Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Sep 24 17:33:03 2018 +0200

    released 3.6.4
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Sep 21 16:31:58 2018 +0200

    tests: pkcs12-utf8 depend on bash
    
    The NetBSD default shell cannot handle the UTF-8 strings we use
    in that script.
    
    Resolves #544
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Sep 21 16:20:36 2018 +0200

    bumped versions and updated NEWS file
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Sep 21 16:18:23 2018 +0200

    Enable the TLS1.3 protocol by default
    
    As the protocol has been finalized, and the implementation is
    stable and interoperable, there is no need to enable it conditionally.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Sep 18 08:36:18 2018 +0200

    gnutls-cli: enable CRL validation on startup
    
    This also makes the failure in adding CRLs or CAs, a fatal error.
    
    Resolves #564
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Sep 20 16:44:51 2018 +0200

    Provide a more flexible PKCS#11 search of trust store certificates
    
    This addresses the problem where the CA certificate doesn't
    have a subject key identifier whereas the end certificates
    have an authority key identifier.
    
    Resolves #569
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Sep 18 08:35:32 2018 +0200

    trust list: added flag to force failure on CRL validation error
    
    This allows an application to be notified of the addition of invalid
    CRLs in the trust list.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Sep 18 11:50:43 2018 +0200

    Remove auto-generated src/mech-list.h from repo
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Sep 18 15:35:20 2018 +0200

    Fix issue introduced in 20886264fe
    
    This makes _gnutls_resolve_priorities() return a string that is always
    allocated with the gnutls memory functions.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Sep 19 14:15:20 2018 +0200

    session tickets: check timestamp for validity
    
    We were previously only relying on the client's view of the
    ticket lifetime for TLS1.3 tickets. This makes sure that we
    only resume tickets that the server considers valid and consolidates
    the expiration time checks to _gnutls_check_resumed_params().
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Sep 20 10:11:42 2018 +0200

    ECC export/import: updated documentation on EdDSA curves
    
    This clarifies the format that parameters in the EdDSA curves
    will be returned, and also ensures that the import/export
    functions fail on unsupported curves.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Sep 19 15:03:32 2018 +0200

    tests: use virt-time.h in resumption tests
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Ander Juaristi <a@juaristi.eus>
Date:   Tue Sep 18 09:40:20 2018 +0200

    Added session ticket key rotation with TOTP
    
    This introduces session ticket key rotation on server side. The
    key set with gnutls_session_ticket_enable_server() is used as a
    master key to generate time-based keys for tickets. The rotation
    relates to the gnutls_db_set_cache_expiration() period.
    
    Resolves #184
    
    Signed-off-by: Ander Juaristi <a@juaristi.eus>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 03:05:51 2018 +0300

    certtool: print GOST public key with MSB first
    
    OpenSSL and other libraries print MSB first, when printing GOST public
    keys. Let's return to this convention.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 03:05:51 2018 +0300

    x509: print_pubkey: print GOST public key with MSB first
    
    OpenSSL and other libraries print MSB first, when printing GOST public
    keys. Let's return to this convention.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 00:53:17 2018 +0300

    lib: use little endian when importing/exporting GOST keys
    
    GOST R 34.10 native format is little endian. It is better for the
    application code to use native format data to interface library, rather
    than convert buffers on their own.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Tue Sep 18 00:51:05 2018 +0300

    mpi: add function to dprint mpi in little endianness
    
    Add little endian counterpart to _gnutls_mpi_dprint and
    _gnutls_mpi_dprint_le.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date:   Mon Sep 17 12:26:31 2018 +0300

    gnutls.h: correct GOST R number references [ci skip]
    
    Fix numeric GOST R ids used in documentation, too many numbers:
     - GOST R 34.11 is digest function
     - GOST R 34.10-2001 is a digital signature over GOST R 34.11-94 digest
     - GOST R 34.10-2012 is a digital signature over GOST R 34.11-2012 digest
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Mon Sep 17 10:12:38 2018 +0200

    Update git submodules via ./bootstrap
    
    Setting $SUBMODULE_NOFETCH to a non-empty value adds
    --no-fetch to the git command (for CI speedup).
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Sep 17 15:14:12 2018 +0200

    tests: pkcs1-pad: run with SHA-1 enabled or disabled
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Sep 17 12:58:38 2018 +0200

    .gitlab-ci.yml: enable run with SHA-1 enabled
    
    This adds a CI run with SHA-1 enabled, and corrects issues in the
    testsuite when that's the case.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Sep 17 09:28:08 2018 +0200

    gnutls_x509_trust_list_add_trust_mem: fix behavior with unaccounted certs
    
    If gnutls_x509_trust_list_add_cas returns less than clist_size, the additional
    unaccounted certificates will never be freed.
    
