GnuTLS NEWS -- History of user-visible changes.                -*- outline -*-
Copyright (C) 2000-2016 Free Software Foundation, Inc.
Copyright (C) 2013-2016 Nikos Mavrogiannopoulos
See the end for copying conditions.

* Version 3.4.17 (released 2016-12-8)

** libgnutls: Introduced time and constraints checks in the end certificate
   in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct()
   functions.

** libgnutls: Set limits on the maximum number of alerts handled. That is,
   applications using gnutls could be tricked into an busy loop if the
   peer sends continuously alert messages. Applications which set a maximum
   handshake time (via gnutls_handshake_set_timeout) will eventually recover
   but others may remain in a busy loops indefinitely. This is related but
   not identical to CVE-2016-8610, due to the difference in alert handling
   of the libraries (gnutls delegates that handling to applications).

** libgnutls: Enhanced the PKCS#7 parser to allow decoding old
   (pre-rfc5652) structures with arbitrary encapsulated content.

** libgnutls: Backported cipher priorities order from 3.5.x branch. That
   adds CHACHA20-POLY1305 ciphersuite to SECURE priority strings.

** certtool: When exporting a CRQ in DER format ensure no text data are
   intermixed. Patch by Dmitry Eremin-Solenikov.

** API and ABI modifications:
gnutls_pkcs7_get_embedded_data_oid: Added


* Version 3.4.16 (released 2016-10-09)

** libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key()
   failures due to key mismatch. This prevents leaks or double freeing
   on such failures.

** libgnutls: Increased the maximum size of the handshake message hash.
   This will allow the library to cope better with larger packets, as
   the ones offered by current TLS 1.3 drafts.

** libgnutls: Allow to use client certificates despite them containing
   disallowed algorithms for a session. That allows for example a client
   to use DSA-SHA1 due to his old DSA certificate, without requiring him
   to enable DSA-SHA1 (and thus make it acceptable for the server's certificate).

** guile: Backported all improvements from 3.5.x branch.

** guile: Update code to the I/O port API of Guile >= 2.1.4
   This makes sure the GnuTLS bindings will work with the forthcoming 2.2
   stable series of Guile, of which 2.1 is a preview.

** API and ABI modifications:
No changes since last version.


* Version 3.4.15 (released 2016-09-08)

** libgnutls: Corrected the comparison of the serial size in OCSP response.
   Previously the OCSP certificate check wouldn't verify the serial length
   and could succeed in cases it shouldn't (GNUTLS-SA-2016-3).
   Reported by Stefan Buehler.

** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was
   ignoring flags if all certificates in the list fit within the
   initially allocated memory.

** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt()
   to return invalid pointers when returned more than a single certificate.
   Report and fix by Stefan Sørensen.

** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain.
   Report and fix by Stefan Sørensen.

** libgnutls: Added support for decrypting PKCS#8 files which use the HMAC-SHA256
   as PRF.

** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA
   keys. The signature is now written as unsigned integers into the DSASignatureValue
   structure. Previously signed integers could be written depending on what
   the underlying module would produce. Addresses #122.

** API and ABI modifications:
No changes since last version.


* Version 3.4.14 (released 2016-07-06)

** libgnutls: Address issue when utilizing the p11-kit trust store
   for certificate verification (GNUTLS-SA-2016-2).

** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by
   Guillaume Roguez.

** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects
   from SafeNet Network HSM. Reported by Anthony Alba.

** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report
   and fix by Stanislav Židek.

** API and ABI modifications:
No changes since last version.


* Version 3.4.13 (released 2016-06-06)

** libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with
   NSS instead of using a separate variable; in addition append any keys to
   the file instead of overwriting it.

** libgnutls: use secure_getenv() where available to obtain environment
   variables. Addresses GNUTLS-SA-2016-1.

** API and ABI modifications:
No changes since last version.


* Version 3.4.12 (released 2016-05-20)

** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This
   cipher is prioritized after AES-GCM.

** libgnutls: Fixes in gnutls_privkey_import_ecc_raw().

** libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the
   GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that
   operation could fail on certain PKCS#11 modules.

** libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url()
   can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.

** libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS
   name of the certificates if the provided names are NULL.

** libgnutls: when receiving SNI names, only save and expose to application
   the supported DNS names.

** libgnutls: when importing the certificate names at the
   gnutls_certificate_set* functions, only consider the CN as a fallback
   if DNS names are provided via the alternative name extension.

** gnutls-cli: on OCSP verification do not fail if we have a single valid
   reply. Report and reproducer by Thomas Klute.

** libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to
   log session keys in client side. These session keys are compatible with
   the NSS Key Log Format and can be used to decrypt the session for
   debugging using wireshark.

** API and ABI modifications:
No changes since last version.


* Version 3.4.11 (released 2016-04-11)

** libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. Reported
   by Fridolin Pokorny.

** libgnutls: Fixes in DSA key generation under PKCS #11. Report and patches
   by Jan Vcelak.

** libgnutls: Corrected behavior of ALPN extension parsing during session
   resumption. Report and patches by Yuriy M. Kaminskiy.

** libgnutls: Corrected regression (since 3.4.0) in gnutls_server_name_set()
   which caused it not to accept non-null-terminated hostnames. Reported
   by Tim Ruehsen.

** libgnutls: Corrected printing of the IP Adress name constraints.

** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers
   serving chunk encoding which ocsptool doesn't support. Reported by Thomas
   Klute.

** certtool: do not require a CA for OCSP signing tag. This follows the
   recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP
   signing to another certificate without requiring it to be a CA. Reported
   by Thomas Klute.


** API and ABI modifications:
No changes since last version.


* Version 3.4.10 (released 2016-03-03)

** libgnutls: Eliminated issues preventing buffers more than 2^32 bytes
   to be used with hashing functions.

** libgnutls: Corrected leaks and other issues in gnutls_x509_crt_list_import().

** libgnutls: Fixes in DSA key handling for PKCS #11. Report and patches
   by Jan Vcelak.

** libgnutls: Several fixes to prevent relying on undefined behavior of C
   (found with libubsan).

** API and ABI modifications:
No changes since last version.


* Version 3.4.9 (released 2016-02-03)

** libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would negotiate
   the last commonly supported protocol, rather than the first. Reported by
   Remi Denis-Courmont (#63).

** libgnutls: Tolerate empty DN fields in informational output functions.

** libgnutls: Corrected regression causes by incorrect fix in
   gnutls_x509_ext_export_key_usage() at 3.4.8 release.

** API and ABI modifications:
No changes since last version.


* Version 3.4.8 (released 2016-01-08)

** libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey() when
   used with PKCS #11 keys.

** libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import
   their public keys from either a public key object or a certificate.
   That is, because private keys do not contain all the required
   parameters for a direct import. Reported by Jan Vcelak.

** libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11
   tokens.

** libgnutls: Fixed out-of-bounds read in gnutls_x509_ext_export_key_usage(),
   report and patch by Tim Kosse.

** libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to conform to
   draft-ietf-tls-chacha20-poly1305-02.

** libgnutls: Several fixes in PKCS #7 signing which improve compatibility
   with the MacOSX tools. Reported by sskaje (#59).

** libgnutls: The max-record extension not negotiated on DTLS. This resolves
   issue with the max-record being negotiated but ignored.

** certtool: Added the --p7-include-cert and --p7-show-data options.

** API and ABI modifications:
gnutls_pkcs7_get_embedded_data: Added


* Version 3.4.7 (released 2015-11-22)

** libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384
   ciphersuites. This solves an interoperability issue with openssl.
   Reported by Viktor Dukhovni.

** libgnutls: Corrected the setting of salt size in gnutls_pkcs12_mac_info().

** libgnutls: On a rehandshake allow switching from anonymous to ECDHE and
   DHE ciphersuites.

** libgnutls: Corrected regression from 3.3.x which prevented ARCFOUR128
   from using arbitrary key sizes. Reported by Andreas Schneider.

** libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skipping
   the implicit global initialization.

** gnutls.pc: Don't include libtool specific options to link flags.
   Reported by Dan Kegel.

** tools: Better support for FTP AUTH TLS negotiation

** API and ABI modifications:
gnutls_x509_crt_set_issuer_unique_id: Added
gnutls_x509_crt_set_subject_unique_id: Added
gnutls_certificate_set_flags: Added
GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH: Added


* Version 3.4.6 (released 2015-10-20)

** libgnutls: Added new simple verification functions. That avoids the need
   to install a callback to perform certificate verification. See
   doc/examples/ex-client-x509.c for usage.

** libgnutls: Introduced the security parameter 'future' which is at
   the 256-bit level of security, and 'ultra' was aligned to its documented
   size at 192-bits.

** libgnutls: When writing a certificate into a PKCS #11 token, ensure
   that CKA_SERIAL_NUMBER and CKA_ISSUER are written. Reported by Sumit
   Bose.

