutls): Adjust export list.  * guile/tests/session-record-port.scm: Use
+	'set-session-priorities!'.  * guile/tests/x509-auth.scm: Likewise.
+
+2014-12-04  Ludovic Courtès <ludo@gnu.org>
+
+	* doc/gnutls-guile.texi, guile/modules/gnutls.in,
+	guile/modules/gnutls/build/smobs.scm, guile/src/core.c,
+	guile/tests/openpgp-auth.scm, guile/tests/x509-auth.scm: guile:
+	Remove RSA parameters and related procedures.  * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob):
+	  Remove.  (%gnutls-smobs): Remove it.  * guile/src/core.c (scm_gnutls_make_rsa_parameters,   scm_gnutls_pkcs1_import_rsa_parameters,   scm_gnutls_pkcs1_export_rsa_parameters,   scm_gnutls_set_certificate_credentials_rsa_export_params_x):
+	  Remove.  * guile/modules/gnutls.in: Adjust export list.  * guile/tests/openpgp-auth.scm (import-rsa-params): Remove.    Remove references to it and to   'set-certificate-credentials-rsa-export-parameters!'.  * guile/tests/x509-auth.scm: Likewise.  * doc/gnutls-guile.texi (Representation of Binary Data): Remove   references to RSA parameters.  Adjust example accordingly.    (OpenPGP Authentication Guile Example): Likewise.
+
+2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/TODO: updated TODO list
+
+2014-12-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map: removed several of the unneeded exported
+	internal symbols
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-upgrade.texi: doc: corrected typo
+
+2014-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/cipher.c: use unsigned long in gcm_cast_st
+
+2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/cipher.c: corrected issue in AES-256-GCM
+
+2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/slow/Makefile.am, tests/slow/test-ciphers: tests: enhanced
+	cipher check to include all ciphers.
+
+2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/cipher.c: simplified abstractions over nettle based on
+	Niels' comments.
+
+2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-api.c: API doc update
+
+2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests.c: Added test vectors for CCM mode
+
+2014-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/cipher.c: CCM: corrected AEAD decryption
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_priority.c: CCM mode moved to the lowest priority
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/aes-gcm-aead.h: aes-gcm-aead.h: generalized
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/benchmark-tls.c: gnutls-cli: added benchmark for CCM
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/priorities.c, tests/suite/testcompat-main-polarssl: tests:
+	updated for AES-128-CCM ciphersuites
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cipher.c: use the new AEAD API in gnutls_cipher.c
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
+	lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
+	lib/nettle/cipher.c: Added definitions for CCM ciphersuites
+
+2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS, doc/cha-crypto.texi, lib/accelerated/x86/Makefile.am,
+	lib/accelerated/x86/aes-gcm-aead.h,
+	lib/accelerated/x86/aes-gcm-padlock.c,
+	lib/accelerated/x86/aes-gcm-x86-aesni.c,
+	lib/accelerated/x86/aes-gcm-x86-pclmul.c,
+	lib/accelerated/x86/aes-gcm-x86-ssse3.c, lib/crypto-api.c,
+	lib/crypto-backend.h, lib/crypto-selftests.c,
+	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+	lib/includes/gnutls/crypto.h, lib/libgnutls.map,
+	lib/nettle/cipher.c: Modified crypto backend to accomodate for the
+	CCM ciphersuites
+
+2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
+	lib/nettle/int/dsa-validate.c, lib/nettle/pk.c: More nettle2 updates
+	(in FIPS140-2 mode)
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/aes-gcm-padlock.c,
+	lib/accelerated/x86/aes-gcm-x86-aesni.c,
+	lib/accelerated/x86/aes-gcm-x86-ssse3.c,
+	lib/accelerated/x86/aes-padlock.c,
+	lib/accelerated/x86/aes-padlock.h, lib/accelerated/x86/aes-x86.h,
+	lib/accelerated/x86/sha-padlock.c,
+	lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/Makefile.am,
+	lib/nettle/cipher.c, lib/nettle/int/gcm-camellia.c,
+	lib/nettle/int/gcm-camellia.h, lib/nettle/pk.c, m4/hooks.m4,
+	tests/dsa/testdsa: ported to nettle 3.0
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* m4/hooks.m4: reduced current soversion
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS, doc/cha-upgrade.texi, lib/libgnutls.map: documented the
+	removal of deprecated functions
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: corrected comparison
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/auth/cert.c, lib/auth/cert.h, lib/gnutls_cert.c,
+	lib/gnutls_priority.c, lib/gnutls_state.c,
+	lib/includes/gnutls/compat.h: removed the old gnutls_retr_st
+	compatibility functions
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/Makefile.am, lib/gnutls_rsa_export.c,
+	lib/gnutls_ui.c, lib/includes/gnutls/compat.h, m4/hooks.m4: Removed
+	binary compatibility with RSA-EXPORT using applications
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c, lib/includes/gnutls/compat.h: removed the
+	old priority functions That is: gnutls_cipher_set_priority gnutls_mac_set_priority
+	gnutls_compression_set_priority gnutls_kx_set_priority
+	gnutls_protocol_set_priority gnutls_certificate_type_set_priority
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/compat.h, lib/x509/x509.c: removed
+	gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data()
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cert.c, lib/gnutls_int.h, lib/gnutls_sig.c,
+	lib/includes/gnutls/compat.h: gnutls_sign_callback_set() and
+	gnutls_sign_callback_get() were removed
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/gnutls.h.in: renumbered fields in gnutls.h
+
+2014-12-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map, m4/hooks.m4: increased gnutls' soversion
+
+2014-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/random.h: if the rnd structure doesn't provide check,
+	_gnutls_rnd_check() will succeed
+
+2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/x509-verify-with-crl.c: tests: Added
+	check for verification using CRLs
+
+2014-11-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/x509.c: Reorganized, and eliminated memory leak in
+	_gnutls_x509_crt_check_revocation() Reported by Tim Rühsen.
+
+2014-11-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/systemkey.c: systemkey: updated for new
+	gnutls_system_key_iter_get_info
+
+2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/system-keys.h, lib/system-keys-dummy.c,
+	lib/system-keys-win.c: gnutls_system_key_iter_get_info() allows
+	restricting results to a specific certificate type
+
+2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_x509.c: removed unneeded variable
+
+2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h: doc
+	update
+
+2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: doc: added recommendation to use the higher
+	level functions to load keys
+
+2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-cfg.c: certtool: avoid gcc warnings
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
+	check for whether %NO_EXTENSIONS is required
+
+2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_ui.c: gnutls_session_get_desc: allow proper printing of
+	the NULL KX
+
+2014-11-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_ui.c: gnutls_session_get_desc will return NULL if
+	initial negotiation is not complete
+
+2014-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/mini-chain-unsorted.c: tests: small fix in
+	mini-chain-unsorted
+
+2014-11-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_pcert.c, lib/gnutls_x509.c, lib/x509/common.c,
+	lib/x509/common.h, lib/x509/x509.c: 
+	GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from
+	gnutls_pcert_import_x509_list That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT
+	is specified.
+
+2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pcert.c: gnutls_pcert_import_x509_list: only sort the
+	lists it can sort
+
+2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/system-keys-win.c: simplified windows URLs
+
+2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/system-keys-win.c: system-keys-win: include urls.h
+
+2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-cert-status.c,
+	tests/mini-chain-unsorted.c: tests: added mini-chain-unsorted
+
+2014-11-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pcert.c, lib/gnutls_x509.c,
+	lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
+	lib/libgnutls.map, lib/x509/common.c, lib/x509/common.h,
+	lib/x509/verify-high.c, lib/x509/x509.c: Added flag
+	GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import* That also allows automatically sorting input chains to the
+	gnutls_certificate_credentials_t structure.
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/set_x509_key_file.c: tests: Added check
+	for memory leaks when a file cannot be loaded.
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_x509.c: gnutls_certificate_set_x509_key_*: eliminated
+	memory leak when certificate could not be parsed Reported by Georg Richter.
+
+2014-11-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* libdane/dane.c: libdane: undef gnutls_assert() before redefining
+	it
+
+2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/socket.c: gnutls-cli-debug: do not print error on unknown
+	protocols
+
+2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/set_x509_key_mem.c: tests: added leak
+	check for gnutls_set_x509_key_mem2()
+
+2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_x509.c: documented the limitations of the loading
+	functions
+
+2014-11-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_x509.c: corrected memleak in read_key_mem() Patch by Georg Richter.
+
+2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
+	check for sorted certificate chain
+
+2014-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_db.c: do not allow the resumption of a session which
+	switches the state of ext_master_secret
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/rfc2253-escape-test: tests: run rfc2253-escape-test under
+	valgrind
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/custom-urls.c: tests: enhanced custom-url check
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_privkey.c, lib/gnutls_x509.c: sanitize URLs at the
+	proper place
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/x509.c: corrected freeing of custom URL
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-tokens.texi, lib/includes/gnutls/urls.h: doc update
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/suppressions.valgrind, tests/suppressions.valgrind: 
+	Added memxor_different_alignment into suppressions
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-tokens.texi, lib/gnutls_x509.c,
+	lib/includes/gnutls/urls.h, lib/urls.c, lib/urls.h: Allow the
+	construction of chains with custom URLs
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitignore: updated ignored files
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/Makefile.am, src/systemkey-tool.c, src/systemkey.c: renamed
+	systemkey-tool to systemkey, and don't install it by default
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/custom-urls.c: tests: added check for
+	registration of custom URLs
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/urls.h, lib/libgnutls.map, lib/urls.c: export
+	gnutls_register_custom_url
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_x509.c: correctly handle non-pkcs11 URLs in
+	read_cert_url
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitignore: more files to ignore
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/cha-tokens.texi, lib/gnutls_privkey.c,
+	lib/gnutls_pubkey.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
+	lib/includes/Makefile.am, lib/includes/gnutls/urls.h,
+	lib/system-keys-win.c, lib/urls.c, lib/urls.h, lib/x509/x509.c: 
+	Added the ability to register application specific URLs for keys and
+	certs
+
+2014-11-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/system-keys-win.c: system-keys-win: use macros for the URL
+
+2014-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c: doc update
+
+2014-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/mini-rehandshake-2.c: tests: added test
+	for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake
+
+2014-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c, lib/gnutls_record.c: treat
+	GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is
+	complete This corrects a regression introduced in
+	b5a0de2e6da98866cafb770c3141b7353d030ab2 Reported by Dan Winship.
+	https://savannah.gnu.org/support/?108690
+
+2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: removed old news
+
+2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms.h, lib/algorithms/protocols.c,
+	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c: The
+	record version in the client Hello will be set to the lowest
+	supported protocol There should have been no harm in keeping it SSL 3.0 but
+	unfortunately in draft-thomson-sslv3-diediedie-00 it has been marked
+	as MUST NOT do that. That will be fixed in a later revision but
+	since then there are servers not accepting SSL 3.0 as a valid record
+	version (note that this is about the record version, which describes
+	the format of the packet, nothing to do with the negotiated
+	version).
+
+2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: Revert "The priority modifier
+	%LATEST_RECORD_VERSION is now the default" This reverts commit 66c419cc6336ea9a2747574588ffee77458b838f.
+
+2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/ocsp.c: deinitialize the OCSP response der data That also makes sure that reinitialization of ASN1 structures are
+	done when it is required only.
+
+2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/Makefile.am, lib/gnutls_priority.c,
+	lib/includes/gnutls/gnutls.h.in, src/cli.c: 
+	gnutls_priority_string_list: allow printing the special keywords as
+	well.
+
+2014-11-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/rnd-common.c: simplified code involving getrandom() and
+	getentropy()
+
+2014-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac: configure: detect android system and define a
+	variable
+
+2014-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/Makefile.am, lib/system-keys-dummy.c, lib/system-keys-win.c,
+	lib/system-keys.c: separated system-keys implementations
+
+2014-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/libgnutls.map: removed redundant local
+
+2014-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testpkcs11: tests: added check for the abbreviated
+	URLs which don't contain object information
+
+2014-11-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/Makefile.am, lib/gnutls_x509.c, lib/pkcs11_privkey.c,
+	lib/urls.c, lib/urls.h, lib/x509/x509.c: prior to importing objects
+	with URLs sanitize them That allows to use out of band information to complete missing parts
+	in URLs (e.g., object-type=cert, when there is a certificate).