    Relates #552
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Sep 17 09:12:29 2018 +0200

    gnutls_x509_trust_list_add_cas: corrected return value
    
    When the flag GNUTLS_TL_USE_IN_TLS is used and add_new_ca_to_rdn_seq
    the return value did not include the last certificate added to the
    list. This corrects its return value.
    
    Relates #552
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Sep 17 09:10:24 2018 +0200

    fixed documentation in trust list functions
    
    That clarifies and addresses issues in the documentation of
    gnutls_x509_trust_list_add_crls() and gnutls_x509_trust_list_add_cas()
    
    Relates #552
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 16 15:54:41 2018 +0200

    tests: added CRL verification tests
    
    This tests CRL verification with certtool --verify-crl on correct
    and incorrect cases.
    
    Relates #564
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Sep 16 15:35:19 2018 +0200

    certtool: updates in documentation in messages for CRL generation
    
    This fixes the messages printed for the generation of a CRL, and
    makes the return code of the CRL verification depending on the
    verification result.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Sep 14 16:32:05 2018 +0200

    Fix variable used in reallocation
    
    This corrects the variable name used in the sizeof argument
    for realloc. This does not alter the actual allocation size,
    but rather it fixes a logic error.
    
    Relates: #554
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Aug 22 15:25:06 2018 +0200

    .gitignore: updated
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Aug 22 10:08:41 2018 +0200

    dtls: recover when a NewSessionTicket message is lost
    
    When the server's NewSessionTicket gets lost while the ChangeCipherSpec
    goes through, the client did not request retransmission by retransmitting
    his last flight, and the handshake was blocked. This commit addresses
    the issue and adds a reproducer.
    
    Resolves #543
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Mon Aug 27 17:44:35 2018 +0200

    tlsfuzzer: remove duplicate tests and sort them alphabetically
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Sep 10 17:35:08 2018 +0200

    doc: fix reference to invocation nodes
    
    Signed-off-by: Andreas Schwab <schwab@suse.de>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Aug 20 15:17:04 2018 +0200

    priority: be backwards compatible with priority strings starting with NONE
    
    That is, we allow priority strings which do not enable any groups to
    work, by disabling TLS1.3. For example
    'NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL'
    is still operational, but no TLS1.3 is enabled when specified.
    
    Resolves: #549
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 24 16:34:14 2018 +0200

    Use gnutls_strdup() instead of strdup() in library code
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Aug 24 16:27:36 2018 +0200

    Remove gnulib work-around '#undef strdup'
    
    The 'issue' should be fixed already. Even if not, it has to
    addressed in gnulib.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Tue Aug 21 15:02:56 2018 +0200

    ext/pre_shared_key: use consistent name for regitration entry
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Tue Aug 21 14:54:41 2018 +0200

    ext/pre_shared_key: make ticket age calculation consistent
    
    Previously we used a pattern like this:
    
      uint32_t obfuscated_ticket_age, ticket_age_add;
      time_t ticket_age;
    
      ticket_age = obfuscated_ticket_age - ticket_age_add;
      if (ticket_age < 0) {
            ...
      }
    
    This always evaluates to false, because subtraction between unsigned
    integers yields an unsigned integer.  Let's do the comparison before
    subtraction and also use correct types for representing time: uint32_t
    for protocol time and time_t for system time.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Fri Aug 17 15:45:20 2018 +0200

    tls13/psk_ext_parser: simplify the iterator interface
    
    Previously it was unclear whether psk_ext_parser_st is stateful or
    not.  This change introduces the simpler API to iterate over the
    immutable data (psk_ext_parser_st), following the iterator pattern.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Aug 21 16:18:11 2018 +0200

    gnutls-cli-debug: mention RFC8446 for TLS1.3 and RFC8422 for X25519
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Tue Aug 21 13:10:48 2018 +0200

