2017-03-16  Werner Koch  <wk@gnupg.org>

	Release 0.1.1.
	+ commit 5de470fbeb7b6d92070206414d130dfb53d96e69


	Implement ECDHE-RSA key exchange.
	+ commit 17efdd6202ed0901b51bfd1045e7e48e3a8a3ead
	* src/ecdh.c: New file.
	* src/Makefile.am (libntbtls_la_SOURCES): Add new file.
	* src/context.h (ecdh_context_t): New type.
	(_ntbtls_handshake_params_s): Use new type for 'ecdh_ctx'.
	* src/protocol.c (handshake_params_init): Init ECDH_CTX.
	(handshake_params_deinit): Deinit ECDH_CTX.
	(ssl_write_hello_request): Rename to write_hello_request.  Change
	caller.
	* src/protocol-cli.c (write_supported_elliptic_curves_ext): Implement.
	(write_cli_supported_point_formats_ext): Implement.
	(write_client_hello): Call them.
	(parse_supported_point_formats_ext): Implement.
	(parse_server_ecdh_params): Implement.
	(parse_signature_algorithm): Fix debug output.
	(read_server_key_exchange): Improve debug output.
	(write_client_key_exchange): Implement ECDHE key exchange.
	* src/ciphersuites.c (_ntbtls_ciphersuite_list): Advertise ECDHE_RSA
	key exchange.

	New debug macro for print a point value.
	+ commit 1fc1669e037cfcc1cef1c1af58141d5aace2e9d2
	* src/debug.c (_ntbtls_debug_pnt): New.
	* src/util.h (debug_pnt): New macro.

2017-03-08  Justus Winter  <justus@gnupg.org>

	build: Use macOS' compatibility macros to enable all features.
	+ commit e582e91e47a164816ac074b9078dbed8537601dc
	* configure.ac: On macOS, use the compatibility macros to expose every
	feature of the libc.  This is the equivalent of _GNU_SOURCE on GNU
	libc.

2017-02-23  Werner Koch  <wk@gnupg.org>

	Make ntbtls-cli work for W32.
	+ commit 23670ada738071ec464c9a40f6b3528e23998655
	* src/ntbtls-cli.c: Include errno.h.
	(w32_cookie_read) [W32]: New.
	(w32_write_server) [W32]: New.
	(w32_cookie_write) [W32]: New.
	(w32_cookie_functions) [W32]: New.
	(connect_estreams) [W32]: Use es_fopencookie.
	(main) [W32]: Init Winsock.

2017-02-21  Werner Koch  <wk@gnupg.org>

	Release 0.1.0.
	+ commit 50ad7a2206bac7682195e8285af96e0d790891b3


	Remove now superfluous functions from the public API.
	+ commit 8a3e8a9948d7545238d5d0fd54eed43c7c0fb174
	* src/visibility.c (ntbtls_x509_cert_new): Remove
	(ntbtls_x509_cert_release): Remove.
	(ntbtls_x509_append_cert): Remove.

	New macro ntbtls_check_context.
	+ commit 4e4d5a4c436ecf2d2ae96b61b2c0cfc177f585b7
	* src/ntbtls.h.in (ntbtls_check_context): New macro.
	* src/visibility.c (_ntbtls_check_context): New function.
	* src/libntbtls.def, src/libntbtls.vers: Add _ntbtls_check_context.
	* configure.ac (SIZEOF_UNSIGNED_LONG): Define.
	* src/context.h (NTBTLS_CONTEXT_MAGIC): New constant.
	(_ntbtls_context_s): New field 'magic'.
	* src/debug.c (_ntbtls_debug_bug): Always print a message.
	* src/protocol.c (_ntbtls_new): Set MAGIC.
	(_ntbtls_release): Test MAGIC.

	New function ntbtls_get_hostname.
	+ commit 59b779b8c0f7bb22c48527f8ed8d1d28acc8bad3
	* src/ntbtls.h.in (ntbtls_get_hostname): New.
	* src/protocol.c (_ntbtls_get_hostname): New.
	* src/visibility.c, src/visibility.h: Export ntbtls_get_hostname.
	* src/libntbtls.def, src/libntbtls.vers: Ditto.