+
+2014-11-19  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/system-keys.c: compilation fixes
+
+2014-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/Makefile.am, lib/gnutls_errors.c, lib/gnutls_global.c,
+	lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
+	lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_x509.c,
+	lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
+	lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/system-keys.h,
+	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
+	lib/pkcs11_int.h, lib/system-keys.c, lib/system-keys.h,
+	lib/x509/Makefile.am, lib/x509/x509.c, src/Makefile.am,
+	src/systemkey-args.def, src/systemkey-tool.c: Added API to
+	read/write/delete key-cert pairs (limited to windows for now)
+
+2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_priority.c: NORMAL priority: prioritize the less than
+	256-bits curves at the lowest level
+
+2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
+	src/certtool.c: certtool: Allow to set the nonRepudiation,
+	keyAgreement and dataEncipherment flags
+
+2014-11-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool-args.def: list the OIDs in the certtool cfg file
+	documentation
+
+2014-11-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/fips.c, lib/fips.h, lib/gnutls_global.c: properly reset the
+	zombie mode in FIPS mode This amends 9158f590f4a18c84fc9eb41877b29d73b30af879
+
+2014-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/TODO: doc update
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_x509.c: partially reverted
+	999d221fd2241ff73f884bf33d8cbe6eb8299184 That change allows to use the intermediate certificates in chains as
+	OCSP anchors.
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: print message when the system trust is
+	used
+
+2014-11-14  David Weber <dave@veryflatcat.com>
+
+	* src/cli.c, src/serv.c: Fixed SRTP profile configuration in cli.c
+	and serv.c.  I have tested the fix in 3.3.10. This commit is UNTESTED as i am
+	unable to compile gnutls (./configure complains about gl_INIT and
+	ggl_INIT).  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/ocsp.c: tests: ocsp: added the signature in check
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/ocsp_output.c: only print about additional certificates
+	if they are present
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/ocsp.c: ocsp: fix DN decoding in
+	gnutls_ocsp_resp_get_responder_raw_id
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/ocsp.c: tests: ocsp: added check with a long response
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/ocsp.c: use the original DER/BER data when verifying an
+	OCSP response
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c: _pkcs1_rsa_verify_sig() simplify hashing
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/ocsp.c: ocsp: eliminated duplicate code
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def: clarified the multiple paths printing of
+	the verify options
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli.c: gnutls-cli: allow printing the certificates in OCSP
+	responses when --print-cert is specified
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_x509.c, lib/x509/ocsp.c: updated OCSP verification code
+	to better use the trust list, and the KeyHash
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/ocsp_output.c: OCSP printing: Add header in front of
+	certificates
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/x509.h,
+	lib/pkcs11.c, lib/x509/verify-high.c: added
+	gnutls_pkcs11_get_raw_issuer_by_dn and
+	gnutls_x509_trust_list_get_issuer_by_dn
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: check
+	for OCSP status response
+
+2014-11-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/cert-tests/crq: corrected crq test case; reported by Andreas
+	Metzler
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN
+	callback
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
+	lib/x509/ocsp_output.c, tests/ocsp.c: replaced
+	gnutls_ocsp_resp_get_responder_by_key with
+	gnutls_ocsp_resp_get_responder_raw_id In addition reverted gnutls_ocsp_resp_get_responder() to the old
+	buggy behavior of returning 0 if the element was missing.
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: make sure that GNUTLS_PKCS_PLAIN is set
+	when no password should be asked
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: gnutls_x509_privkey_import2: will not use a
+	callback if GNUTLS_PKCS_PLAIN is specified
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c: the FIPS140-2 testing mode is disabled after
+	self-checks
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/ocsp.c: updated OCSP tests to account for the new key ID
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/ocsp.c: doc update and gnutls_ocsp_resp_get_responder()
+	will always initialized output data
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/rnd-common.c: _rnd_get_event: use memset to avoid
+	valgrind complaints
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli.c: gnutls-cli: print the OCSP response in verbose mode
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/ocsp.c: corrected documentation of OCSP response
+	verification
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/ocsp.h, lib/libgnutls.map, lib/x509/ocsp.c,
+	lib/x509/ocsp_output.c: Added
+	gnutls_ocsp_resp_get_responder_by_key()
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/dn.c: dn parsing: return
+	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-args.def, src/cli.c, src/common.c: gnutls-cli: added
+	option to save the OCSP response
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/abstract_int.h, lib/gnutls_privkey.c, lib/gnutls_sig.c,
+	lib/includes/gnutls/abstract.h: added the notion of preferred sign
+	algorithm in a private key This can be set for keys imported with gnutls_privkey_import_ext3()
+	with the info callback. It is only considered for client side keys
+	in TLS sessions.
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi, lib/ext/ext_master_secret.c,
+	lib/gnutls_int.h, lib/gnutls_priority.c, lib/priority_options.gperf: 
+	Added priority string %NO_SESSION_HASH to prevent advertising the
+	extended master secret extension
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/status_request.c: certificate status requestion response
+	is optional according to RFC6066
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in, src/common.c: 
+	Added flag GNUTLS_OCSP_SR_IS_AVAIL for
+	gnutls_ocsp_status_request_is_checked
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/rnd-common.h: rnd: removed the packed attribute from
+	event_st That prevents a SIGBUS on solaris sparc systems.  Reported by Thomas
+	Thorberger.
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: The priority modifier
+	%LATEST_RECORD_VERSION is now the default This works-around issue with servers that forbit the SSL 3.0 version
+	number from the first packet of the record protocol.
+
+2014-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/tests.c, src/tests.h: added check for servers
+	that disallow the SSL 3.0 record version
+
+2014-11-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/common.c: gnutls-cli: print whether status request has been
+	checked
+
+2014-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_x509.c: doc update
+
+2014-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_privkey.c, lib/includes/gnutls/x509.h,
+	lib/libgnutls.map, lib/pin.c, lib/pin.h, lib/pkcs11.c, lib/tpm.c,
+	lib/x509/privkey.c, lib/x509/x509_int.h: Enable PIN support to
+	gnutls_x509_privkey_t
+
+2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/system.c, lib/system.h, lib/x509/common.c,
+	lib/x509/x509_ext.c: _gnutls_ucs2_to_utf8() can handle little endian
+	strings.
+
+2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/Makefile.am, lib/crypto-api.c, lib/ext/session_ticket.c,
+	lib/gnutls_cipher.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map, lib/safe-memfuncs.c, lib/safe-memset.c: Added
+	gnutls_memcmp() and exported it.
+
+2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/abstract.h: indentation fix
+
+2014-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
+	lib/x509/pkcs12_bag.c: added gnutls_pkcs12_bag_set_privkey() Conflicts: 	lib/libgnutls.map
+
+2014-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/abstract_int.h, lib/gnutls_privkey.c,
+	lib/includes/gnutls/abstract.h: dropped unused copy_func
+
+2014-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/gnutls-idna.h: silence warning
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, tests/cert-tests/Makefile.am, tests/cert-tests/crq: 
+	Added check with the invalid crq sent by Sean Burford
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_ecc.c: when exporting curve coordinates to X9.63
+	format, perform additional sanity checks on input Reported by Sean Burford.
+
+2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-intro-tls.texi: doc update
+
+2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, lib/ext/session_ticket.c, lib/gnutls_mem.h,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: exported
+	gnutls_memset()
+
+2014-11-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-gtls-app.texi, doc/cha-intro-tls.texi: doc: updated text
+	on session tickets
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/socket.c: tools: include arpa/inet.h in socket.c
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/examples/ex-serv-dtls.c: doc: use the same port for DTLS
+	client and server
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: pkcs11: pass the correct user type to protected
+	authentication login
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: doc: corrected values for INSECURE level
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c: 
+	pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c: 
+	pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11_privkey.c: pkcs11: perform reauth at the appropriate
+	state
+
+2014-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c, lib/pkcs11_int.h: pkcs11_login: set the correct user
+	type on reauthentication
+
+2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* gl/unistd.in.h, src/gl/unistd.in.h: applied patch by A. Klitzing
+	to improve compatibile with some apple systems Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
+	force login on tokens that require it
+
+2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: pkcs11: always set slot_info
+
+2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testcompat-main-openssl: testcompat-openssl: disable
+	SSL 3.0 as it is not supported on debian
+
+2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testcompat-main-polarssl: fixed polarssl compatibility
+	checks on debian
+
+2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.c: 
+	pkcs11: eliminated the need for struct token_info
+
+2014-11-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: added
+	support for PKCS #11 keys that require reauthentication and
+	simplified pkcs11_login
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c: gnutls-cli-debug: clarified text
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/Makefile.am, tests/suite/testcompat,
+	tests/suite/testcompat-main, tests/suite/testcompat-main-openssl,
+	tests/suite/testcompat-main-polarssl,
+	tests/suite/testcompat-openssl, tests/suite/testcompat-polarssl: 
+	tests: separated the two testcompat tests (openssl/polarssl)
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms/ciphers.c: added missing comma
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/tests.c: gnutls-cli-debug: corrected heartbeat check
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
+	negatives
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/tests.c: gnutls-cli-debug: fixes in tests to prevent false
+	negatives
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testcompat-main: tests: added interoperability tests
+	with openssl's PSK
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_constate.c, lib/gnutls_int.h: corrected calculation for
+	max send data and other uses of _gnutls_cipher_type()
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphers.c: modernized cipher table
+
+2014-11-05  Chen Hongzhi <hongzhi.chen@me.com>
+
+	* lib/x509/pkcs12.c: Fix double-free in gnutls_pkcs12_simple_parse() Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cipher.c: simplified checks for EtM
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/anonself.c: tests: enhanced test to check the return value
+	of gnutls_record_send()
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-x509-2.c: tests: Added unit tests for
+	gnutls_certificate_get_ours in mini-x509-2
+
+2014-11-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+	lib/gnutls_session.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+	lib/includes/gnutls/gnutls.h.in: introduced
+	GNUTLS_MAX_SESSION_ID_SIZE
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/scripts/mytexi2latex: mytexi2latex: handle na@"ive
+
+2014-11-04  Chris Barry <chris@barry.im>
+
+	* doc/cha-auth.texi, doc/cha-cert-auth.texi,
+	doc/cha-cert-auth2.texi, doc/cha-errors.texi, doc/sec-tls-app.texi: 
+	Cleaning up some awkward phrasings.  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitignore, tests/Makefile.am, tests/mini-record-failure.c: tests:
+	Added test for MAC verification checks
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/etm.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: EtM
+	fixes: it only applies to block ciphers
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c: gnutls-cli-debug: reorganized output
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/tests.c: moved the HTTPS server name outside
+	of verbose tests; only run when the HTTPS protocol is used
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/common.c, src/common.h, src/tests.c: enhanced
+	gnutls-cli-debug verbose output (uses files for mass text)
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: Added
+	tests for EtM and extended master secret support In addition reworked the output for existing tests.