    Remove --no-git from ./bootstrap [ci skip]
    
    This removes the --no-git option as bootstrap itself does not use
    the remote repository for cloning. At least as long $GNULIB_SRCDIR
    points to a recent enough local gnulib git repo.
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Aug 17 14:02:34 2018 +0200

    handshake: do not negotiate TLS1.3 using the legacy version field
    
    Previously we could end-up with a TLS1.3 connection if the TLS1.3
    ID was seen on the wire. We now explicitly fallback to TLS1.2
    when we see a protocol with TLS1.3 semantics in an SSL2.0 or
    in the legacy version of the client hello.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Aug 17 12:57:25 2018 +0200

    handshake: simplified protocol version checking functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Aug 17 10:50:15 2018 +0200

    tlsfuzzer: modify to use the final code points
    
    Relates #542
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:55:50 2018 +0200

    fuzz: updated traces for final TLS1.3 version
    
    Resolves #359
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:46:21 2018 +0200

    protocols: bumped TLS1.3 version number to RFC8446 value
    
    This adds support of the final RFC numbers.
    
    Resolves #542
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Tom Vrancken <dev@tomvrancken.nl>
Date:   Wed Aug 15 18:29:32 2018 +0200

    Implemented RFC7250 certificate type negotiation extensions.
    
    Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Fri Aug 10 14:06:16 2018 +0200

    ext/record_size_limit: new extension
    
    This implements the record_size_limit extension as defined in RFC 8449.
    
    Although it obsoletes the max_record_size extension, for compatibility
    reasons GnuTLS still sends it on certain occasions.  For example, when
    the new size is representable as the codepoint defined for
    max_record_size.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Tue Aug 14 16:46:12 2018 +0200

    ext/max_record: remove use of extension private data
    
    As the extension data is always stored in
    session->security_parameters.max_record_send_size, it shouldn't be
    necessary to track it with the private data.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Aug 17 14:43:30 2018 +0200

    gnutls_session_resumption_requested: fixed behavior under TLS1.3
    
    This makes gnutls_session_resumption_requested() functional under
    TLS1.3 and introduces a unit test of the function.
    
    Resolves #546
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Sun Aug 19 18:59:02 2018 +0200

    .gitlab-ci.yml: use --no-git to bootstrap
    
    That is, to reduce CI time, and avoid failures due to
    non-availability of the gnulib git repo.
    
    Resolves #547
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Aug 17 14:48:56 2018 +0200

    hello_ext: removed bogus comment
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Aug 17 16:08:37 2018 +0200

    .gitmodules: gnulib submodule is now synced from libidn's mirror
    
    This mirror is updated hourly and is hosted on gitlab, meaning
    less dependency on external sites downtime.
    
    Resolves: #547
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Andreas Metzler <ametzler@bebt.de>
Date:   Wed Aug 15 14:20:43 2018 +0200

    Fix two typos (overriden/guarranteed)
    
    Signed-off-by: Andreas Metzler <ametzler@bebt.de>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 21:47:53 2018 +0200

    doc: document the non-portability of NONE priority string
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:22:48 2018 +0200

    tools: check output of called functions
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 20:19:55 2018 +0200

    write_oid_and_params: moved nullity check of params earlier
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Aug 9 16:13:50 2018 +0200

    gnutls_session_set_premaster: corrected error checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Aug 9 16:12:36 2018 +0200

    pubkey_verify_hashed_data: apply algorithm checks
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Aug 9 16:09:21 2018 +0200

    privkey_sign_raw_data: use assert to mark code which always succeeds
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Aug 9 16:05:47 2018 +0200

    _gnutls_send_change_cipher_spec: removed unnecessary test
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Aug 13 21:04:56 2018 +0200

    .travis.yml: do not run brew upgrade
    
    This addresses issue with travis compilation on MacOSX.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Aug 7 16:27:19 2018 +0200

    gnutls_memset: use explicit_bzero
    
    That is, use the glibc function when available and the second
    parameter is zero.
    
    Resolves #230
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 09:52:55 2018 +0200

    use a consistent method to mark fall-through in switch cases
    
    Also document that method in contribution guide.
    
