2016-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am: tests: include test-hash-large into dist

2016-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-03-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* po/zh_CN.po.in: Sync with TP [ci skip]

2016-03-01  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c: Disable weak symbols for
	_gnutls_global_init_skip() under windows That is to avoid an issue with running gnutls under windows; that
	renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows.  Relates #74

2016-02-29  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version [ci skip]

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/ext/ecc.c: ecc: optimized extension parsing

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: timespec_sub_ms: fixed operation in 32-bit
	systems

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11.c, lib/pkcs11_int.h: pkcs11: Fixes to prevent undefined
	behavior (found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: cipher.c: Fixes to prevent undefined behavior
	(found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/opencdk/misc.c: opencdk: Fixes to prevent undefined behavior
	(found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/gnutls.h.in: gnutls.h: Fixes to prevent
	undefined behavior (found with libubsan)

2016-02-29  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_mem.h, lib/x509/x509.c: x509: Fixes to prevent
	undefined behavior (found with libubsan)

2016-02-28  Andreas Metzler <ametzler@bebt.de>

	* src/p11tool-args.def: Let p11tool --provider option accept
	filenames.  Drop 'file-exists = yes;' to allow specifying either an absolute
	pathname or a file in P11_MODULE_PATH.

2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-chainverify.c, tests/suite/pkcs11-is-known.c,
	tests/suite/softhsm.h, tests/suite/testpkcs11.softhsm,
	tests/utils.c, tests/utils.h: tests: enable softhsmv2 test suite by
	default Also do not fatally fail with known softhsmv2 bugs.

2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-02-26  Jan Vcelak <jan.vcelak@nic.cz>

	* tests/suite/testpkcs11.sh: pkcs11: tests for RSA, ECC, DSA private
	key import Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2016-02-26  Jan Vcelak <jan.vcelak@nic.cz>

	* tests/suite/testpkcs11.sh: pkcs11: tests for DSA key generating Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2016-02-27  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: added getpid() to the list of system calls
	used

2016-02-25  Jan Vcelak <jan.vcelak@nic.cz>

	* lib/x509/privkey_pkcs8.c: gnutls_x509_privkey_import: add missing
	algorithm setting for DSA keys The algorithm number was set only in the private key structure, not
	in the nested structure with parameters. This made certain
	operations to fail (e.g., copying the key into a PKCS #11 token).  Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2016-02-24  Sebastian Dröge <sebastian@centricular.com>

	* configure.ac: configure: Android is ELF too Without this, compiling Android for x86 or x86-64 fails because the
	assembly optimizations are not compiled in.

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/pcert-list.c: tests: added tests for
	gnutls_pcert_list_import_x509_raw()

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: gnutls_x509_crt_list_import: corrected memory
	leak This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was
	specified and a failure occurred.

2016-02-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/common.c: _gnutls_sort_clist: fixed issues when used with
	func option This function would incorrectly call func() on elements that were
	included in the list, and would not call func() if the size of the
	final chain was one.

2016-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/secparams.c: DH/DSA: allow the generation of larger
	than 15360 bit parameters

2016-02-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/hash-large.c: tests: eliminated mem leak in hash-large

2016-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2016-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/slow/Makefile.am, tests/slow/hash-large.c,
	tests/slow/test-hash-large: tests: check whether large buffer hashes
	and MAC work as expected

2016-02-12  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/accelerated/x86/hmac-padlock.c,
	lib/accelerated/x86/hmac-x86-ssse3.c,
	lib/accelerated/x86/sha-padlock.c,
	lib/accelerated/x86/sha-padlock.h,
	lib/accelerated/x86/sha-x86-ssse3.c, lib/nettle/mac.c: nettle: use
	the correct type for hash and MAC functions

2016-02-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-cipher.c: gnutls-cli: improved indentation in
	benchmark output

2016-02-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/set_pkcs12_cred.c: tests: set_pkcs12_cred: existing tests
	are disabled when in FIPS140-2 mode The tests require access to the RC4 cipher which is not available.

2016-02-09  Andreas Metzler <ametzler@bebt.de>

	* doc/cha-gtls-app.texi: improve doc on special keywords in priority
	string Special keywords in priority strings like %COMPAT may not be
	prefixed with +, - or !, "NORMAL:+%COMPAT is invalid.