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/socket.c: tools: only warn of an error if it is fatal
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testcompat-main, tests/suite/testcompat-polarssl: 
+	testcompat: increased the number of test cases checked
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/alpn.c: updated text
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testcompat-polarssl: testcompat-polarssl: try to run
+	the test only if polarssl binaries are available
+
+2014-11-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testcompat-common, tests/suite/testcompat-polarssl: 
+	testcompat: check the PSK ciphersuite interoperability against
+	polarssl
+
+2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/Makefile.am, tests/suite/testcompat,
+	tests/suite/testcompat-common, tests/suite/testcompat-main,
+	tests/suite/testcompat-polarssl: testcompat: added interop tests
+	with polarssl
+
+2014-11-03  Jaak Ristioja <jaak.ristioja@cyber.ee>
+
+	* lib/system_override.c: doc: Added missing reference for EMSGSIZE
+	to inline documentation of gnutls_transport_set_errno().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2014-11-03  Jaak Ristioja <jaak.ristioja@cyber.ee>
+
+	* lib/system_override.c: doc: Fixed typo in inline comment of
+	gnutls_transport_set_errno().  Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi, lib/ext/Makefile.am, lib/ext/etm.c,
+	lib/ext/etm.h, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
+	lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+	lib/gnutls_constate.c, lib/gnutls_extensions.c, lib/gnutls_int.h,
+	lib/gnutls_priority.c, lib/gnutls_session_pack.c,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+	lib/priority_options.gperf, src/common.c: Added support for RFC7366
+	(encrypt then authenticate) It implements a revised version of RFC7366, to avoid
+	interoperability issues:
+	http://www.ietf.org/mail-archive/web/tls/current/msg14349.html This
+	is currently enabled by default, unless %NO_ETM, or %COMPAT is
+	specified.
+
+2014-11-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms.h, lib/algorithms/ciphers.c, lib/crypto-api.c,
+	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
+	lib/gnutls_int.h, lib/gnutls_range.c: Made AEAD type an alternative
+	to stream and block That way the terminology becomes closer to the TLS rfc.
+
+2014-11-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_errors.c: updated the text for
+	GNUTLS_E_UNSUPPORTED_VERSION_PACKET
+
+2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/Makefile.am, tests/suite/pkcs11-privkey.c: tests:
+	Added check for gnutls_certificate_set_x509_key_file2() and PKCS #11
+	+ PIN
+
+2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitignore: more files to ignore
+
+2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.c: when calling gnutls_x509_crt_get_subject_key_id
+	set the id_size
+
+2014-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: deinitialize the temporary spki data
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/init_fds.c: tests: added test for
+	gnutls_global_init after all descriptors are closed
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_global.c, lib/nettle/rnd-common.c, lib/random.h: 
+	corrected check for urandom fd
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/dtls/dtls-stress.c: tests: dtls-stress: fix issues in the
+	suite
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_x509.c: Do not require a PIN callback in the
+	certificate credentials when a password is specified
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_x509.c: doc update
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_global.c: corrected exit state from gnutls_global_init
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: updated text for gnutls_fd_in_use() to
+	account the new behavior
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map, lib/nettle/rnd-common.c: dropped
+	gnutls_fd_in_use, it is no longer necessary
+
+2014-10-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-backend.h, lib/gnutls_global.c,
+	lib/nettle/rnd-common.c, lib/nettle/rnd-common.h, lib/nettle/rnd.c,
+	lib/random.h: When gnutls_global_init() is called manually from the
+	application check the urandom fd for validity That addresses the issue where a server closes all open file
+	descriptors and then calls gnutls_global_init().
+
+2014-10-30  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS, configure.ac, lib/nettle/rnd-common.c: Added support for
+	getentropy() and reworked getrandom support
+
+2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/pk.c: _gnutls_dh_generate_key() will account the q_bits
+
+2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_dh.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: Added gnutls_dh_params_import_raw2(), which
+	allows to specify the number of bits for key size
+
+2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-10-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/nettle/rnd-common.c: use Linux' getrandom() when
+	available
+
+2014-10-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/rnd.c: use the random rnd context when refreshing the
+	nonce context That avoids frequent reads from /dev/urandom.
+
+2014-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_state.c: do not explicitly refresh rnd state on session
+	deinit It is already being refreshed during the session lifetime.
+
+2014-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/rnd.c: doc update
+
+2014-10-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/rnd.c: increase the reseed time
+
+2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/crypto-selftests.c: tests: enhance cipher test to include tag
+	verification error
+
+2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/crypto-api.c: better documented the new API
+
+2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/crypto-api.c: harmonise variable names
+
+2014-10-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: disable hardware acceleration by default in solaris
+
+2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c, lib/gnutls_int.h: Improved support of
+	draft-ietf-tls-session-hash-02.  Now the session hash is calculated correctly even when a client
+	certificate is sent. That is, the session hash now does not take
+	into account the CertificateVerify message.
+
+2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/crypto-api.c: doc update
+
+2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-crypto.texi: doc: list the AEAD API
+
+2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, lib/crypto-api.c, lib/crypto-selftests.c,
+	lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
+	lib/libgnutls.map: Added a new simple to use AEAD API
+
+2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, m4/hooks.m4: the openssl compatibility library isn't built
+	by default
+
+2014-10-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cfg.mk, lib/accelerated/x86/elf/aes-ssse3-x86.s,
+	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
+	lib/accelerated/x86/elf/aesni-x86.s,
+	lib/accelerated/x86/elf/aesni-x86_64.s,
+	lib/accelerated/x86/elf/cpuid-x86.s,
+	lib/accelerated/x86/elf/cpuid-x86_64.s,
+	lib/accelerated/x86/elf/e_padlock-x86.s,
+	lib/accelerated/x86/elf/e_padlock-x86_64.s,
+	lib/accelerated/x86/elf/ghash-x86_64.s,
+	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
+	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
+	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
+	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s: do not use the ifdef
+	directive in assembly files, as it isn't portable
+
+2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cipher.c: eliminate IV size usage in TLS
+	encryption/decryption; it was a remnant of salsa20
+
+2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/ext_master_secret.c: corrected likely macro usage Spotted by Manuel Pégourié-Gonnard.
+
+2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c, lib/gnutls_cipher.c,
+	lib/gnutls_cipher_int.h, tests/mini-overhead.c: removed support for
+	SALSA20 and for stream ciphers with IV The proposal was not adopted by the TLS WG, and the AEAD path will
+	be used.
+
+2014-10-24  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi, lib/gnutls_int.h, lib/gnutls_priority.c,
+	lib/priority_options.gperf: Added priority string %NO_TICKETS that
+	disables session ticket support This is implied by the priority string PFS.
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/ext_master_secret.c, lib/gnutls_kx.c: do not negotiate nor
+	use the 'extended master secret' in SSL 3.0 According to Alfredo Pironti support for that protocol will be
+	dropped from the draft.
+
+2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cross.mk: compile 3.3.9 by default
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c: always send the mandatory extensions (even
+	in SSL 3.0) The only way to force no extensions and usage of SCSVs is the
+	%NO_EXTENSIONS priority string.
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/ext_master_secret.c: EXT MASTER SECRET moved to mandatory
+	extensions
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/Makefile.am: check and use libnsl (used in
+	solaris)
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/coff/aes-ssse3-x86_64.s,
+	lib/accelerated/x86/coff/aesni-x86.s,
+	lib/accelerated/x86/coff/aesni-x86_64.s,
+	lib/accelerated/x86/coff/e_padlock-x86_64.s,
+	lib/accelerated/x86/coff/ghash-x86_64.s,
+	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/coff/sha256-ssse3-x86.s,
+	lib/accelerated/x86/coff/sha512-ssse3-x86.s,
+	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
+	lib/accelerated/x86/elf/aes-ssse3-x86.s,
+	lib/accelerated/x86/elf/aes-ssse3-x86_64.s,
+	lib/accelerated/x86/elf/aesni-x86.s,
+	lib/accelerated/x86/elf/aesni-x86_64.s,
+	lib/accelerated/x86/elf/cpuid-x86.s,
+	lib/accelerated/x86/elf/cpuid-x86_64.s,
+	lib/accelerated/x86/elf/e_padlock-x86.s,
+	lib/accelerated/x86/elf/e_padlock-x86_64.s,
+	lib/accelerated/x86/elf/ghash-x86_64.s,
+	lib/accelerated/x86/elf/sha1-ssse3-x86.s,
+	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/elf/sha256-ssse3-x86.s,
+	lib/accelerated/x86/elf/sha512-ssse3-x86.s,
+	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
+	lib/accelerated/x86/macosx/aes-ssse3-x86_64.s,
+	lib/accelerated/x86/macosx/aesni-x86.s,
+	lib/accelerated/x86/macosx/aesni-x86_64.s,
+	lib/accelerated/x86/macosx/e_padlock-x86_64.s,
+	lib/accelerated/x86/macosx/ghash-x86_64.s,
+	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/macosx/sha256-ssse3-x86.s,
+	lib/accelerated/x86/macosx/sha512-ssse3-x86.s,
+	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
+	sources
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* devel/openssl: updated perl asm sources
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* cfg.mk: use the GNU-stack note in linux systems
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* gl/Makefile.am, gl/m4/extern-inline.m4, gl/m4/gnulib-common.m4,
+	gl/m4/manywarnings.m4, gl/m4/stdlib_h.m4, gl/m4/threadlib.m4,
+	gl/m4/unistd_h.m4, gl/stdlib.in.h, gl/tests/fcntl.in.h,
+	gl/unistd.in.h, gl/vasnprintf.c, maint.mk, src/gl/Makefile.am,
+	src/gl/error.c, src/gl/getpass.c, src/gl/m4/extern-inline.m4,
+	src/gl/m4/gnulib-common.m4, src/gl/m4/stdlib_h.m4,
+	src/gl/m4/unistd_h.m4, src/gl/parse-datetime.y, src/gl/stdlib.in.h,
+	src/gl/sys_select.in.h, src/gl/unistd.in.h, src/gl/vasnprintf.c: 
+	updated gnulib
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/pkcs11-get-issuer.c: tests: check the issuer value
+	validity of gnutls_x509_trust_list_get_issuer
+
+2014-10-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: corrected bug in
+	gnutls_x509_trust_list_get_issuer() when used without the
+	GNUTLS_TL_GET_COPY flag
+
+2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/slow/Makefile.am: tests: include minitasn1 when needed
+
+2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/danetool.c: use HAVE_DANE ifdef for unused functions
+
+2014-10-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/libgnutls.map: exported gnutls_fd_in_use
+
+2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: document gnutls_fd_in_use()
+
+2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: gnutls_fd_in_use: mention version
+
+2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: corrected FIND_OBJECT loop when the token
+	func is used
+
+2014-10-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+	lib/nettle/rnd-common.c, lib/random.h: added gnutls_fd_in_use() to
+	check whether a file descriptor is in use
+
+2014-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_state.h: added prototype to avoid compiler warning
+
+2014-10-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/pk.c: fips140-2: limit the FIPS code in fips mode
+
+2014-10-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/pk.c: fips140-2: use the FIPS algorithms only when in
+	FIPS140-2 mode
+
+2014-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/dtls/dtls-stress.c: dtls-stress: reindented code
+
+2014-10-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/dtls/dtls-stress.c: tests: dtls-stress: only replay when
+	send succeeds
+
+2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testsrn: testsrn: do not assume that SSL 3.0 is
+	enabled by default
+
+2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/tests.c, src/tests.h: gnutls-cli-debug: added
+	test that checks the fallback from TLS 1.6
+
+2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
+	lib/libgnutls.map: added _gnutls_hello_set_default_version() which
+	allows to override the clienthello version
+
+2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-args.def: gnutls-cli: prevent the combination of the -p
+	and --list options As -p may be mistaken for --priority that would prevent wrong
+	outputs.
+
+2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high2.c: avoid d from getting out of scope
+
+2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/udp-serv.c: gnutls-serv: avoid possible buffer overrun
+
+2014-10-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: avoid memory leak on
+	gnutls_x509_privkey_generate() failure
+
+2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-args.def, src/cli.c: gnutls-cli: added option
+	--priority-list
+
+2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: added gnutls_priority_string_list(), a function
+	to iterate all priority strings
+
+2014-10-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: put all priority strings into a table
+
+2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: updated documentation for SSL 3.0 removal
+
+2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: SSL 3.0 is no longer on the default
+	priorities list
+
+2014-10-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/dsa-fips.h, lib/nettle/int/dsa-keygen-fips186.c,
+	lib/nettle/int/dsa-validate.c: in FIPS140-2 mode only disable
+	1024-bit DSA parameters when generating
+
+2014-10-14  Ludovic Courtès <ludo@gnu.org>
+
+	* guile/src/core.c: guile: Remove trailing zero in
+	'gnutls_server_name_set' call.  In GnuTLS 3.2.19 (and possibly 3.3.9 and 3.1.17),
+	'set-session-server-name!' would pass a trailing nul character on
+	the wire after the server name, which would thus be rejected by
+	servers.
