diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-22 21:32:08 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-22 21:32:08 +0100 |
commit | 5ff4a69a32cf4b21b39d5f2d91f7381fd424783c (patch) | |
tree | f6b349c8363bcfd6edea42cc163a0a333834b5c3 /doc/TODO | |
parent | b6f8492ad3e45925c30dfa8c2abfb628a20471a0 (diff) | |
download | gnutls-5ff4a69a32cf4b21b39d5f2d91f7381fd424783c.tar.gz |
updated
Diffstat (limited to 'doc/TODO')
-rw-r--r-- | doc/TODO | 17 |
1 files changed, 8 insertions, 9 deletions
@@ -3,24 +3,23 @@ anything), contact the developer's mailing list (gnutls-dev@lists.gnupg.org), in order to avoid having people working on the same thing. Current list: -* Try to use _gnutls_hash_fast() and _gnutls_hmac_fast() where - possible. Especially when hashing/hmacing records. This would - allow direct usage of CPU or chip acceleration, which do not - typically allow multiple hashes. +* Add DTLS 1.2 support (RFC6347) +* Added heartbeat support (http://tools.ietf.org/html/draft-ietf-tls-dtls-heartbeat-04) * Add certificate image support (see RFC3709, RFC6170) * Perform signature calculation in PKCS #11 using not plain RSA but rather the combination of RSA-SHA256, RSA-SHA1 etc. That will allow the usage of more secure tokens that do not allow plain RSA. -* Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify - against, similarly to NSS way. -* Support replacing individual algorithms via a PKCS #11 module - - maybe use p11-kit for that. * Support PKCS#8 AES and DES-MD5 (tests/enc3pkcs8.pem) encrypted keys. -* Implement TLS-PSK with PKCS #11. + (openssl seems to use DES-MD5 to encrypt keys by default) * Add support for generating empty CRLs * Document the format for the supported DN attributes. * Audit the code +- Implement TLS-PSK with PKCS #11. +- Allow setting a PKCS #11 module to gnutls_x509_trust_list_t, to verify + against, similarly to NSS way. +- Support replacing individual algorithms via a PKCS #11 module - + maybe use p11-kit for that. - Add function to extract the signers of an openpgp key. Should be similar to gnutls_x509_crt_get_dn_oid(). - Add function to verify an openpgp key against a plain key. |