2016-02-06  Attila Molnar <attilamolnar@hush.com>

	* doc/cha-cert-auth.texi, doc/cha-gtls-app.texi,
	doc/cha-tokens.texi, lib/gnutls_auth.c, lib/gnutls_dtls.c,
	lib/gnutls_extensions.c, src/tpmtool-args.def: doc: Fix some typos

2016-02-06  Attila Molnar <attilamolnar@hush.com>

	* doc/cha-gtls-app.texi, src/certtool-cfg.c, src/serv-args.def: 
	Remove remaining RSA-EXPORT support leftovers from doc and messages

2016-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/pkcs11-pubkey-import-ecdsa.c: tests:
	pkcs11-pubkey-import-ecdsa will only work under softhsmv2

2016-02-03  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2016-01-31  Andreas Metzler <ametzler@bebt.de>

	* lib/gnutls_pubkey.c, lib/openpgp/gnutls_openpgp.c,
	lib/x509/pkcs12_bag.c, lib/x509/x509.c, lib/x509/x509_ext.c,
	src/certtool-cfg.c: Fix some more typos.  certifcate, funtion, withing, missmatch

2016-01-31  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update [ci skip]

2016-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-date.pem,
	tests/cert-tests/template-dn.pem,
	tests/cert-tests/template-generalized.pem,
	tests/cert-tests/template-nc.pem,
	tests/cert-tests/template-overflow.pem,
	tests/cert-tests/template-overflow2.pem,
	tests/cert-tests/template-test.pem,
	tests/cert-tests/template-unique.pem: Revert "tests: updated to
	account for cert generation after
	2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix" This reverts commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b.

2016-01-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_ext.c: Revert "Fix out-of-bounds read in
	gnutls_x509_ext_export_key_usage" This was not really an out-of-bounds check. Added documentation to
	make that clear.  This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d.

2016-01-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c: gnutls_global_init: log gnutls' version on
	initialization

2016-01-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: doc: corrected typo [ci skip]

2016-01-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-08-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: tolerate missing subject or issuer fields

2016-01-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: gnutls_pubkey_import_x509_raw: fixed memory
	leak

2016-01-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: x509: place newline when printing unsupported
	othernames

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/alpn.c: alpn: when parsing the list of protocols return at
	the first mutually common That resolves an issue where the server wouldn't select the first
	mutually supported.  Resolves #63

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-alpn.c: tests: mini-alpn: corrected protocol selection
	order

2016-01-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-alpn.c: tests: alpn: enhance the testing of ALPN
	negotiation

2016-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/alpn.c: alpn: document how the selected protocol is
	selected [ci skip]

2016-01-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/mini-alpn.c: tests: verify that the selected ALPN protocol
	is the first advertised

2015-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* Makefile.am, src/Makefile.am: build: fix make distclean by
	including src/gl only once

2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* symbols.last: symbols.last: added new symbol

2016-01-08  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS, configure.ac, m4/hooks.m4: bumped version

2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/verify-high.c: trust_list_get_issuer_by_dn: fixed check
	for DN or SPKI

2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* Makefile.am: symbols.last: don't include internal symbols into
	exported list

2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2016-01-07  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* configure.ac: configure: no longer distribute lzip tarballs

2016-01-05  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/template-date.pem,
	tests/cert-tests/template-dn.pem,
	tests/cert-tests/template-generalized.pem,
	tests/cert-tests/template-nc.pem,
	tests/cert-tests/template-overflow.pem,
	tests/cert-tests/template-overflow2.pem,
	tests/cert-tests/template-test.pem,
	tests/cert-tests/template-unique.pem: tests: updated to account for
	cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix

2016-01-04  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2016-01-04  Tim Kosse <tim.kosse@filezilla-project.org>

	* lib/x509/x509_ext.c: Fix out-of-bounds read in
	gnutls_x509_ext_export_key_usage

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: optimized build process That is, in slow asan and valgrind builds don't check the full test
	suite.