+
+2014-10-14  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/libopts/Makefile.am: corrected libopt's Makefile.am reported by Marius Schamschula.
+
+2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c: use _gnutls_hash_fast() in DSA/ECDSA
+	verification
+
+2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/dsa-fips.h, lib/nettle/int/provable-prime.c,
+	lib/nettle/int/rsa-keygen-fips186.c: FIPS140-2 RSA key generation
+	changes to account for seed starting with null byte
+
+2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/sha-x86-ssse3.c: corrected the SSSE3 optimized
+	SHA224
+
+2014-10-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/rnd-common.c: simplified getrusage code; the failure
+	check code wasn't needed
+
+2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/rsa-keygen-fips186.c: use lcm(p-1,q-1) instead of
+	phi(n) for RSA key generation in FIPS-140-2 mode
+
+2014-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/x509-extensions.c: tests: added check for import failure of
+	v1 certificate with extensions
+
+2014-10-13  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509.c: do not allow importing X.509 certificates with
+	version < 3 and extensions present
+
+2014-10-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cfg.mk: update the guile manual along the C one
+
+2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/libopts/Makefile.am, src/libopts/ag-char-map.h,
+	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
+	src/libopts/autoopts.h, src/libopts/autoopts/options.h,
+	src/libopts/autoopts/usage-txt.h, src/libopts/compat/_Noreturn.h,
+	src/libopts/genshell.c, src/libopts/genshell.h,
+	src/libopts/intprops.h, src/libopts/m4/libopts.m4,
+	src/libopts/m4/stdnoreturn.m4, src/libopts/option-value-type.c,
+	src/libopts/option-value-type.h,
+	src/libopts/option-xat-attribute.c,
+	src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
+	src/libopts/proto.h, src/libopts/stdnoreturn.in.h,
+	src/libopts/version.c: updated to libopts 5.18.4
+
+2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/rnd-common.c: place all rusage variables into
+	HAVE_GETRUSAGE block
+
+2014-10-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/nettle/rnd-common.c: rnd: if RUSAGE_THREAD fails try
+	RUSAGE_SELF
+
+2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/test-chains.h: tests: removed last remnants of
+	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE
+
+2014-10-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/pkcs11-combo.c: tests: pkcs11-combo: use unique db
+	file
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/heartbeat.c: forbid heartbeat messages during a handshake
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: 
+	added internal variable to track handshake status
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/ocsptool-common.c: ocsptool: avoid shadowing a global variable
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: removed flag
+	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* .gitignore: more files to ignore
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/pkcs11-is-known.c: tests: updated time in
+	pkcs11-is-known
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: handle errors from override_cert_exts as
+	fatal
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/chainverify.c, tests/suite/pkcs11-chainverify.c,
+	tests/test-chains.h: tests: allow running specific chainverify tests
+	on fixed dates
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.c: _gnutls_check_valid_key_id: corrected
+	activation/expiration check
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11:
+	simplified and optimized loop
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-crypto.texi: mention nettle as the recommended crypto
+	backend
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/Makefile.am, tests/suite/pkcs11-combo.c: tests: Added
+	check to ensure that trust list combination with extra certificates
+	works
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: when both a trust module and additional
+	CAs are present account the latter as well That solves an issue in openconnect which used the system trust
+	module, plus additional certificates.
+
+2014-10-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c, lib/x509/verify-high.h: simplify the
+	handling of trust_list_get_issuer() when GNUTLS_TL_GET_COPY is not
+	given
+
+2014-10-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/common.c: tools: print the status of safe renegotiation and
+	extended master secret
+
+2014-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/mini-x509.c, tests/resume.c: tests: check whether the
+	extended master secret is negotiated by default
+
+2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/Makefile.am, lib/ext/ext_master_secret.c,
+	lib/ext/ext_master_secret.h, lib/gnutls_constate.c,
+	lib/gnutls_extensions.c, lib/gnutls_handshake.c,
+	lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+	lib/gnutls_session_pack.c, lib/gnutls_state.c,
+	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added support
+	for the extended master secret calculation That is performed implicitly unless GNUTLS_NO_EXTENSIONS is
+	specified.  The implementation follows
+	draft-ietf-tls-session-hash-02.
+
+2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/pk.c: corrected assignment
+
+2014-10-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map: corrected the name of exported function
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/mini-dtls-discard.c: tests: added check
+	for gnutls_record_discard_queued()
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_record.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: Added gnutls_record_discard_queued() That function allows to discard queued data in DTLS.
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/test-chains.h: tests: corrected test for v1 cert signing
+	(removed bogus authorityIdentifier)
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: only set the authority key identifier,
+	if there is a corresponding subject key identifier
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: do not shortcut checks when
+	GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY is specified
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: always
+	check for a valid subjectKeyIdentifier match That way, expired certificates can co-exist with their replacements.
+
+2014-10-06  Armin Burgmeier <armin@arbur.net>
+
+	* tests/suite/pkcs11-chainverify.c: Add a test for PKCS11 CA
+	iteration Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-10-06  Armin Burgmeier <armin@arbur.net>
+
+	* lib/x509/verify-high.c: Also iterate over the CA certificates in a
+	PKCS11 token Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-10-06  Armin Burgmeier <armin@arbur.net>
+
+	* lib/x509/verify-high2.c: Return an error if multiple PKCS11 URLs
+	are added to a trust list Before, the new URL would overwrite the old URL, and the memory of
+	theold URL would be leaked. It is documented that only one URL can
+	be used, so it should be safe to reject any attempt to add another
+	one.  Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c, lib/x509/common.c, lib/x509/common.h: pkcs11: when
+	no CKA_ID can be relied on fallback on checking the
+	SubjectKeyIdentifier Patch by David Woodhouse.
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 ECDH
+	verification functions
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/gnutls.h.in: removed unused definition
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map, lib/nettle/pk.c: added FIPS140-2 DH
+	verification functions
+
+2014-10-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/pkcs11-is-known.c: tests: corrected check with
+	gnutls_x509_trust_list_get_issuer
+
+2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/verify-high2.c: corrected remove_pkcs11_url()
+
+2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: address memory leak in gnutls_pkcs11_crt_is_known()
+
+2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/Makefile.am, tests/suite/pkcs11-is-known.c: tests:
+	check gnutls_pkcs11_crt_is_known() when multiple same DNs are
+	present
+
+2014-10-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: pkcs11: when checking for presence do not give up on
+	the first mismatch
+
+2014-10-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/verify-high2.c: doc update: clarifications in
+	gnutls_x509_trust_list_add_trust_file
+
+2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: corrected compilation for non-pkcs11;
+	reported by David Woodhouse.
+
+2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c: avoid calls in gnutls_init()
+
+2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_dtls.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+	lib/gnutls_state.c: the handshake function has a timeout value by
+	default
+
+2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/session_ticket.c: use wait and retransmit when receiving
+	session tickets
+
+2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/dtls/dtls, tests/dtls/dtls-stress.c: tests: added -r option
+	to dtls-stress That allows it to replay messages in a kind of arbitrary way.
+
+2014-10-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_global.c: report the FIPS140-2 mode
+
+2014-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/pkcs11-get-issuer.c, tests/x509cert.c: tests: added
+	check for GNUTLS_TL_GET_COPY
+
+2014-10-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/includes/gnutls/x509.h,
+	lib/x509/ocsp.c, lib/x509/verify-high.c: Added GNUTLS_TL_GET_COPY
+	flag and documented the limitations of
+	gnutls_x509_trust_list_get_issuer()
+
+2014-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/opencdk/stream.h: opencdk: changed filter_fnct_t to match the
+	actual function prototypes
+
+2014-09-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: updated news entry
+
+2014-09-30  Ludovic Courtès <ludo@gnu.org>
+
+	* doc/gnutls-guile.texi: guile: doc: Remove erroneous @ifnottex.
+
+2014-09-30  Ludovic Courtès <ludo@gnu.org>
+
+	* NEWS: Add NEWS entry for Guile changes.
+
+2014-09-30  Ludovic Courtès <ludo@gnu.org>
+
+	* doc/gnutls-guile.texi: guile: doc: Make it clear that the bindings
+	are part of GnuTLS.
+
+2014-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c: if receiving a ChangeCipherSpec fails,
+	return GNUTLS_E_UNEXPECTED_PACKET That is more precise than the current
+	GNUTLS_E_UNEXPECTED_PACKET_LENGTH
+
+2014-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/x86-common.c: use __hidden in solaris to
+	provide the hidden visibility attribute
+
+2014-09-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/accelerated/x86/x86-common.h: no need to define
+	_gnutls_x86_cpuid_s
+
+2014-09-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cipher.c, lib/nettle/cipher.c: use
+	MAX_CIPHER_BLOCK_SIZE more consistently
+
+2014-09-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_buffers.c, lib/gnutls_handshake.c: do not allow
+	GNUTLS_E_LARGE_PACKET to be returned from non-DTLS sessions
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/system.c: gnutls_x509_trust_list_add_system_trust() will not
+	allow duplicate entries
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/danetool.c, src/tpmtool.c: more compiler warning fixes
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: configure: enabled more warnings
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/session_ticket.c, lib/gnutls_dtls.h,
+	lib/gnutls_privkey.c, lib/openpgp/output.c, lib/random.c,
+	lib/system.c, lib/x509/ocsp_output.c, lib/x509/pkcs12.c,
+	src/certtool.c, src/cli.c: fixed compilation warnings
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/verify-high2.c: use _DIRENT_HAVE_D_TYPE to detect
+	d->d_type
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/x509.c: corrected type
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: configure: don't both with checks for padlock in
+	non-x86
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am, lib/libgnutls.map,
+	symbols.last: updated auto-generated files
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* Makefile.am, README-alpha, devel/abi.xml, devel/abi3.2.xml: run
+	abi-compliance-checker prior to release
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/libgnutls.map: indented symbols
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c: 
+	protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an
+	infinite loop on handshake
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_errors.c: removed unused error values
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_record.h: 
+	restrict the number of non-fatal errors gnutls_handshake() can
+	return
+
+2014-09-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_errors.c: optimized gnutls_error_is_fatal() by
+	splitting the errors to two tables
+
+2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
+	lib/includes/gnutls/openpgp.h, lib/openpgp/gnutls_openpgp.c,
+	tests/openpgp-auth.c, tests/x509cert.c: use unsigned types in
+	prototypes
+
+2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: enable gcc warnings by default
+
+2014-09-23  Armin Burgmeier <armin@arbur.net>
+
+	* tests/openpgp-auth.c, tests/x509cert.c: Check the credentials
+	getter functions as part of the unit tests
+
+2014-09-18  Armin Burgmeier <armin@arbur.net>
+
+	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
+	lib/x509/verify-high.c: Add an interface to iterate the trusted CA
+	certificates in a trust list Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-18  Armin Burgmeier <armin@arbur.net>
+
+	* lib/includes/gnutls/openpgp.h, lib/libgnutls.map,
+	lib/openpgp/gnutls_openpgp.c: Add getter functions for openpgp keys
+	and certificates Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-17  Armin Burgmeier <armin@arbur.net>
+
+	* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: Add functions to obtain X.509 keys and
+	certificates from certificate credentials Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
+	lib/libgnutls.map: enabled gnutls_privkey_export_pkcs11
+
+2014-09-17  Armin Burgmeier <armin@arbur.net>
+
+	* lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
+	lib/libgnutls.map: Add functions to export X.509 and OpenPGP private
+	keys from the abstract type Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-17  Armin Burgmeier <armin@arbur.net>
+
+	* lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map: 
+	Add a function to obtain the trust list of a
+	gnutls_certificate_credentials_t Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_pubkey.c: doc update
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* .gitignore: more files to ignore
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS, lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h: removed
+	gnutls_pcert_get_type()
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: only enable crywrap if libidn is present
+
+2014-09-22  Ludovic Courtès <ludo@gnu.org>
+
+	* guile/src/core.c: guile: Restore cross-reference in
+	'set-session-priorities!' docstring.  This had been destroyed in 32d90395.
