summaryrefslogtreecommitdiff
path: root/doc/TODO
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2012-01-22 21:32:08 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2012-01-22 21:32:08 +0100
commit5ff4a69a32cf4b21b39d5f2d91f7381fd424783c (patch)
treef6b349c8363bcfd6edea42cc163a0a333834b5c3 /doc/TODO
parentb6f8492ad3e45925c30dfa8c2abfb628a20471a0 (diff)
downloadgnutls-5ff4a69a32cf4b21b39d5f2d91f7381fd424783c.tar.gz
updated
Diffstat (limited to 'doc/TODO')
-rw-r--r--doc/TODO17
1 files changed, 8 insertions, 9 deletions
diff --git a/doc/TODO b/doc/TODO
index b7041d7a71..323e124089 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -3,24 +3,23 @@ anything), contact the developer's mailing list (gnutls-dev@lists.gnupg.org),
in order to avoid having people working on the same thing.
Current list:
-* Try to use _gnutls_hash_fast() and _gnutls_hmac_fast() where
- possible. Especially when hashing/hmacing records. This would
- allow direct usage of CPU or chip acceleration, which do not
- typically allow multiple hashes.
+* Add DTLS 1.2 support (RFC6347)
+* Added heartbeat support (http://tools.ietf.org/html/draft-ietf-tls-dtls-heartbeat-04)
* Add certificate image support (see RFC3709, RFC6170)
* Perform signature calculation in PKCS #11 using not plain
RSA but rather the combination of RSA-SHA256, RSA-SHA1 etc.
That will allow the usage of more secure tokens that do not
allow plain RSA.
-* Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify
- against, similarly to NSS way.
-* Support replacing individual algorithms via a PKCS #11 module -
- maybe use p11-kit for that.
* Support PKCS#8 AES and DES-MD5 (tests/enc3pkcs8.pem) encrypted keys.
-* Implement TLS-PSK with PKCS #11.
+ (openssl seems to use DES-MD5 to encrypt keys by default)
* Add support for generating empty CRLs
* Document the format for the supported DN attributes.
* Audit the code
+- Implement TLS-PSK with PKCS #11.
+- Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify
+ against, similarly to NSS way.
+- Support replacing individual algorithms via a PKCS #11 module -
+ maybe use p11-kit for that.
- Add function to extract the signers of an openpgp key. Should
be similar to gnutls_x509_crt_get_dn_oid().
- Add function to verify an openpgp key against a plain key.