diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-05-22 15:31:18 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-05-22 15:36:23 +0200 |
commit | d3d0e99d598c75f1b70580a8c70df5c616014dce (patch) | |
tree | 3888416f10c8b1e1468133d5707ae052141ef965 | |
parent | aa36f503bee962e314f12f7b3abbb19a34893b0a (diff) | |
download | gnutls-d3d0e99d598c75f1b70580a8c70df5c616014dce.tar.gz |
Tried to document recent changes.
-rw-r--r-- | NEWS | 90 | ||||
-rw-r--r-- | src/certtool-gaa.c | 2 | ||||
-rw-r--r-- | src/certtool.gaa | 2 |
3 files changed, 89 insertions, 5 deletions
@@ -3,10 +3,94 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. See the end for copying conditions. -* Version 2.9.11 (unreleased) +* Version 2.11.0 (unreleased) + +** libgnutls: Added PKCS #11 support and an API to access objects in +gnutls/pkcs11.h. Currently certificates and public keys can be +imported from tokens, and operations can be performed on private keys. + +** libgnutls: Added abstract gnutls_privkey_t and gnutls_pubkey_t + +** libgnutls: Added initial support for the nettle library (unsupported) + +** libgnutls: Corrected issue on the %SSL3_RECORD_VERSION priority string. It now + works even when resuming a session. + +** libgnutls: Added gnutls_certificate_set_retrieve_function() to replace the +similar gnutls_certificate_set_server_retrieve_function() and +gnutls_certificate_set_client_retrieve_function(). In addition it support +PKCS #11 private keys. + +** certtool: Added new options: --pkcs11-list-tokens, --pkcs11-list-all +--pkcs11-list-all-certs, --pkcs11-list-trusted, --pkcs11-list-certs + +** gnutls-cli/gnutls-serv: --x509cafile, --x509certfile and --x509keyfile +can now accept a PKCS #11 URL in addition to a file. This will allow for +example to use the Gnome-keyring trusted certificate list to verify +connections using a url such as: +pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;manufacturer=Gnome%20Keyring + +** API and ABI modifications: +gnutls_certificate_set_server_retrieve_function: DEPRECATED +gnutls_certificate_set_client_retrieve_function: DEPRECATED +gnutls_sign_callback_set: DEPRECATED +gnutls_certificate_set_retrieve_function: ADDED +gnutls_pkcs11_init: ADDED +gnutls_pkcs11_deinit: ADDED +gnutls_pkcs11_set_pin_function: ADDED +gnutls_pkcs11_set_token_function: ADDED +gnutls_pkcs11_add_provider: ADDED +gnutls_pkcs11_obj_init: ADDED +gnutls_pkcs11_obj_import_url: ADDED +gnutls_pkcs11_obj_export_url: ADDED +gnutls_pkcs11_obj_deinit: ADDED +gnutls_pkcs11_obj_list_deinit: ADDED +gnutls_pkcs11_obj_list_import_url: ADDED +gnutls_x509_crt_import_pkcs11: ADDED +gnutls_pkcs11_obj_get_type: ADDED +gnutls_x509_crt_list_import_pkcs11: ADDED +gnutls_x509_crt_import_pkcs11_url: ADDED +gnutls_pkcs11_obj_get_info: ADDED +gnutls_pkcs11_token_get_info: ADDED +gnutls_pkcs11_token_get_url: ADDED +gnutls_pkcs11_privkey_init: ADDED +gnutls_pkcs11_privkey_deinit: ADDED +gnutls_pkcs11_privkey_get_pk_algorithm: ADDED +gnutls_pkcs11_privkey_get_info: ADDED +gnutls_pkcs11_privkey_import_url: ADDED +gnutls_pkcs11_privkey_sign_data: ADDED +gnutls_pkcs11_privkey_sign_hash: ADDED +gnutls_pkcs11_privkey_decrypt_data: ADDED +gnutls_privkey_init: ADDED +gnutls_privkey_deinit: ADDED +gnutls_privkey_get_pk_algorithm: ADDED +gnutls_privkey_get_type: ADDED +gnutls_privkey_import_pkcs11: ADDED +gnutls_privkey_import_x509: ADDED +gnutls_privkey_import_openpgp: ADDED +gnutls_privkey_sign_data: ADDED +gnutls_privkey_sign_hash: ADDED +gnutls_privkey_decrypt_data: ADDED +gnutls_pkcs11_privkey_export_url: ADDED +gnutls_x509_crq_privkey_sign: ADDED +gnutls_x509_crl_privkey_sign: ADDED +gnutls_x509_crt_privkey_sign: ADDED +gnutls_pubkey_init: ADDED +gnutls_pubkey_deinit: ADDED +gnutls_pubkey_get_pk_algorithm: ADDED +gnutls_pubkey_import_x509: ADDED +gnutls_pubkey_import_openpgp: ADDED +gnutls_pubkey_get_pk_rsa_raw: ADDED +gnutls_pubkey_get_pk_dsa_raw: ADDED +gnutls_pubkey_export: ADDED +gnutls_pubkey_get_key_id: ADDED +gnutls_pubkey_get_key_usage: ADDED +gnutls_pkcs11_type_get_name: ADDED +gnutls_pubkey_import_pkcs11_url: ADDED +gnutls_pubkey_import: ADDED +gnutls_x509_crt_set_pubkey: ADDED +gnutls_x509_crq_set_pubkey: ADDED -** API and ABI modifications: -No changes since last version. * Version 2.9.10 (released 2010-04-22) diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index e24a0a4a16..538c502761 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -179,7 +179,7 @@ void gaa_help(void) __gaa_helpsingle(0, "pkcs-cipher", "CIPHER ", "Cipher to use for pkcs operations (3des,aes-128,aes-192,aes-256,rc2-40)."); __gaa_helpsingle(0, "pkcs11-provider", "Library ", "Specify the pkcs11 provider library"); __gaa_helpsingle(0, "pkcs11-export-url", "URL ", "Export data specified a pkcs11 URL"); - __gaa_helpsingle(0, "pkcs11-list-certs", "", "List certificates specified by a PKCS#11 URL"); + __gaa_helpsingle(0, "pkcs11-list-certs", "", "List certificates that have a private key specified by a PKCS#11 URL"); __gaa_helpsingle(0, "pkcs11-list-trusted", "", "List certificates marked as trusted, specified by a PKCS#11 URL"); __gaa_helpsingle(0, "pkcs11-list-all-certs", "", "List all certificates specified by a PKCS#11 URL"); __gaa_helpsingle(0, "pkcs11-list-all", "", "List all objects specified by a PKCS#11 URL"); diff --git a/src/certtool.gaa b/src/certtool.gaa index f84b6dbb8d..7ad13a114a 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -140,7 +140,7 @@ option (pkcs11-provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pk option (pkcs11-export-url) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1; } "Export data specified a pkcs11 URL" #int pkcs11_type; -option (pkcs11-list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates specified by a PKCS#11 URL" +option (pkcs11-list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key specified by a PKCS#11 URL" option (pkcs11-list-trusted) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted, specified by a PKCS#11 URL" option (pkcs11-list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a PKCS#11 URL" option (pkcs11-list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL" |