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update [ci skip]

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
	the writing of ECC private key

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am,
	tests/suite/pkcs11-pubkey-import-ecdsa.c,
	tests/suite/pkcs11-pubkey-import-rsa.c,
	tests/suite/pkcs11-pubkey-import.c: tests: pkcs11-pubkey-import will
	check both RSA and ECDSA keys

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_write.c: gnutls_pkcs11_copy_x509_privkey2: corrected
	the type of the written object Previously only RSA objects were correctly written.

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-common.h: tests: added ECDSA key in cert-common.h

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: pkcs11: import public keys from any
	available object That is, load public keys from the public key object, or the
	certificate object if they are present. That affects non-RSA public
	keys which do not contain all required fields on the private key
	object.

2015-12-31  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_db.h: session DB: made the magic number depending on
	gnutls' version That will make sure that sessions not stored by this version of
	gnutls will not be resumed by another (which may be incompatible).

2015-12-26  Andreas Metzler <ametzler@bebt.de>

	* README, lib/ext/srtp.c, lib/gnutls_priority.c, lib/locks.c,
	lib/opencdk/keydb.c, lib/x509/pkcs7.c,
	tests/mini-handshake-timeout.c: Fix some typos [ci skip]

2015-12-24  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: NEWS: doc update [ci skip]

2015-12-23  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/ext/max_record.c: max_record: don't consider this extension on
	DTLS That is because it doesn't work as expected, and does not fragment
	handshake messages. Relates with #61

2015-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-crypto.texi, lib/includes/gnutls/gnutls.h.in: updated
	documentation on supported algorithms [ci skip]

2015-12-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-intro-tls.texi: Added SHA384 to the list of TLS support
	MAC algorithms

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/no-signal.c: tests: don't run the no-signal test in systems
	which MSG_NOSIGNAL is not available

2015-12-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/manpages/tpmtool.1: doc: manpages: remove generated tpmtool.1
	page

2015-12-17  Alon Bar-Lev <alon.barlev@gmail.com>

	* .gitignore: .gitignore: add m4/extern-inline.m4

2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/pkcs7: tests: added check to verify that the
	PKCS#7 embedded data are recovered as expected

2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool.c: certtool: introduced the
	--p7-show-data option This option allows printing the embedded data in a PKCS#7 signed
	structure.

2015-12-17  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/pkcs7.h, lib/libgnutls.map, lib/x509/pkcs7.c: 
	gnutls_pkcs7_get_embedded_data: added function This function allows extracting the embedded data from a PKCS#7
	signed structure.

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/pkcs7-gen.c: tests: updated pkcs7-gen to account for
	content-type attribute

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/pkcs7: tests: check whether the content-type
	attribute is set if we sign using time

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c: pkcs7: set by default the content type attribute That is a requirement of rfc5652. Relates #59

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/crq.c, lib/x509/mpi.c, lib/x509/pkcs7.c,
	lib/x509/sign.c, lib/x509/x509_int.h: pkcs7: use the
	PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7
	structures That is because there are implementations which cannot cope with the
	normal RSA signature OIDs. Relates #59

2015-12-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/pkcs7.c, tests/cert-tests/p7-combined.out: pkcs7: Disable
	the optional fields prior to generating the PKCS#7 structure This resolves issue with our PKCS#7 structures not being parsed by
	MacOSX' tools. Relates #59

2015-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: warn if an ECDSA key is marked for
	encryption

2015-12-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: corrected invalid free

2015-12-15  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_session_pack.c, lib/gnutls_state.c, lib/gnutls_ui.c: 
	make sure gnutls_assert is present at the cases where
	GNUTLS_E_INTERNAL_ERROR is returned

2015-12-14  Gustavo Zacarias <gustavo@zacarias.com.ar>

	* configure.ac: configure: really make --disable-crywrap work The crywrap variable is set regardless of the state of
	enable_crywrap, hence --disable-crywrap never works.  Just put the
	tests for crywrap deps inside the enable_crywrap conditional.  Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

2015-12-14  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/algorithms/ciphersuites.c: updated chacha20 ciphers to conform
	to latest draft

2015-11-07  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/algorithms/ciphers.c, lib/algorithms/ciphersuites.c,
	lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_dtls.c,
	lib/gnutls_int.h: Modified the CHACHA20 cipher to conform to
	draft-ietf-tls-chacha20-poly1305-02

2015-12-10  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/cli-debug.c: gnutls-cli-debug: rephrased inappropriate
	fallback test description to match the rest

2015-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: valgrind build was moved at the
	end as it is the slowest build

2015-12-13  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool-args.def, src/certtool.c: certtool: the
	--p7-include-cert option is enabled by default This allows to generate PKCS#7 structures by default that can be
	read by iOS.