** libgnutls: Allow the presence of legacy ciphers and key exchanges in
   priority strings and consider them a no-op.

** libgnutls: Handle the extended master secret as a mandatory extension.
   That fixes incompatibility issues with Chromium (#45). Reported by
   Hubert Kario.

** libgnutls: Added the ability to copy a public key into a PKCS #11
   token.

** tools: Added support for LDAP and XMPP negotiation for STARTTLS.

** p11tool: Allow writing a public key into a PKCS #11 token.

** certtool: Key generation security level was switched to HIGH. That
   is, by default the tool generates 3072 bit keys for RSA and DSA.

** API and ABI modifications:
gnutls_session_set_verify_function: Added
gnutls_session_set_verify_cert: Added
gnutls_session_set_verify_cert2: Added
gnutls_session_get_verify_cert_status: Added
gnutls_pkcs11_copy_pubkey: Added


* Version 3.4.5 (released 2015-09-12)

** libgnutls: When re-importing CRLs to a trust list ensure that there
   no duplicate entries.

** certtool: Removed any arbitrary limits imposed on input file sizes
   and maximum number of certificates imported.

** certtool: Allow specifying fixed dates on CRL generation.

** gnutls-cli-debug: Added check for inappropriate fallback support
   (RFC7507).

** API and ABI modifications:
No changes since last version.


* Version 3.4.4 (released 2015-08-10)

** libgnutls: added high level API (gnutls_prf_rfc5705) to access
   the PRF as specified by RFC5705. Suggestion and original patch
   by Rick van Rein.

** libgnutls: Link to trousers (TPM library) dynamically when this
   functionality is requested.

** libgnutls: Fix issue with server side sending the status request
   extension even when not requested. Reported by Jeremy Harris.

** libgnutls: Added support for RFC7507 by introducing the %FALLBACK_SCSV
   priority string option. Patch by Alessandro Ghedini.

** libgnutls: gnutls_pkcs11_privkey_generate2() will store the generated
   public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag is
   specified.

** libgnutls: Corrected regression from 3.4.3 in loading PKCS #8 keys as
   fallback. Reported by Daniel Berrange.

** libgnutls: Allow the parsing of very long DNs. Also fixes double free
   in DN decoding [GNUTLS-SA-2015-3].

** API and ABI modifications:
gnutls_prf_rfc5705: Added
gnutls_hex_encode2: Added
gnutls_hex_decode2: Added


* Version 3.4.3 (released 2015-07-12)

** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for
   dates prior to 2050.

** libgnutls: Force 16-byte alignment to all input to ciphers (previously it
   was done only when cryptodev was enabled).

** libgnutls: Removed support for pthread_atfork() as it has undefined
   semantics when used with dlopen(), and may lead to a crash.

** libgnutls: corrected failure when importing plain files 
   with gnutls_x509_privkey_import2(), and a password was provided.

** libgnutls: Don't reject certificates if a CA has the URI or IP address
   name constraints, and the end certificate doesn't have an IP address 
   name or a URI set.

** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites.

** p11tool: Added --list-token-urls option, and print the token module name
   in list-tokens.

** API and ABI modifications:
gnutls_ecc_curve_get_oid: Added
gnutls_digest_get_oid: Added
gnutls_pk_get_oid: Added
gnutls_sign_get_oid: Added
gnutls_ecc_curve_get_id: Added
gnutls_oid_to_digest: Added
gnutls_oid_to_pk: Added
gnutls_oid_to_sign: Added
gnutls_oid_to_ecc_curve: Added
gnutls_pkcs7_get_signature_count: Added


* Version 3.4.2 (released 2015-06-16)

** libgnutls: DTLS blocking API is more robust against infinite blocking,
and will notify of more possible timeouts.

** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported
by Manuel Pegourie-Gonnard.

** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That
allows to disable SIGPIPE for writes done within gnutls.

** libgnutls: Enhanced the PKCS #7 API to allow signing and verification
of structures. API moved to gnutls/pkcs7.h header.

** certtool: Added options to generate PKCS #7 bundles and signed
structures.

** API and ABI modifications:
gnutls_x509_dn_get_str: Added
gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added
gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added
gnutls_x509_crt_verify_data2: Added
gnutls_pkcs7_get_crt_raw2: Added
gnutls_pkcs7_signature_info_deinit: Added
gnutls_pkcs7_get_signature_info: Added
gnutls_pkcs7_verify_direct: Added
gnutls_pkcs7_verify: Added
gnutls_pkcs7_get_crl_raw2: Added
gnutls_pkcs7_sign: Added
gnutls_pkcs7_attrs_deinit: Added
gnutls_pkcs7_add_attr: Added
gnutls_pkcs7_get_attr: Added
gnutls_pkcs7_print: Added


* Version 3.4.1 (released 2015-05-03)

** libgnutls: gnutls_certificate_get_ours: will return the certificate even
if a callback was used to send it.

** libgnutls: Check for invalid length in the X.509 version field. Without
the check certificates with invalid length would be detected as having an
arbitrary version. Reported by Hanno Böck.