    Resolves #306
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Tue Aug 7 14:45:07 2018 +0200

    ext/pre_shared_key: prevent crash if no server credentials are set
    
    Previously, if server is configured without PSK credentials and the
    client authenticated with PSK, the server crashed with:
    
    Program received signal SIGSEGV, Segmentation fault.
    0x00007ffff7b190ba in server_recv_params (session=0x636fc0, data=0x634e6e "",
        len=46, pskcred=0x0) at pre_shared_key.c:523
    523                             prf = pskcred->binder_algo;
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Tue Aug 7 13:21:16 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable test-tls13-ffdhe-sanity.py,
    test-tls13-session-resumption.py, and
    test-tls13-unrecognised-groups.py.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Tue Aug 7 12:32:56 2018 +0200

    alert: map GNUTLS_E_NO_COMMON_KEY_SHARE to handshake_failure
    
    Previously, when server received a ClientHello that does include only
    groups from unassigned ranges in supported_groups, it aborted the
    connection with an illegal_parameter.
    
    Resolves #537
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Tue Aug 7 11:43:32 2018 +0200

    algorithms: add support for FFDHE6144
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 3 22:26:47 2018 +0200

    Corrected the importing of ECDSA public keys
    
    This seems to be a regression since EdDSA support. The call to
    _gnutls_x509_get_pk_algorithm() in public key import was unnecessary
    and in fact it was overriding the available curve with a curve associated
    with the OID. As the ECDSA OID doesn't include the curve, that had the
    result of deleting the already read curve.
    
    Resolves #538
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Aug 3 14:13:14 2018 +0200

    Ensure we are sending the right protocol version on second client hello
    
    That is, when we respond to a Hello Retry Request as client, we put
    the TLS1.2 version on the second client hello to send a hello that is
    as close as possible to the original hello. That effectively separates
    the handling of TLS1.2 rehandshake and TLS1.3 hello retry request
    when sending a client hello.
    
    Resolves #535
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 07:30:55 2018 +0200

    doc: improved text on certifications
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Tue Aug 7 07:13:35 2018 +0200

    doc: few improvements over certificate validation text
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Mon Jul 30 21:50:35 2018 +0200

    gnutls-serv: re-introduce the session identifier message
    
    The message "If your browser supports session resuming, then you should
    see the same session ID, when you press the reload button", is now printed
    again even under TLS1.3.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 30 16:48:26 2018 +0200

    resume: keep persistent session identifiers
    
    With the introduction of session ticket support (TLS1.2) and
    TLS1.3, session identifiers have no persistency on server or
    client side. Improve the situation by introducing persistent
    session identifiers on server side in a backwards compatible
    way.
    
    Resolves #484
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Thu Jul 19 15:57:59 2018 +0200

    .gitlab-ci.yml: include fuzz/*.log in artifacts
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Wed Jul 18 15:56:17 2018 +0200

    tests: tls-fuzzer: enable tests relying on header fragmentation
    
    Those tests were previously disabled because splitting of handshake
    messages in a very short (< 4 bytes) fragments is not implemented.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Thu Aug 2 15:44:15 2018 +0200

    record: send unexpected_message upon empty unencrypted records
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Fri Jul 27 06:30:41 2018 +0200

    buffers: handle very short fragmentation of handshake messages
    
    If the received record doesn't even complete the handshake
    header (i.e., the record size < 4), keep it in a temporary buffer and
    let the caller receive more records.  Once enough amount of data is
    received, move the already received records back to record_buffer and
    proceed to the normal processing.
    
    Fixes: #272
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Fri Jul 27 06:23:12 2018 +0200

    mbuffers: introduce _mbuffer_head_push_first
    
    This is similar to _mbuffer_enqueue, but adds an element to the
    beginning of the buffer.
    
    This is to make the incomplete header handling case easier.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Fri Jul 27 06:10:37 2018 +0200

    _gnutls_parse_record_buffered_msgs: eliminate local variable usage
    
    If `remain > 0` is true, `recv_buf[0].length > 0` always holds.
    Combine those conditions and remove the `remain` utilizing MIN().
    