+
+2014-09-22  Ludovic Courtès <ludo@gnu.org>
+
+	* guile/modules/gnutls.in, guile/modules/gnutls/build/enums.scm,
+	guile/src/core.c, guile/tests/anonymous-auth.scm: guile: Add
+	bindings for 'gnutls_server_name_set'.  This adds the 'set-session-server-name!' procedure and the
+	'server-name-type' enum type.
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/chainverify.c, tests/suite/certs/create-chain.sh,
+	tests/suite/pkcs11-chainverify.c, tests/test-chains.h: tests: Added
+	checks for key purpose verification
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
+	lib/includes/gnutls/x509.h, lib/x509/common.h,
+	lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: 
+	Verify key purpose on intermediate certificate if
+	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE is specified That introduces the verification flag
+	GNUTLS_VERIFY_KEY_PURPOSE_ON_INTERMEDIATE, and the verification
+	result GNUTLS_CERT_PURPOSE_MISMATCH. The reason that this
+	verification test must be explicitly enabled is because it is only
+	defined in CA Forum's Baseline requirements 1.1.9 but not any IETF
+	document.
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def: certtool: updated the extended key usage
+	documentation
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/gnutls.h.in: added missing prototype
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-09-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/abstract_int.h, lib/gnutls_privkey.c,
+	lib/includes/gnutls/abstract.h, lib/libgnutls.map: introduced
+	gnutls_privkey_import_ext3() That function allows copying an external specified private key, as
+	well as allow variability on the capabilities of an external key.
+
+2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cross.mk: updated cross.mk
+
+2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/output.c: when printing a certificate request also print
+	its signature algorithm
+
+2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c: 
+	added gnutls_x509_crq_get_signature_algorithm()
+
+2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/abstract.h: Added missing prototype
+
+2014-09-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
+	lib/pkcs11_privkey.c: Added gnutls_pkcs11_privkey_cpy()
+
+2014-09-17  Armin Burgmeier <armin@arbur.net>
+
+	* lib/gnutls_ui.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: Add gnutls_certificate_get_verify_flags Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-17  Armin Burgmeier <armin@arbur.net>
+
+	* lib/gnutls_pcert.c, lib/includes/gnutls/abstract.h,
+	lib/libgnutls.map: Add API to retrieve a X.509 or OpenPGP
+	certificate from a gnutls_pcert_t Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-18  Armin Burgmeier <armin@arbur.net>
+
+	* lib/x509/verify-high.c: Memory leak fix on certificate copy
+	failure Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-17  Armin Burgmeier <armin@arbur.net>
+
+	* lib/gnutls_ui.c: Fix a documentation typo Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* cfg.mk, lib/accelerated/x86/files.mk: regenerated files.mk
+
+2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* libdane/dane.c: libdane: do not require the CA to be a direct CA
+
+2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/scripts/common.sh, tests/suite/testpkcs11: tests: enhanced
+	test suite to pass more of the PKCS #11 API under valgrind
+
+2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/serv-args.def, src/serv.c: gnutls-serv: added the --provider
+	option
+
+2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/common.c: tools: corrected pin entry
+
+2014-09-19  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_x509.c: cleaned up memory deallocation in
+	read_cert_url() That caused unexpected results when loading PKCS #11 URLs.  Reported
+	by Joseph Peruski.
+
+2014-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/certtool.cfg: updated certtool.cfg
+
+2014-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/test-chains.h: tests: added checks with modified certificate This tests whether a modified of a DER certificate, that is
+	cancelled out while we parse it, would result to a good signature.
+
+2014-09-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: require explicit disabling of PKCS #11 in configure
+
+2014-09-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* devel/DCO/people-dco.txt: Added Armin's DCO
+
+2014-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c, lib/x509/verify.c: updated details on
+	certificate verification
+
+2014-09-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac: depend on p11-kit 0.20.7
+
+2014-09-16  Armin Burgmeier <armin@arbur.net>
+
+	* lib/x509/verify.c, tests/test-chains.h: Check for all error
+	conditions when verifying a certificate This allows to check for all possible flaws with a certificate chain
+	with a single call to gnutls_x509_crt_list_verify and friends.  Signed-off-by: Armin Burgmeier <armin@arbur.net>
+
+2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/pkcs11x.h: depend on p11-kit 0.20.6
+
+2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify.c: removed unneeded set of status
+
+2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify.c: pkcs11: when a signer isn't found in PKCS #11
+	force the verification of the chain That allows obtaining any additional flags from the chain such as
+	insecure algorithms or expirations.
+
+2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/psk.c: psktool: corrected resource leak on failure
+
+2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_x509.c: added sanity check on cleanup
+
+2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/verify-tofu.c: removed unused variable
+
+2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: corrected typo in printing error
+
+2014-09-17  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: correctly reallocate the read buffer Report and patch by David Woodhouse.
+
+2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-cert-auth.texi: updated documentation on PKCS #11 trust
+	module verification
+
+2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.h, lib/x509/verify-high.c, lib/x509/verify.c: 
+	unified the key purpose checks functions
+
+2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/x509.h, lib/x509/common.h,
+	lib/x509/verify-high.c, lib/x509/verify.c: check for CAs with the
+	same key in gnutls_x509_trust_list_add_cas That way when GNUTLS_TL_NO_DUPLICATE_KEY is specified the added CA
+	will overwrite any previous one with the same name and key.
+
+2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: hostname and key purpose checks were moved
+	above CRL checks
+
+2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/output.c, lib/x509/x509_ext.c: doc update
+
+2014-09-16  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/crl.c: corrected gnutls_x509_crl_get_raw_issuer_dn()
+
+2014-09-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/scripts/common.sh: tests: use the PID number in RPORT The shell's RANDOM isn't that random.
+
+2014-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/minitasn1/decoding.c: updated libtasn1
+
+2014-09-15  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: documented the environment variables
+
+2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, lib/pkcs11.c, lib/pkcs11x.c, lib/pkcs11x.h: simulate
+	pkcs11x.h when it doesn't exist
+
+2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/crlverify.c: tests: Added crlverify to
+	check gnutls_x509_crl_verify and gnutls_x509_trust_list_add_crls
+
+2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/certs/create-chain.sh: create-chain.sh: generate CRL
+
+2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
+	invalid status Reported by Armin Burgmeier.
+
+2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/verify.c: Revert "gnutls_x509_crl_verify: do not always
+	set the invalid status" This reverts commit a922ee10c5f3902988e5730a1e6fbf77b033058c.
+
+2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/verify.c: gnutls_x509_crl_verify: do not always set the
+	invalid status Reported by Armin Burgmeier.
+
+2014-09-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_ui.c: doc update
+
+2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11x.c: added missing file
+
+2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: print Attached Extensions, instead of
+	extensions
+
+2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: when adding a duplicate certificate, keep
+	the last entry
+
+2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/Makefile.am, lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
+	lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_write.c, lib/pkcs11x.h,
+	lib/verify-tofu.c, lib/x509/common.c, lib/x509/common.h: added
+	gnutls_pkcs11_copy_attached_extension()
+
+2014-09-12  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/pkcs11-get-issuer.c: pkcs11-get-issuer: do not
+	hardcode the chain number, use its name
+
+2014-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: Revert
+	"corrected planned version number" This reverts commit 5e44f432580f8b9533223acc3060db26446f0e96.
+
+2014-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/x509-ext.h, lib/libgnutls.map,
+	lib/x509/output.c, lib/x509/x509.c, lib/x509/x509_ext.c,
+	src/pkcs11.c: fixes in the extension handling
+
+2014-09-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: will print trust module extensions if
+	present
+
+2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c, lib/x509/verify.c, lib/x509/x509_int.h: 
+	check the key purpose of the CA certificate when in pkcs11 cert
+	validation
+
+2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
+	lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/pkcs11.c,
+	lib/pkcs11_int.c, lib/pkcs11_int.h, lib/x509/common.h,
+	lib/x509/output.c, lib/x509/x509_ext.c: allow retrieving extensions
+	in a trust module using
+	GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT
+
+2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/verify-tofu.c, lib/x509/common.h, lib/x509/extensions.c,
+	lib/x509/ocsp.c: export x509_crt_to_raw_pubkey() in x509/common.h
+	and prefixed s/get_extension with _gnutls
+
+2014-09-10  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: doc update
+
+2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/crq.c, lib/x509/verify-high.c, lib/x509/x509.c: corrected
+	planned version number
+
+2014-09-09  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_cert.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
+	lib/includes/gnutls/x509.h, lib/libgnutls.map,
+	lib/x509/verify-high.c: gnutls_x509_trust_list_verify_crt2 is in par
+	with gnutls_certificate_verify_peers That is, it accepts a list of gnutls_typed_vdata_st and allows for
+	flexibility.
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/x509_ext.c: doc update
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/crq.c,
+	lib/x509/x509.c: Added gnutls_x509_crt_get_extension_by_oid2() and
+	gnutls_x509_crq_get_extension_by_oid2()
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_x509.c, lib/includes/gnutls/x509.h, lib/libgnutls.map,
+	lib/x509/verify-high.c: Added
+	gnutls_x509_trust_list_verify_purpose_crt()
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/tpmtool.c: tpmtool: corrected key password read
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/danetool.c: set umask prior to calling mkstemp
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high.c: initialize verification output to zero
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_buffers.c: dtls: when discarding packet, discard the
+	correct number of bytes
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/hostname-verify.c: check_ip: initialize ret
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/tpm.c: gnutls_tpm_privkey_generate: initialize input values to
+	null to prevent any issue
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: do not dereference find_data->p_list in pkcs11
+	callback
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/rnd-fips.c: corrected issue in fips RNG
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/pk.c: added comment to clarify check
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/opencdk/literal.c: opencdk: corrected unsigned comparison
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/tpm.c: fixes in loop for SRK password input
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/common.c: apps: corrected GNUTLS_PIN reading
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high2.c: gnutls_x509_trust_list_add_trust_dir:
+	corrected CRL loading error
+
+2014-09-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-cfg.c: certtool: corrected copy+paste error
+
+2014-09-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/suppressions.valgrind, tests/suppressions.valgrind: 
+	tests: simply valgrind suppressions for libidn
+
+2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/dsa/testdsa, tests/openpgp-certs/testcerts,
+	tests/scripts/common.sh, tests/suite/testcompat-main,
+	tests/suite/testpkcs11, tests/suite/testsrn: use random ports in
+	tests, unless a port is provided
+
+2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high2.c: corrected usage of readdir_r()
+
+2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/ocsptool-common.c: ocsptool: better error message
+
+2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify-high2.c: reentrant fixes for
+	gnutls_x509_trust_list_add_trust_dir() handle unknown file types
+
+2014-09-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def: doc update
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/x509_dn.c: optimized escaped comma handling
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* m4/hooks.m4, tests/ocsp.c: require libtasn1 3.9 or later That is because of the ocsp fix.
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/crq_apis.c: tests: extended crq API checks
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/x509_write.c: doc update
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/x509_dn.c: when setting a DN properly handle spaces and
+	escaped commas
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.c: simplified _gnutls_x509_get_signed_data()
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+	lib/x509/x509.c: The get_raw_dn() functions were modified to work
+	even if the certificate is generated (not imported)
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_dtls.c: Disallow zero fragments in DTLS for packets
+	which have data.  Reported by Manuel Pégourié-Gonnard.