** libgnutls: Handle DNS name constraints with a leading dot. Patch by
Fotis Loukos.

** libgnutls: Updated system-keys support for windows to compile in more
versions of mingw. Patch by Tim Kosse.

** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
Karthikeyan Bhargavan [GNUTLS-SA-2015-2].

** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout
by default. That caused issues with non-blocking programs.

** certtool: It can generate SHA256 key IDs.

** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.

** configure: re-enabled the --enable-local-libopts flag

** API and ABI modifications:
gnutls_x509_crt_get_pk_ecc_raw: Added


* Version 3.4.0 (released 2015-04-08)

** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
ciphersuites. The former are enabled by default, the latter need to be
explicitly enabled, since they reduce the overall security level.

** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
That is currently provided as technology preview and is not enabled by
default, since there are no assigned ciphersuite points by IETF and there 
is no guarrantee of compatibility between draft versions. The ciphersuite
priority string to enable it is "+CHACHA20-POLY1305".

** libgnutls: Added support for encrypt-then-authenticate in CBC
ciphersuites (RFC7366 -taking into account its errata text). This is
enabled by default and can be disabled using the %NO_ETM priority
string.

** libgnutls: Added support for the extended master secret
(triple-handshake fix) following draft-ietf-tls-session-hash-02.

** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).

** libgnutls: SSL 3.0 is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+VERS-SSL3.0".

** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
list. It has to be explicitly enabled, e.g., with a string like
"NORMAL:+ARCFOUR-128".

** libgnutls: DSA signatures and DHE-DSS are no longer included in the
default priorities list. They have to be explicitly enabled, e.g., with
a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
DSA ciphersuites were dropped because they had no deployment at all
on the internet, to justify their inclusion.

** libgnutls: The priority string EXPORT was completely removed. The string
was already defunc as support for the EXPORT ciphersuites was removed in
GnuTLS 3.2.0.

** libgnutls: Added API to utilize system specific private keys in
"gnutls/system-keys.h". It is currently provided as technology preview
and is restricted to windows CNG keys.

** libgnutls: gnutls_x509_crt_check_hostname() and friends will use
RFC6125 comparison of hostnames. That introduces a dependency on libidn.

** libgnutls: Depend on p11-kit 0.23.1 to comply with the final
PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21).

** libgnutls: Depend on nettle 3.1.

** libgnutls: Use getrandom() or getentropy() when available. That
avoids the complexity of file descriptor handling and issues with
applications closing all open file descriptors on startup.

** libgnutls: Use pthread_atfork() to detect fork when available.

** libgnutls: If a key purpose (extended key usage) is specified for verification,
it is applied into intermediate certificates. The verification result
GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. 

** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in
combination with PKCS #11, or TPM URLs, it will utilize the provided
password as PIN if required. That removes the requirement for the
application to set a callback for PINs in that case.

** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are 
restricted to the corresponding protocols only, and the VERS-ALL
string is introduced to catch all possible protocols.

** libgnutls: Added helper functions to obtain information on PKCS #8
structures.

** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t
will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED.

** libgnutls: Added functions to export and set the record state. That
allows for gnutls_record_send() and recv() to be offloaded (to kernel,
hardware or any other subsystem).

** libgnutls: Added the ability to register application specific URL
types, which express certificates and keys using gnutls_register_custom_url().

** libgnutls: Added API to override existing ciphers, digests and MACs, e.g.,
to override AES-GCM using a system-specific accelerator. That is, (crypto.h)
gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(),
gnutls_crypto_register_mac(), and gnutls_crypto_register_digest().

** libgnutls: Added gnutls_ext_register() to register custom extensions.
Contributed by Thierry Quemerais.

** libgnutls: Added gnutls_supplemental_register() to register custom
supplemental data handshake messages. Contributed by Thierry Quemerais.

** libgnutls-openssl: it is no longer built by default.


** certtool: Added --p8-info option, which will print PKCS #8 information
even if the password is not available.

** certtool: --key-info option will print PKCS #8 encryption information
when available.

** certtool: Added the --key-id and --fingerprint options.

** certtool: Added the --verify-hostname, --verify-email and --verify-purpose
options to be used in certificate chain verification, to simulate verification
for specific hostname and key purpose (extended key usage).