2015-12-13  sskaje <sskaje@gmail.com>

	* src/certtool-args.def, src/certtool.c: #56 Feature: certtool
	--p7-sign support GNUTLS_PKCS7_INCLUDE_CERT

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS
	#11 private keys for DSA and ECDSA This prevents the reading of the public key when non-RSA keys are
	available. This is a much cleaner approach than
	5a4e692511dc3a829eda0d7c5a87e56cbc2055f0.

2015-12-08  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c: Revert "Do not allow importing public keys
	from PKCS #11 private keys for DSA and ECDSA" This reverts commit 9146ba63f5aa48358cb80aa7ccf9131cf2abdbe6.

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/Makefile.am, tests/cert-common.h: tests: cert-common.h:
	backported from master branch

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/pkcs11-pubkey-import.c: 
	tests: check whether gnutls_pubkey_import_privkey() operates well
	for PKCS#11 RSA keys

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c, lib/pkcs11.c, lib/pkcs11_int.h,
	lib/pkcs11_privkey.c: Do not allow importing public keys from PKCS
	#11 private keys for DSA and ECDSA That is, because they do not contain all the required parameters for
	a direct import. Reported by Jan Vcelak.

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11_privkey.c: pkcs11: avoid setting a variable which isn't
	used

2015-12-06  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c: pkcs11:
	deinitialize gnutls_pkcs11_obj_t's pubkey on deinit

2015-12-06  Jan Vcelak <jan.vcelak@nic.cz>

	* lib/pkcs11_privkey.c: pkcs11: fix passing of incorrect variable in
	privkey_get_pubkey The code worked for RSA because the content of the variables
	matched.  But it doesn't match for ECC.  CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0)
	CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3) Signed-off-by: Jan Vcelak <jan.vcelak@nic.cz>

2015-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/benchmark-tls.c: gnutls-cli: don't use RSA ciphersuites to
	test chacha20 as they are not defined

2015-12-02  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: documented bug in
	gnutls_x509_crt_get_*_unique_id()

2015-11-30  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509.c: allow specifying NULL buffer in
	gnutls_x509_crt_get_*_unique_id()

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/override-ciphers, tests/slow/test-ciphers: tests:
	cipher-test will forward the prog exit code as the script exit code

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am: tests: changes for running tests
	under windows

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: backported from master

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/x509/ocsp_output.c: ocsp_output: when next update is not
	present don't print error message That is because this field is optional.  Resolves #53

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am, tests/slow/override-ciphers: tests:
	override-ciphers will not run mac tests on windows There is some issue with symbols for self tests not being exported.

2015-11-26  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/certtool: tests:
	updates for certtool test to run under windows

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/aki,
	tests/cert-tests/certtool, tests/cert-tests/certtool-long-cn,
	tests/cert-tests/pathlen, tests/cert-tests/pem-decoding,
	tests/cert-tests/pkcs7, tests/pkcs8-decode/pkcs8: tests: changes for
	running tests under windows

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/system.c: use consistent terms in system.c and
	system-keys-win.c

2015-11-28  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: backported from master

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/libopts/text_mmap.c: libopts: use the O_BINARY flag in windows
	for files