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/mini-dtls-lowmtu.c: tests: Check the
+	behavior of a DTLS server in a low-mtu scenario.  http://permalink.gmane.org/gmane.network.gnutls.general/3582
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/vasprintf.c: steal openconnect's vasprintf()
+	implementation
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/vasprintf.c: corrected bundled vasprintf(); reported by Jeff
+	Lee
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/minitasn1/decoding.c, lib/minitasn1/libtasn1.h: updated
+	libtasn1
+
+2014-09-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/ocsp.c: tests: Added tests on the invalid OCSP response
+
+2014-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c: fips140: check the integrity of GMP
+
+2014-09-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.h, lib/x509/verify.c: when comparing an
+	end-certificate with the trusted list compare the entire certificate
+
+2014-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/test-chains.h: tests: Added test for amazon.com chain with
+	new verisign CA.
+
+2014-09-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/x509/common.c,
+	lib/x509/common.h, lib/x509/crl.c, lib/x509/verify.c,
+	lib/x509/x509.c, lib/x509/x509_int.h: when comparing a CA
+	certificate with the trusted list compare the name and key That is to handle cases where a CA certificate was superceded by a
+	different one with the same name and the same key. That can happen
+	when an intermediate CA certificate is replaced by a self-signed
+	one.
+
+2014-09-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c, lib/fips.h, lib/gnutls_global.c,
+	lib/nettle/int/dsa-fips.h: perform the FIPS140-2 self tests in two
+	rounds One round is before the AES acceleration is registered, and the
+	second is after. That is to allow testing of the AES implementation
+	used in the DRBG. That is a hack until nettle handles all cipher
+	acceleration.
+
+2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c: name constraints: do not check CN
+	when a DNSname is available
+
+2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/drbg-aes-self-test.c, lib/nettle/int/drbg-aes.h: 
+	drbg-aes: added checks in the error handling of the functions That coverts the instantiate and generation functions.
+
+2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests.c: fips140: fail on encryption test failure
+
+2014-09-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/drbg-aes.c: drbg-aes: if the continuous test fails,
+	put the library into error state
+
+2014-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-tokens.texi, doc/cha-upgrade.texi, doc/latex/cover.tex: 
+	small doc updates
+
+2014-08-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/cha-tokens.texi, doc/latex/cover.tex: doc:
+	fixes in sectioning for p11tool and tpmtool invocation
+
+2014-08-29  Tristan Matthews <le.businessman@gmail.com>
+
+	* lib/ext/alpn.c: alpn: fix version documentation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/pkcs11.c: p11tool: allow printing multiple types of tokens
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/hostname-verify.c: remove text not applicable in that
+	version
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/hostname-verify.c: refer to rfc6125
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: additional sanity check in RSA key generation
+	testing in FIPS-140-2 mode The encrypted data are checked to differ from the plaintext, to
+	prevent any issues with an accidental null encryption.
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: when in FIPS140-2 mode switch the library to
+	error state if key generation fails
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.c, lib/x509/crl.c, lib/x509/x509.c: avoid new
+	allocations and keep a pointer to the DER data for DN
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/crl.c, lib/x509/verify.c, lib/x509/x509_int.h: when
+	importing a CRL keep the DER data
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
+	lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h: when
+	importing a certificate, keep the DER data
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/ext/session_ticket.c: doc update
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* cfg.mk, configure.ac, devel/openssl,
+	lib/accelerated/x86/Makefile.am, lib/accelerated/x86/x86-common.c: 
+	added configuration option --disable-padlock That allows keeping hardware acceleration in x86 but without support
+	for padlock.
+
+2014-08-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
+	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
+	lib/accelerated/x86/elf/ghash-x86_64.s,
+	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
+	lib/accelerated/x86/macosx/ghash-x86_64.s,
+	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: Revert "updated
+	asm sources" This reverts commit 97895066e18abc5689ede9af1a463539ea783e90.
+
+2014-08-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: when listing tokens, list their type as
+	well
+
+2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/x86-common.c: hide _gnutls_x86_cpuid_s
+
+2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* devel/openssl, lib/accelerated/x86/coff/ghash-x86_64.s,
+	lib/accelerated/x86/coff/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/coff/sha512-ssse3-x86_64.s,
+	lib/accelerated/x86/elf/ghash-x86_64.s,
+	lib/accelerated/x86/elf/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/elf/sha512-ssse3-x86_64.s,
+	lib/accelerated/x86/macosx/ghash-x86_64.s,
+	lib/accelerated/x86/macosx/sha1-ssse3-x86_64.s,
+	lib/accelerated/x86/macosx/sha512-ssse3-x86_64.s: updated asm
+	sources
+
+2014-08-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: gnutls_pkcs11_obj_list_import_url2() will import
+	data in a single pass
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/suppressions.valgrind: tests: added more idna valgrind
+	suppressions
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: when reading PKCS #11 objects, read multiple
+	objects at a time That improves the performance significantly when reading from tokens
+	with a significant number of objects. Reported by David Woodhouse.
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: do not fail the entire operation if a single
+	object cannot be imported
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: allow objects without label or without ID
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/test-chains.h: tests: updated name constraints checks to not
+	include a CN
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am,
+	tests/cert-tests/name-constraints-err.pem,
+	tests/cert-tests/name-constraints-err.pem.out,
+	tests/cert-tests/verify-test: Revert "tests: Added a nameconstraints
+	test based on the CN bypass" The bypass check was included in
+	chainverify.  This reverts commit c9417bcc0614aaa2668486d294f5759b4082a23a.
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c, lib/x509/x509.c: doc update
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/verify.c: only check name constraints in non-CA
+	certificates
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c: ignore constraints for different type
+	than the checked
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/cert-tests/Makefile.am,
+	tests/cert-tests/name-constraints-err.pem,
+	tests/cert-tests/name-constraints-err.pem.out,
+	tests/cert-tests/verify-test: tests: Added a nameconstraints test
+	based on the CN bypass That was discussed in:
+	http://permalink.gmane.org/gmane.comp.encryption.openssl.devel/26660
+
+2014-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/name_constraints.c: when verifying name constrains
+	enforce the single CN rule
+
+2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* cross.mk: cross.mk: compile gnutls without p11-kit by default
+
+2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* cross.mk: cross.mk: do not delete the pkgconfig directory
+
+2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* devel/DCO/people-dco.txt: Added Alon's DCO link
+
+2014-08-25  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/libopts/autoopts.h: check for stdnoreturn.h presence
+
+2014-08-24  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* tests/Makefile.am, tests/x509cert-tl.c: build: tests: x509cert-tl:
+	support separate builddir Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2014-08-24  Alon Bar-Lev <alon.barlev@gmail.com>
+
+	* lib/gnutls_privkey.c: build: condition pkcs11 block Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
+
+2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_record.c: record: tolerate a finished packet with
+	errors in DTLS
+
+2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_record.c: record: in DTLS discard only messages that
+	cause unexpected packet errors
+
+2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/suppressions.valgrind: tests: suppress more libidn
+	warnings
+
+2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/danetool.c: danetool: ensure the temporary file is always
+	removed
+
+2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/ext/server_name.c, lib/includes/gnutls/gnutls.h.in: the
+	server_name extension will convert input and output names to IDNA.
+
+2014-08-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/Makefile.am, src/socket.c: tools: use idna_to_ascii_8z() to
+	convert internationalized hostnames
+
+2014-08-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/gnutls-idna.h, lib/x509/hostname-verify.c,
+	lib/x509/output.c: hostname-verify: use idn_free()
+
+2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_errors.c: doc update
+
+2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/dsa-keygen-fips186.c: prevent 1024-bit DSA
+	parameter generation only when FIPS-mode is enabled.
+
+2014-08-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/dsa-keygen-fips186.c: Revert "removed pbits=1024,
+	qbits=160 from the acceptable bit sizes in FIPS140-2 DSA parameter
+	generation." This reverts commit 110527d9bb9ca70a66ae8173769067f133fd3cf7.
+
+2014-08-21  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/system.c: use the windows API in windows even if iconv is
+	available
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* cross.mk: win32: updated Makefile and added the ability build
+	openconnect
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac: check for the correct version of libidn
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/hostname-check.c: tests: Added case sensitive checks in
+	hostname verification
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/suppressions.valgrind: tests: copied valgrind
+	suppressions to suite
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/minitasn1/decoding.c: updated libtasn1
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suppressions.valgrind: tests: suppress valgrind warnings due
+	to libidn
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/Makefile.am, lib/x509/gnutls-idna.h,
+	lib/x509/hostname-verify.c, lib/x509/output.c: 
+	gnutls_x509_crt_print() will print the IDNA A-label names as well.
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/hostname-check.c: tests: added UTF-8 hostname comparison
+	checks
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/Makefile.am, lib/x509/hostname-verify.c: Added
+	support for RFC6125 hostname comparison That adds the dependency on libidn.
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/Makefile.am, lib/x509/hostname-verify.c,
+	lib/x509/rfc2818_hostname.c: renamed rfc2818_hostname to
+	hostname-verify The file no longer follows RFC2818.
+
+2014-08-20  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/minitasn1/decoding.c: updated minitasn1
+
+2014-08-18  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
+	lib/x509/x509.c, lib/x509/x509_int.h: Safer reinitialization of
+	structures on re-import to avoid memory leaks.  That also adds the gnutls_pkcs7_t structure into the list of allowed
+	to re-import.
+
+2014-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/verify-tofu.c: doc update
+
+2014-08-17  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/verify-tofu.c: doc update
+
+2014-08-16  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/crl.c, lib/x509/pkcs12.c, lib/x509/privkey.c,
+	lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h: 
+	Re-initialize the ASN.1 structures on every import That allows to import a key/certificate on a structure even if the
+	previous import failed.
+
+2014-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-args.def, src/cli.c: gnutls-cli: added --fips140-mode
+	command line option That option will report the status of the FIPS140-2 mode in the
+	library.
+
+2014-08-14  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c: The environment variable GNUTLS_FORCE_FIPS_MODE can be
+	used to force the FIPS-140-2 mode
+
+2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/common.h: gnutls-cli/danetool: corrected check on ipv6 IPs
+
+2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/rfc2818_hostname.c: Follow the rfc6125 requirement that a
+	single CN must be present for hostname verification.  Follow up on the original commit that simplifies checking for more
+	than a single hostname.
+
+2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug.c, src/cli.c, src/common.h, src/danetool.c: 
+	gnutls-cli/danetool: added a common check for hostname being an IP
+
+2014-08-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/rfc2818_hostname.c, tests/hostname-check.c: Follow the
+	rfc6125 requirement that a single CN must be present for hostname
+	verification.
+
+2014-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/hostname-check.c: tests: check that
+	gnutls_x509_crt_check_hostname() will correctly use the last CN when
+	multiple
+
+2014-08-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/rfc2818_hostname.c: when checking the hostname of a
+	certificate with multiple CNs use the "most specific" CN In our case we use the last CN present in the DN. Reported by David
+	Woodhouse.  https://bugzilla.mozilla.org/show_bug.cgi?id=307234#c2
+
+2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/benchmark-cipher.c: gnutls-cli: more organized printing of
+	cipher benchmark output
+
+2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/benchmark-tls.c: gnutls-cli: removed salsa20 from the
+	benchmarked ciphers
+
+2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* m4/hooks.m4: bumped current and age version to allow 3.3.x
+	releases with new symbols
+
+2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs12_encr.c: _gnutls_pkcs12_string_to_key(): enforce a
+	block size of 64-bytes
+
+2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms.h, lib/algorithms/mac.c, lib/libgnutls.map: 
+	mac_to_entry -> _gnutls_mac_to_entry
+
+2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: gnutls_pkcs11_obj_flags_get_str: mention UNWRAP
+
+2014-08-11  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs12.c: pkcs12: added check for null OID in
+	gnutls_pkcs12_generate_mac2
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/pkcs12_encode.c: tests: check gnutls_pkcs12_generate_mac2()
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
+	lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_generate_mac2() That allows a choice on the MAC algorithm to be used.
