diff options
Diffstat (limited to 'doc/TODO')
-rw-r--r-- | doc/TODO | 47 |
1 files changed, 2 insertions, 45 deletions
@@ -2,48 +2,5 @@ If you want to contribute (implement something from the current list, or anything), contact the developer's mailing list (gnutls-dev@lists.gnupg.org), in order to avoid having people working on the same thing. -Current list: -* Add API to allow multiplexing multiple streams under DTLS. The streams - should be identified by the application using the raw packet, via a - callback. -* Check https://github.com/yymax/x509test and evaluate whether it makes - sense to include it in our self tests. -* gnutls-cli: Allow separation of the connecting IP and the hostname to - advertize or check. That is, allow specifying an IP to connect to and - a hostname to check. -* Allow the manipulation of certificates, i.e., allow to remove fields. -* Handle the following X.509 extensions: - 2.5.29.36: Policy Constraints - 2.5.29.33: Policy Mappings - 2.5.29.54: Inhibit Any-policy - 2.5.29.46: Freshest CRL -* Add support for RSA-PSS. This signature algorithm is seen in some - passport CAs. Should be added in nettle and then in gnutls. -- Handle openconnect's TSS files in gnutls_certificate_set_x509_key_file(). -- Allow setting a fixed key on the anonymous key exchange methods (to allow - it being used with the tofu API). -- Add certificate image support (see RFC3709, RFC6170) -- RFC 3280 compliant certificate path validation. - - Reject extensions in v1 certificates. -- Perform signature calculation in PKCS #11 using not plain - RSA but rather the combination of RSA-SHA256, RSA-SHA1 etc. - That will allow the usage of tokens that do not allow plain RSA. -- Support PKCS#8 DES-MD5 (tests/enc3pkcs8.pem) encrypted keys. - (openssl seems to use DES-MD5 to encrypt keys by default) -- Document the format for the supported DN attributes. -- Audit the code -- Add function to extract the signers of an openpgp key. Should - be similar to gnutls_x509_crt_get_dn_oid(). -- Add function to verify an openpgp key against a plain key. -- Clean up name space of helper functions in library (memmem, - firstElement, bit_mask, ...) for platforms that libtool's - -export-symbols-regex doesn't work. -- Update the current test suite, using the newest NIST's PKI Test vectors, - see http://csrc.nist.gov/pki/testing/x509paths.html -- Make gnutls-cli-debug exit with better error messages if the - handshake fails, rather than saying that the server doesn't support - TLS. - -(+) Means high priority -(*) Means medium priority -(-) Means low priority (ie. nobody is interested to develop that) +The TODO list is now kept as issues at gitlab, check: +https://gitlab.com/gnutls/gnutls/issues |