2015-11-25  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/libopts/COPYING.gplv3, src/libopts/COPYING.lgplv3,
	src/libopts/COPYING.mbsd, src/libopts/Makefile.am,
	src/libopts/README, src/libopts/ag-char-map.h, src/libopts/alias.c,
	src/libopts/ao-strs.c, src/libopts/ao-strs.h,
	src/libopts/autoopts.c, src/libopts/autoopts.h,
	src/libopts/autoopts/options.h, src/libopts/autoopts/project.h,
	src/libopts/autoopts/usage-txt.h, src/libopts/boolean.c,
	src/libopts/check.c, src/libopts/compat/compat.h,
	src/libopts/compat/pathfind.c, src/libopts/compat/windows-config.h,
	src/libopts/configfile.c, src/libopts/cook.c, src/libopts/enum.c,
	src/libopts/env.c, src/libopts/file.c, src/libopts/find.c,
	src/libopts/genshell.c, src/libopts/genshell.h,
	src/libopts/gettext.h, src/libopts/init.c, src/libopts/intprops.h,
	src/libopts/libopts.c, src/libopts/load.c,
	src/libopts/m4/libopts.m4, src/libopts/m4/liboptschk.m4,
	src/libopts/m4/stdnoreturn.m4, src/libopts/makeshell.c,
	src/libopts/nested.c, src/libopts/numeric.c,
	src/libopts/option-value-type.c,
	src/libopts/option-xat-attribute.c, src/libopts/parse-duration.c,
	src/libopts/parse-duration.h, src/libopts/pgusage.c,
	src/libopts/proto.h, src/libopts/putshell.c, src/libopts/reset.c,
	src/libopts/restore.c, src/libopts/save.c, src/libopts/sort.c,
	src/libopts/stack.c, src/libopts/stdnoreturn.in.h,
	src/libopts/streqvcmp.c, src/libopts/text_mmap.c,
	src/libopts/time.c, src/libopts/tokenize.c, src/libopts/usage.c,
	src/libopts/version.c: libopts: updated to 5.18.6

2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/slow/Makefile.am: tests: use gnulib where needed

2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* cross.mk: cross.mk: updated windows cross compile makefile

2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/global-init-override.c: tests: disable global-init-override
	test in windows Gcc does not support weak symbols on this platform.

2015-11-24  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/socket.c: tools: don't call endservent in windows

2015-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/cert-tests/Makefile.am: tests: included missing files

2015-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/nettle/cipher.c: added cast to silence gcc warning

2015-11-22  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: released 3.4.7

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/system-keys-win.c: system-keys-win: allow reinitialization of
	the library after a deinitialization

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/Makefile.am, doc/manpages/Makefile.am, symbols.last: updated
	auto-generated files

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/scripts/getfuncs.pl: getfuncs.pl: don't consider functions
	with _gnutls prefix

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: gnutls_global_init_skip: prefixed with an
	underscore

2015-11-21  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* configure.ac, m4/hooks.m4: bumped version

2015-11-20  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool.c: certtool: check fread_file() for errors in all
	situations This caused certtool to crash on invalid input on stdin.  Reported
	by Christoph Biedl.

2015-11-19  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_write.c: doc update

2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_ui.c: gnutls_certificate_set_flags: Added since

2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/set_x509_key_mem.c: tests: check gnutls_certificate_flags

2015-11-18  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/auth/cert.h, lib/gnutls_cert.c, lib/gnutls_ui.c,
	lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Added
	gnutls_certificate_flags() and
	GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH That allows a user of the credentials to disable the certificate
	matching action. That is, to disable the calls to sign and verify on
	initialization.

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/Makefile.am: link with libdl when trousers is enabled;
	reported by Andreas Schneider

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-selftests.c: enhanced cipher selftests with variable
	key sizes on arcfour

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/nettle/cipher.c: Do not enforce a maximum key size on ARCFOUR That makes the library consistent with the behavior of previous
	versions (3.3.x)

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/tests.c: gnutls-cli-debug: make TLS 1.6 fallback check more
	reliable

2015-11-18  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c, lib/x509/x509_write.c: doc update

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: disable non-suiteb curves in all
	systems as we have multiple which are fedoras

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/global-init-override.c, tests/global-init.c: tests:
	corrected copyright info

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/Makefile.am, tests/global-init-override.c: tests: added
	check for overriding global initialization

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: documented GNUTLS_SKIP_GLOBAL_INIT macro

2015-11-16  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_global.c, lib/includes/gnutls/gnutls.h.in,
	lib/libgnutls.map: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow
	programs skip implicit global initialization

2015-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* .gitlab-ci.yml: .gitlab-ci.yml: backported

2015-11-15  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* doc/cha-gtls-app.texi: doc: document how to use gnutls with
	seccomp

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dh_common.c: deinitialize client_Y if needed to avoid
	leak This is a more conservative fix comparing to
	0e370b7b34c96f7929f9070ad8287c6cf52e7901 ("deinitialize all
	handshake keys when handshake is over").