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: --p12-info will provide information on
+	the MAC algorithm
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
+	lib/x509/pkcs12.c: pkcs12: added gnutls_pkcs12_mac_info to obtain
+	information on the MAC
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/libgnutls.map, tests/pkcs12_s2k.c: tests: updated string to
+	keys tests for new internal API
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12: 
+	tests: test the decoding of a PKCS #12 structure with SHA256 MAC
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/algorithms.h, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
+	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: pkcs12: Allow
+	verification with structures that support other than HMAC-SHA1 MACs.
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/gc.c: tests: remove test for nettle's pbkdf2; this is tested
+	in nettle
+
+2014-08-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/pkcs12.c: updated doc for gnutls_pkcs12_simple_parse()
+
+2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testdane: testdane: re-enabled DANE checks and added
+	checks on SMTP
+
+2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/danetool.c: danetool: obtain certificate only once
+
+2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: pkcs11:
+	modified prototype and doc to be recognized by doc parser
+
+2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug-args.def, src/danetool-args.def, src/socket.c: 
+	danetool/gnutls-cli-debug: added support for imap starttls
+
+2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/cli-debug-args.def, src/cli-debug.c: gnutls-cli-debug:
+	supports SMTP starttls
+
+2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/danetool-args.def, src/danetool.c, src/socket.c, src/socket.h: 
+	danetool: supports SMTP starttls
+
+2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/danetool-args.def, src/danetool.c, src/socket.c: danetool:
+	improvements in information presentation
+
+2014-08-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* libdane/dane.c: libdane: disable debugging mode
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c: updated documentation for
+	gnutls_handshake()
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/Makefile.am, src/cli.c, src/danetool.c,
+	src/ocsptool-common.c, src/socket.c, src/socket.h,
+	tests/suite/testdane: danetool: if the certificate to verify against
+	is not provide it try to obtain it
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c,
+	lib/x509/pbkdf2-sha1.h, lib/x509/privkey_openssl.c,
+	lib/x509/privkey_pkcs8.c, tests/gc.c: pbkdf2: removed internal
+	implementation, use nettle's
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pk.c: protect _gnutls_params_get_rsa_raw() from
+	crashing when exporting an RSA public key That could happen in case of PKCS #11 abstract keys.
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: corrected typo
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
+	p11tool: added --info parameter That allows obtaining information on a specific object.
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: pkcs11: added
+	GNUTLS_PKCS11_OBJ_ATTR_MATCH flag This flag allows listing only the tokens that match the URL.  That
+	is, this performs an object URL comparison, rather than a token URL
+	usage.
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool.c: p11tool: only print the debugging message in
+	debuglevel > 4
+
+2014-08-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: pkcs11: check CKA_UNWRAP as well for enabling
+	GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-intro-tls.texi: removed reference to UMAC
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-intro-tls.texi: removed references to SALSA20
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: doc update
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11: testpkcs11: rearranged checks to avoid
+	wrong deletions
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: pkcs11: simplified pkcs11_privkey handling A PKCS #11 always holds an open session to the key.
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+	src/pkcs11.c: gnutls_pkcs11_flags_get_str ->
+	gnutls_pkcs11_obj_flags_get_str
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-get-issuer.c: 
+	tests: ensure that no environment variables confuse softhsm
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11: testpkcs11: test the trusted and ca flags
+	being set
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+	lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/p11tool.c, src/pkcs11.c: 
+	pkcs11: added new functions to query the object's flags gnutls_pkcs11_obj_get_flags() allows obtaining an object's flags,
+	and gnutls_pkcs11_flags_get_str() allows printing them.
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h: pkcs11.h: introduced
+	gnutls_pkcs11_obj_flags
+
+2014-08-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11: testpkcs11: exit if
+	export_pubkey_of_privkey fails
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
+	p11tool: simplify the passing of flags and pass the key wrapping
+	flag
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* README: README: removed gmplib 4.2.2 reference
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/benchmark-tls.c: gnutls-cli: TLS benchmark parameters were
+	updated
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_privkey.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: 
+	_gnutls_privkey_get_mpis: extended to work for PKCS #11 keys
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c, lib/pkcs11_privkey.c: doc update
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
+	lib/pkcs11_privkey.c, src/pkcs11.c: changed semantics of
+	gnutls_pkcs11_privkey_get_pubkey; named
+	gnutls_pkcs11_privkey_export_pubkey
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: gnutls_pkcs11_privkey_get_pubkey: return
+	GNUTLS_E_INVALID_REQUEST on invalid params
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool.c: p11tool: activate the --batch option
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11: testpkcs11: Test the export of public key
+
+2014-08-06  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
+
+	* src/p11tool-args.def, src/p11tool.c, src/p11tool.h, src/pkcs11.c: 
+	add public key export to p11tool Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
+
+2014-08-04  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
+	lib/pkcs11_privkey.c: add pubkey export from private key in pkcs11
+	subsystem There are cases where we need to export the public key of private
+	key at a later time. Previously, the public key was only available
+	immediately after creation of a key pair. This patch allows to
+	retrieve the public key of a private key at any time after creation.  Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: documented flags format
+
+2014-08-04  Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
+
+	* lib/includes/gnutls/pkcs11.h, lib/pkcs11_privkey.c: improve
+	compatibility in pkcs11 key generation * add key wrap/unwrap key usage * explicitly set public exponent in template Signed-off-by: Wolfgang Meyer zu Bergsten <w.bergsten@sirrix.com>
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/cli-debug.c, src/tests.c: gnutls-cli-debug: added AES and
+	CAMELLIA to the list of default ciphers
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: doc update
+
+2014-08-06  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-gtls-app.texi: mention profile in security parameters
+	table
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* devel/DCO/people-dco.txt: Added people who have sent a DCO for
+	gnutls
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey_pkcs8.c: pkcs12: fixes in decryption with null
+	password
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: free unused variables
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/pkcs8-decode/Makefile.am,
+	tests/pkcs8-decode/suppressions.valgrind: added missing file
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c: certtool: print more information on PKCS #12
+	structures.  use gnutls_pkcs12_bag_enc_info to print more information on
+	encrypted PKCS #12 structures.
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/pkcs12.h, lib/libgnutls.map,
+	lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
+	lib/x509/x509_int.h: added new function to obtain information on a
+	PKCS #12 encrypted bag New function: gnutls_pkcs12_bag_enc_info()
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey_pkcs8.c: doc update
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/certtool.c: certtool: default pkcs-cipher is now 3des as in
+	PKCS #12
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/x509.h, lib/x509/privkey_pkcs8.c,
+	src/certtool.c: gnutls_pkcs8_info: will return OID value even on
+	unsupported structures
+
+2014-08-05  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_state.c, lib/x509/x509.c: doc: replaced non-0 with
+	non-zero
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS, src/certtool-args.def: doc update
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey_pkcs8.c: simplified decrypt_data() and initialize
+	parameters on decryption
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey_pkcs8.c: further increase iteration count
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c, tests/pkcs8-decode/Makefile.am,
+	tests/pkcs8-decode/openssl-3des.p8.txt,
+	tests/pkcs8-decode/openssl-aes128.p8.txt,
+	tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8: 
+	certtool: improved PKCS #8 information printing
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/pkcs8-decode/Makefile.am,
+	tests/pkcs8-decode/openssl-3des.p8,
+	tests/pkcs8-decode/openssl-3des.p8.txt,
+	tests/pkcs8-decode/openssl-aes128.p8,
+	tests/pkcs8-decode/openssl-aes128.p8.txt,
+	tests/pkcs8-decode/openssl-aes256.p8,
+	tests/pkcs8-decode/openssl-aes256.p8.txt, tests/pkcs8-decode/pkcs8: 
+	tests: added more PKCS #8 decoding tests
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: small fixes and
+	optimizations in PKCS #8 information
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool.c: certtool: added --p8-info
+	option
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
+	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: added new functions
+	to obtain information on PKCS #8 structures.  Added gnutls_pkcs8_info(), gnutls_pkcs_schema_get_name(), and
+	gnutls_pkcs_schema_get_oid().
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
+	lib/x509/privkey_pkcs8.c, lib/x509/x509_int.h: PKCS #8 encryption
+	support was made more compact and manageable
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs12.c: pkcs12: increased the number of iterations for
+	MAC
+
+2014-08-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/atfork.c: removed debugging info
+
+2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/atfork.h, lib/nettle/rnd-common.c, lib/system.h,
+	lib/x509/verify-high2.c: several windows compilation fixes
+
+2014-07-31  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/includes/gnutls/gnutls.h.in: gnutls.h: use _SYM_EXPORT to
+	export other than function symbols
+
+2014-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
+	src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
+	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
+	src/libopts/autoopts.c, src/libopts/autoopts.h,
+	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
+	src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
+	src/libopts/check.c, src/libopts/compat/compat.h,
+	src/libopts/compat/windows-config.h, src/libopts/configfile.c,
+	src/libopts/cook.c, src/libopts/enum.c, src/libopts/env.c,
+	src/libopts/file.c, src/libopts/find.c, src/libopts/genshell.c,
+	src/libopts/genshell.h, src/libopts/gettext.h, src/libopts/init.c,
+	src/libopts/load.c, src/libopts/m4/libopts.m4,
+	src/libopts/m4/liboptschk.m4, src/libopts/makeshell.c,
+	src/libopts/nested.c, src/libopts/numeric.c,
+	src/libopts/option-value-type.c, src/libopts/option-value-type.h,
+	src/libopts/option-xat-attribute.c,
+	src/libopts/option-xat-attribute.h, src/libopts/parse-duration.c,
+	src/libopts/parse-duration.h, src/libopts/pgusage.c,
+	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
+	src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
+	src/libopts/stack.c, src/libopts/streqvcmp.c,
+	src/libopts/text_mmap.c, src/libopts/time.c,
+	src/libopts/tokenize.c, src/libopts/usage.c, src/libopts/version.c: 
+	updated to libopts 5.18.3
+
+2014-07-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* build-aux/config.rpath, build-aux/gendocs.sh,
+	doc/gendocs_template, gl/m4/gnulib-common.m4, gl/m4/intl.m4,
+	gl/m4/po.m4, gl/m4/printf.m4, gl/m4/valgrind-tests.m4,
+	gl/tests/fcntl.in.h, maint.mk, src/gl/error.c, src/gl/m4/dup2.m4,
+	src/gl/m4/gnulib-common.m4, src/gl/m4/printf.m4, src/gl/mktime.c,
+	src/gl/select.c, src/gl/xalloc.h: updated gnulib
+
+2014-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/pkcs12.c: updated documentation for
+	gnutls_pkcs12_simple_parse
+
+2014-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS, configure.ac: master now holds the 3.4.0 release
+
+2014-07-29  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/Makefile.am, lib/atfork.c, lib/atfork.h,
+	lib/gnutls_global.c, lib/nettle/rnd-fips.c, lib/nettle/rnd.c,
+	lib/pkcs11.c: Use pthread_atfork() and variants to detect fork
+
+2014-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/Makefile.am, lib/inet_pton.c, lib/system.h,
+	lib/x509/rfc2818_hostname.c: Added replacements of inet_aton and
+	inet_pton on systems they are not present gnulib is avoided due to keep the gnulib network replacements out of
+	the library.
+
+2014-07-28  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-cert-auth.texi: Added text on PKCS #11 verification
+
+2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/abstract.h, lib/includes/gnutls/gnutls.h.in,
+	lib/includes/gnutls/ocsp.h, lib/includes/gnutls/pkcs11.h,
+	lib/includes/gnutls/x509.h: removed comma at the end of enumerations That patch allows compilers that don't support C99 syntax to compile
+	applications that use a header of gnutls. Report and patch Ryan
+	Schmidt.
+
+2014-07-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* Makefile.am, configure.ac, doc/Makefile.am: check for sed in
+	configure.ac and use the output variable in Makefiles
+
+2014-07-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_handshake.c: doc update
+
+2014-07-23  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/dane.c: tests: dane: add flag DANE_F_IGNORE_LOCAL_RESOLVER
+	to dane_state_init That prevents unbound from complaining in systems where no DNSSEC
+	functionality is present.