** certtool: --p12-info option will print PKCS #12 MAC and cipher information
when available.

** certtool: it will print the A-label (ACE) names in addition to UTF-8.

** p11tool: added options --set-id and --set-label.

** gnutls-cli: added options --priority-list and --save-cert.

** guile: Deprecated priority API has been removed. The old priority API, 
which had been deprecated for some time, is now gone; use 'set-session-priorities!'
instead.

** guile: Remove RSA parameters and related procedures. This API had been 
deprecated.  

** guile: Fix compilation on MinGW. Previously only the static version of the 
'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.

** API and ABI modifications:
gnutls_record_get_state: Added
gnutls_record_set_state: Added
gnutls_aead_cipher_init: Added
gnutls_aead_cipher_decrypt: Added
gnutls_aead_cipher_encrypt: Added
gnutls_aead_cipher_deinit: Added
gnutls_pkcs12_generate_mac2: Added
gnutls_pkcs12_mac_info: Added
gnutls_pkcs12_bag_enc_info: Added
gnutls_pkcs8_info: Added
gnutls_pkcs_schema_get_name: Added
gnutls_pkcs_schema_get_oid: Added
gnutls_pcert_export_x509: Added
gnutls_pcert_export_openpgp: Added
gnutls_pcert_import_x509_list: Added
gnutls_pkcs11_privkey_cpy: Added
gnutls_x509_crq_get_signature_algorithm: Added
gnutls_x509_trust_list_iter_get_ca: Added
gnutls_x509_trust_list_iter_deinit: Added
gnutls_x509_trust_list_get_issuer_by_dn: Added
gnutls_pkcs11_get_raw_issuer_by_dn: Added
gnutls_certificate_get_trust_list: Added
gnutls_privkey_export_x509: Added
gnutls_privkey_export_pkcs11: Added
gnutls_privkey_export_openpgp: Added
gnutls_privkey_import_ext3: Added
gnutls_certificate_get_x509_key: Added
gnutls_certificate_get_x509_crt: Added
gnutls_certificate_get_openpgp_key: Added
gnutls_certificate_get_openpgp_crt: Added
gnutls_record_discard_queued: Added
gnutls_session_ext_master_secret_status: Added
gnutls_priority_string_list: Added
gnutls_dh_params_import_raw2: Added
gnutls_memset: Added
gnutls_memcmp: Added
gnutls_pkcs12_bag_set_privkey: Added
gnutls_ocsp_resp_get_responder_raw_id: Added
gnutls_system_key_iter_deinit: Added
gnutls_system_key_iter_get_info: Added
gnutls_system_key_delete: Added
gnutls_system_key_add_x509: Added
gnutls_system_recv_timeout: Added
gnutls_register_custom_url: Added
gnutls_pkcs11_obj_list_import_url3: Added
gnutls_pkcs11_obj_list_import_url4: Added
gnutls_pkcs11_obj_set_info: Added
gnutls_crypto_register_cipher: Added
gnutls_crypto_register_aead_cipher: Added
gnutls_crypto_register_mac: Added
gnutls_crypto_register_digest: Added
gnutls_ext_register: Added
gnutls_supplemental_register: Added
gnutls_supplemental_recv: Added
gnutls_supplemental_send: Added
gnutls_openpgp_crt_check_email: Added
gnutls_x509_crt_check_email: Added
gnutls_handshake_set_hook_function: Modified
gnutls_pkcs11_privkey_generate3: Added
gnutls_pkcs11_copy_x509_crt2: Added
gnutls_pkcs11_copy_x509_privkey2: Added
gnutls_pkcs11_obj_list_import_url: Removed
gnutls_pkcs11_obj_list_import_url2: Removed
gnutls_certificate_client_set_retrieve_function: Removed
gnutls_certificate_server_set_retrieve_function: Removed
gnutls_certificate_set_rsa_export_params: Removed
gnutls_certificate_type_set_priority: Removed
gnutls_cipher_set_priority: Removed
gnutls_compression_set_priority: Removed
gnutls_kx_set_priority: Removed
gnutls_mac_set_priority: Removed
gnutls_protocol_set_priority: Removed
gnutls_rsa_export_get_modulus_bits: Removed
gnutls_rsa_export_get_pubkey: Removed
gnutls_rsa_params_cpy: Removed
gnutls_rsa_params_deinit: R
...