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: Revert "deinitialize all handshake keys when
	handshake is over" This reverts commit 0e370b7b34c96f7929f9070ad8287c6cf52e7901.

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/x509_write.c: 
	gnutls_x509_crt_set_subject/issuer_unique_id: added Since in doc

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_pubkey.c: doc update

2015-11-13  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-crypto.texi, lib/includes/gnutls/pkcs7.h,
	lib/x509/pkcs7.c: Added documentation on PKCS #7 signing

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* .gitlab-ci.yml: .gitlab-ci.yml: disable guile in asan builds

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/gnutls_state.c: deinitialize all handshake keys when handshake
	is over

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/eagain,
	tests/suite/eagain.sh, tests/suite/invalid-cert,
	tests/suite/invalid-cert.sh, tests/suite/testcompat-openssl.sh,
	tests/suite/testcompat-polarssl.sh, tests/suite/testdane,
	tests/suite/testdane.sh, tests/suite/testrandom,
	tests/suite/testrandom.sh, tests/suite/testrng,
	tests/suite/testrng.sh, tests/suite/testsrn, tests/suite/testsrn.sh: 
	tests: suite: more shell scripts were given the .sh suffix and
	simplified makefile

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/Makefile.am, tests/suite/chain, tests/suite/chain.sh,
	tests/suite/test-ciphersuite-names,
	tests/suite/test-ciphersuite-names.sh, tests/suite/testpkcs11,
	tests/suite/testpkcs11.sh: tests: suite: don't run shell scripts
	with valgrind

2015-11-10  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/suite/testsrn: tests: testsrn: output errors on stderr

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* tests/cert-tests/Makefile.am, tests/cert-tests/template-test,
	tests/cert-tests/template-unique.pem,
	tests/cert-tests/template-unique.tmpl: tests: verify that unique IDs
	are generated as expected

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* src/certtool-args.def, src/certtool-cfg.c, src/certtool-cfg.h,
	src/certtool.c: certtool: Allow writing unique IDs in generated
	certificates

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/includes/gnutls/x509.h, lib/libgnutls.map,
	lib/x509/x509_write.c: Added gnutls_x509_crt_set_issuer_unique_id()
	and gnutls_x509_crt_set_subject_unique_id()

2015-11-12  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/x509/output.c: properly indent unique IDs

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* doc/cha-gtls-app.texi: documented the GNUTLS_NO_EXPLICIT_INIT
	environment variable

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/crypto-api.c: crypto-api: doc update

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* NEWS: doc update

2015-11-11  Nikos Mavrogiannopoulos <nmav@redhat.com>

	* lib/auth/dhe.c, lib/auth/ecdhe.c: Allow switching a ciphersuite to
	DHE and ECDHE on a rehandshake

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* NEWS: doc update

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: eliminate leaks in _verify_x509_mem()

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/testdane: testdane: improved error detection in sites

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/Makefile.am, tests/suite/chain,
	tests/suite/pkcs11-is-known.c, tests/suite/suppressions.valgrind,
	tests/suite/testsrn, tests/suite/x509paths/suppressions.valgrind: 
	tests: suite: eliminate many leaks in the tests and run them under
	valgrind

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/openpgp-certs/Makefile.am,
	tests/openpgp-certs/suppressions.valgrind,
	tests/openpgp-certs/testcerts: tests: openpgp-certs: use valgrind

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/openpgp/extras.c: openpgp: eliminate leaks in
	gnutls_openpgp_keyring_import()

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/suite/mini-eagain2.c: tests: eliminate leaks in
	mini-eagain2.c

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* src/certtool.c: certtool: eliminate memory leaks in certificate
	generation

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/key-tests/Makefile.am, tests/key-tests/key-id,
	tests/key-tests/pkcs8, tests/key-tests/suppressions.valgrind: tests:
	key-tests: use valgrind

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* lib/gnutls_pubkey.c: gnutls_x509_crt_set_pubkey: clarify usage

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>

	* tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
	tests/pkcs12-decode/suppressions.valgrind: tests: run the PKCS #12
	tests under valgrind

2015-11-09  Nikos Mavrogiannopoulos <nmav@gnutls.org>