+
+2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* libdane/dane.c: doc update
+
+2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am: tests: added libdane/includes to includes dir
+
+2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: released 3.3.6
+
+2014-07-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: Added
+	missing functions
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* m4/hooks.m4: bumped library version
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* libdane/dane.c: libdane: simplified initialization of variables.
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* libdane/dane.c: libdane: bogus and secure values are always
+	initialized in dane_query_to_raw_tlsa
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/dane.c: tests: eliminated leak from dane check
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* libdane/dane.c: libdane: use gnutls_malloc() and doc update
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/Makefile.am, tests/dane.c: Added self test for DANE raw
+	functions
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/danetool-args.def, src/danetool.c: danetool: added option to
+	print the raw entries.
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* libdane/dane.c: doc update
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/libgnutls.map: moved _gnutls_prf_raw to FIPS140 symbols
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/aes-gcm-x86-pclmul.c,
+	lib/accelerated/x86/aes-padlock.c: Added sanity check on padlock AES
+	IV set.
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_state.c, lib/libgnutls.map: fips140-2: Added
+	_gnutls_prf_raw() which can calculate the TLS PRF without depending
+	on a session structure.
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c: fips140-2: do not check the libtasn1's integrity
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c: RSA-PSK ciphersuites are only
+	allowed in TLS 1.0.  That is because they implement the EncryptedPreMasterSecret encoding
+	according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding,
+	and there can be ambiguities when using that over SSL 3.0.  See:
+	http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_priority.c: gnutls_priority_init: set err_pos prior to
+	any action That allows a valid err_pos, even on a memory allocation error.
+	Reported by Dan Fandrich.
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/TODO: updated TODO
+
+2014-07-22  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/algorithms/ciphersuites.c: minimum version was changed to TLS
+	1.0 for ciphersuites with SHA2 These ciphersuites could not be used with SSL 3.0 that only defines
+	usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.
+
+2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/pkcs11.c: ignore CKR_CRYPTOKI_ALREADY_INITIALIZED when
+	returned on reinitialization
+
+2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/Makefile.am, tests/x509cert-dir/ca.pem, tests/x509cert-tl.c: 
+	tests: x509cert-tl checks gnutls_x509_trust_list_add_trust_dir()
+
+2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_x509.c: doc update
+
+2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
+	lib/libgnutls.map: Added gnutls_certificate_set_x509_trust_dir()
+
+2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/system.c,
+	lib/x509/verify-high2.c: Added
+	gnutls_x509_trust_list_add_trust_dir() This essentially exports the functionality to read from a directory
+	with trusted certificates.
+
+2014-07-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, lib/system.c: Allow specifying a directory as trust
+	store
+
+2014-07-11  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* NEWS: doc update
+
+2014-07-10  Simon Arlott <sa.me.uk>
+
+	* libdane/dane.c, libdane/includes/gnutls/dane.h,
+	libdane/libdane.map: libdane: add function dane_query_to_raw_tlsa This function converts a dane_query_t into the parameters needed for
+	dane_raw_tlsa() to make it easy to copy the results of the
+	(synchronous) lookup query from one process to another.  This code allocates an unnecessary extra NULL entry for
+	dane_data_len to avoid trying to malloc 0 bytes if q->data_entries
+	is 0 (it is possible for malloc/calloc to return NULL when requested
+	to allocate 0 bytes).  Signed-off-by: Simon Arlott
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c: FIPS140-2 tests: no need for MD5 check
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/fips.c: FIPS140-2 tests: removed redundant checks We keep on check per cipher which is required, and avoid multiple
+	(and time-consuming) tests.
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/x86-common.c: Allow specifying
+	GNUTLS_CPUID_OVERRIDE in either hex or decimal.
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/x86-common.c: Added option to disable any cpu
+	optimizations
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/x86-common.c,
+	lib/accelerated/x86/x86-common.h: simplified housekeeping of CPUID
+	registers
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/accelerated/x86/x86-common.c: Allow overriding the detected
+	CPUID using the GNUTLS_CPUID_OVERRIDE environment variable
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/privkey.c: FIPS140-2 tests: Added pairwise consistency
+	check for RSA encryption
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with DSA-2048
+	and DSA-3072 bit keys, as well as SHA256.
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests-pk.c: FIPS140-2 tests: check with RSA-2048
+	and RSA-3072 bit keys
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests-pk.c: tests: check RSA with SHA256
+
+2014-07-08  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/crypto-selftests-pk.c: FIPS140-2 mode: test whether RSA
+	encrypted data differ from plaintext
+
+2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/cipher.c: FIPS140-2 mode: enforce the minimum GCM IV
+	size required by SP800-38D (section 8.2)
+
+2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def, src/certtool-common.c,
+	src/certtool-common.h, src/certtool.c, src/p11tool-args.def,
+	src/p11tool.c: p11tool/certtool: Added --curve parameter.  The curve parameter allows to explicitly specify the curve to use
+	when generating a key.
+
+2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_privkey.c,
+	lib/pkcs11_write.c, lib/x509/key_encode.c, lib/x509/x509_int.h: set
+	CKA_EC_PARAMS when generating an ECDSA key
+
+2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: only print warning about key sizes in RSA
+	keys
+
+2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: make brief output more brief
+
+2014-07-07  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/mpi.c, lib/nettle/pk.c: mpi: use zeroize_key() instead
+	of memset()
+
+2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* libdane/dane.c: dane: Skip DANE entries that may contain unknown
+	info That would allow skipping any future entries without failing.
+	Reported by Simon Arlott.
+
+2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* libdane/dane.c: dane: Added sanity check in dane_verify_crt_raw() That allows calling the function will an empty chain.  Reported by
+	Simon Arlott.
+
+2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/examples/ex-cert-select-pkcs11.c,
+	doc/examples/ex-cert-select.c, doc/examples/ex-client-dtls.c,
+	doc/examples/ex-client-srp.c, doc/examples/ex-client-x509.c,
+	doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
+	doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+	doc/examples/ex-serv-x509.c: examples: mention that
+	gnutls_global_init() is optional
+
+2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-tokens.texi: doc: mention and link to trust storage module
+
+2014-07-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-bib.texi, doc/cha-tokens.texi: doc update
+
+2014-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: pkcs11: Removed length check of attribute as
+	a sanity check for valid keys.  There can be keys where the id or label is empty and thus with zero
+	length.
+
+2014-07-04  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: Increased number of attributes
+
+2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: try to restart on session errors, to avoid
+	having a failed call.
+
+2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: corrected pkcs11 reinitialization
+
+2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11_privkey.c: If we get a PKCS #11 session error,
+	invalidate the cached session.
+
+2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c: set the maximum value when printing
+	library_description
+
+2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c, lib/pkcs11_privkey.c: On fork invalidate the PKCS
+	#11 privkey cached session
+
+2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/pkcs11.c: p11tool: don't outsmart user and override login type Unfortunately tokens vary on their requirements for writing trusted
+	and private objects, and there is no one-size fits all policy. Thus
+	allow a proper failure and warn the user that so-login may be
+	required.
+
+2014-07-03  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/testpkcs11: testpkcs11: Try to write the trusted
+	object both by so-pin and normal pin
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/suite/testpkcs11: tests: testpkcs11: temp parameters are
+	deleted after generation
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* configure.ac, m4/hooks.m4: bumped version
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/Makefile.am: tests: added testpkcs11.sc-hsm
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def, src/pkcs11.c: p11tool: use GNUTLS_PIN and
+	GNUTLS_SO_PIN when setting the PINs of an initialized token.
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/slow/gendh.c: tests: gendh: increased the DH prime size to
+	allow usage under FIPS140-2 mode
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/common.c: tools: when in batch mode and no PIN, print a note
+	about using the environment variables
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/crq_key_id.c: tests: crq_key_id: increased generated DSA key
+	size and changed hash to SHA256 That allows the test to operate under the FIPS140-2 mode.
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/crq_key_id.c: tests: improved error reporting in crq_key_id
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* doc/cha-upgrade.texi: doc: properly terminate table
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/dsa-keygen-fips186.c: removed pbits=1024, qbits=160
+	from the acceptable bit sizes in FIPS140-2 DSA parameter generation.
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool.c, src/common.c, src/common.h, src/danetool.c,
+	src/pkcs11.c, src/serv.c: tools: PIN callback will respect batch
+	mode and will not ask for PIN.
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
+	src/p11tool.h, src/pkcs11.c: p11tool: Ask for label if not
+	specified.  Added --batch parameter to disable interaction.
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool.c, src/p11tool.h, src/pkcs11.c: p11tool: If there is
+	only a single token available, don't bother complaining about
+	specifying the correct URL
+
+2014-07-02  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/nettle/int/drbg-aes.h: updated comment
+
+2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-args.def: certtool: document that URLs are supported
+
+2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/p11tool-args.def: p11tool: document GNUTLS_SO_PIN env variable
+
+2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/suite/Makefile.am, tests/suite/testpkcs11,
+	tests/suite/testpkcs11.pkcs15, tests/suite/testpkcs11.sc-hsm,
+	tests/suite/testpkcs11.softhsm: tests: improved testpkcs11 suite
+
+2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: 
+	gnutls_pkcs11_privkey_generate2(): corrected public key extraction
+	(for ECDSA keys)
+
+2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/common.c: p11tool/certtool: use GNUTLS_SO_PIN for reading
+	security officer's PIN
+
+2014-07-01  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* src/certtool-common.h, src/p11tool-args.def, src/p11tool.c,
+	src/pkcs11.c: p11tool: added options --set-pin and --set-so-pin These allow for an non-interactive --initialize process.
+
+2014-06-30  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/rfc2818_hostname.c: Added explicit documentation on IPv4
+	and IPv6 address matching.
+
+2014-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* tests/long-session-id.c: tests: long-session-id: ignore SIGPIPE
+
+2014-06-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-upgrade.texi: doc: Added text on upgrading to 3.3.x from
+	3.2.x
+
+2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/rfc2818_hostname.c: do not exit the loop in case a name
+	doesn't fit into our buffer.
+
+2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/rfc2818_hostname.c: when verifying an IP, also verify it
+	as a hostname There are several misconfigured servers that placed their IP as a
+	DNS name. Pointed out by David Woodhouse.
+
+2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/output.c: supress warnings
+
+2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* NEWS: doc update
+
+2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/x509/rfc2818_hostname.c: check of inet_pton
+	instead for AF_INET6
+
+2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* configure.ac, lib/x509/output.c: Use inet_ntop() for printing IP
+	addresses.  The old dumb code is used in systems that don't have that function.
+
+2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* tests/hostname-check.c: tests: Added test cases for IPv4/6
+	matching.
+
+2014-06-27  Nikos Mavrogiannopoulos <nmav@redhat.com>
+
+	* lib/x509/rfc2818_hostname.c: gnutls_x509_crt_check_hostname()
+	checks text ip addresses as well.  That aligns the documentation with the implementation. Reported by
+	David Woodhouse.
+
+2014-06-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/gnutls_str.c: initialize str to NULL
+
+2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* lib/x509/crl.c: fixed documentation
+
 2014-06-26  Nikos Mavrogiannopoulos <nmav@gnutls.org>
 
 	* tests/cert-tests/aki, tests/cert-tests/pathlen,
@@ -11994,8 +22354,18 @@
 
 2012-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
 
-	* Removed GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on
-	OCSP parsing errors.
+	* NEWS, lib/gnutls_cert.c, lib/gnutls_x509.c,
+	lib/includes/gnutls/gnutls.h.in: Removed
+	GNUTLS_CERT_REVOCATION_DATA_INVALID and no longer fail on OCSP
+	parsing errors.
+
+2012-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* doc/cha-cert-auth.texi, doc/cha-tokens.texi: doc update
+
+2012-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+	* gnutls-cli-debug uses server name indication.
 
 	-----