    This is to make the incomplete header handling case easier.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Fri Jul 27 05:35:02 2018 +0200

    buffers: avoid confusion in fragment length calculation
    
    Previously, to calculate the fragment length, it added/subtracted one
    to the ending offset back and forth; that was not easier to read and
    couldn't handle empty payload messages in TLS.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Thu Aug 2 16:59:27 2018 +0200

    tlsfuzzer: update to the latest version
    
    Also enable test-tls13-0rtt-garbage.py.
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Daiki Ueno <dueno@redhat.com>
Date:   Mon Jul 16 11:30:05 2018 +0200

    TLS 1.3: ignore "early_data" extension
    
    As 0-RTT is still not implemented in GnuTLS, the server responds with
    1-RTT, by skipping decryption failure up to max_early_data_size, as
    suggested in 4.2.10 Early Data Detection.
    
    Resolves #512
    
    Signed-off-by: Daiki Ueno <dueno@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date:   Fri Aug 3 21:45:14 2018 +0200

    p11tool: print expiration time on certificates
    
    This is particularly useful when displaying information about a
    certificate trust store.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 19 15:52:26 2018 +0200

    tls1.3: server returns early on handshake when no cert is provided by client
    
    Under TLS1.3 the server knows the negotiated keys early, if no client
    certificate is sent. In that case, the server is not only able to
    transmit the session ticket immediately after its finished message,
    but is also able to transmit data, similarly to false start.
    
    Resolves #481
    Resolves #457
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Mon Jul 23 15:01:49 2018 +0200

    gnutls-serv: don't close connection properly when handshake is not yet complete
    
    In the case handshake is not yet complete and we need
    to terminate, it is because of an issue. As such prefer an
    unclear termination at this stage. This addresses error detection
    issues with tlsfuzzer.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Aug 2 16:16:27 2018 +0200

    gnutls-cli: corrected input buffer null-termination
    
    This was a regression in the previous cleanup at
    f138ff85df69976badce44a5c46157cce091020f included in
    3.6.3.
    
    Resolves #534
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Tue Jul 31 11:37:50 2018 +0200

    certtool: added example of converting to DER in manpage
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Tim Rühsen <tim.ruehsen@gmx.de>
Date:   Fri Jul 27 23:46:50 2018 +0200

    Fix gcc-8 -Wabi warnings
    
    Fixes #531
    
    Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Fri Jul 27 11:58:38 2018 +0200

    ext/key_share: check the validity of server key shares
    
    That is, when generating the public key based on the server's
    key share, ensure that the algorithms match completely with
    the key shares the client initially sent. This was detected
    by the updated traces for TLS1.3 fuzzying.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 26 15:37:58 2018 +0200

    gnutls-serv: improve output under TLS1.3
    
    That is, silence fields no longer applicable under TLS1.3
    and make sure that newer functions like gnutls_session_get_desc()
    get used when describing the session.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 26 15:06:34 2018 +0200

    fuzz: updated traces for latest TLS1.3 draft
    
    Relates #359
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 26 12:40:54 2018 +0200

    tests: run tls-fuzzer PSK testsuite
    
    Resolves #508
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 26 11:27:23 2018 +0200

    tests: added unit test of handshake with large certificate
    
    This checks whether handshake message fragmentation and de-fragmentation
    is functional on server and client.
    
    Resolves #513
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 26 11:02:37 2018 +0200

    certtool: eliminated limits in certificate export size
    
    That allows printing an exporting certificates of size only bounded
    by avail memory.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Thu Jul 26 10:56:25 2018 +0200

    certtool: eliminate maximum limit in fields read with READ_MULTI_LINE_TOKENIZED()
    
    This allows to generate a certificate with an extension of arbitrary size.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jul 25 16:41:38 2018 +0200

    gnutls.h: corrected typo
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jul 25 14:48:47 2018 +0200

    send_client_hello: don't override version after HRR is received
    
    When a Hello Retry Request is received, do not set our (transient)
    version to TLS1.2 on the second client hello. That's because both
    peers have already negotiated TLS1.3.
    
    This addresses issue with peers which may send a changecipherspec
    message at this stage, which is now allowed when our version is
    set to be TLS1.2. Introduced test suite using openssl and resumption
    using HRR which reproduces the issue.
    
    Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Author: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date:   Wed Jul 25 13:08:35 2018 +0200

    hello_ext_parse: apply the test for pre-shared key ext being last on client hello
    
    We were incorrectly insisting on pre-shared key extension being last in
    both client and server hello. That was incorrect, as only in client hello
    it is required by TLS1.3 to be last.