2017-02-20  Werner Koch  <wk@gnupg.org>

	Implement wildcards for hostname checking.
	+ commit 19d9776ac40e7ff9fcfed7838ff8261ba8d61fac
	* src/x509.c (count_labels): New.
	(check_hostname): Implement wildcards.

	ntbtls-cli: New option --head and use a default SNI.
	+ commit cd1bbb3182178fa1db487d8a1bcbc1647201ba97
	* src/ntbtls-cli.c (opt_head): New var.
	(simple_client): Request "HEAD".
	(main): Add option --head.  Use default SNI value.

	Implement hostname checking.
	+ commit 379c449b6fa539f188fc1d7666ceae17c40a645a
	* src/x509.c (struct dn_array_s): New.
	(release_dn_array): New.
	(parse_dn_part): New.
	(parse_dn): New.
	(check_hostname): New.
	(_ntbtls_x509_check_hostname): New.
	* src/protocol.c (_ntbtls_read_certificate): Add hostname check.

	New function ntbtls_set_log_handler.
	+ commit 204627b9fd5d67a87a8bee9e2ac3345c06f4c0d8
	* src/ntbtls.h.in (ntbtls_log_handler_t): New type.
	(ntbtls_set_log_handler): New.
	* src/visibility.c (ntbtls_set_log_handler): New.
	* src/visibility.h (ntbtls_set_log_handler): Mark visible.
	* src/libntbtls.def: Add ntbtls_set_log_handler.
	* src/libntbtls.vers: Add ntbtls_set_log_handler.
	* src/debug.c (log_handler, log_handler_value): New vars.
	(_ntbtls_set_log_handler): New.
	(_ntbtls_set_debug): Do not re-set the prefix.
	(_ntbtls_debug_msg): Divert to a log handler.

	* src/util.c (_ntbtls_trim_trailing_spaces): New.
	(ascii_toupper): New.
	(_ntbtls_ascii_strcasecmp): New.
	* src/util.h (spacep, digitp, alphap, alnump, hexdigitp): New macros.
	(ascii_isspace): New macro.
	(atoi_1, atoi_2, atoi_4, xtoi_1, xtoi_2, xtoi_4): New macros.

2017-02-19  Werner Koch  <wk@gnupg.org>

	Change verification API to use a callback.
	+ commit f9552b3c9f2c9705b2715f8a90479bfc600c61d6
	* src/ntbtls.h.in: Include ksba.h.
	(ntbtls_verify_cb_t): New type.
	(ntbtls_set_ca_chain): Remove prototype.
	(ntbtls_set_verify_cb): New.
	(ntbtls_x509_get_peer_cert): New.
	* src/visibility.c (ntbtls_set_ca_chain): Remove.
	(ntbtls_set_verify_cb): New.
	(ntbtls_x509_get_peer_cert): New.
	* src/visibility.h (ntbtls_set_ca_chain): Remove
	(ntbtls_set_verify_cb): Mark visible.
	(ntbtls_x509_get_peer_cert): Ditto.
	* src/libntbtls.def (ntbtls_set_ca_chain): Remove.
	(ntbtls_set_verify_cb, ntbtls_x509_get_peer_cert): New.
	* src/libntbtls.vers (ntbtls_set_ca_chain): Remove.
	(ntbtls_set_verify_cb, ntbtls_x509_get_peer_cert): New.

	* src/context.h (_ntbtls_context_s: Remove 'ca_chain' and
	'crl_chain'.  Add 'verify_cb' and 'verify_cb_value'.
	* src/protocol.c (_ntbtls_read_certificate): Call verify callback.
	(session_deinit): Remove superfluous conditional.
	(_ntbtls_set_ca_chain): Remove.
	(_ntbtls_set_verify_cb): New.
	* src/x509.c (x)509_cert_s): Remove fields 'fpr', 'is_self_signed',
	and 'is_valid'.
	(_ntbtls_x509_verify): Remove
	(_ntbtls_x509_get_cert): Fix use of IDX.
	(_ntbtls_x509_get_peer_cert): New.

2017-01-27  Werner Koch  <wk@gnupg.org>

	In debug mode write some infos about the certificates.
	+ commit b5cbe683800f431737fa47d96edd9e5bdbeb374b
	* src/debug.c (_ntbtls_debug_msg): Add hack to not print the final LF.
	(_ntbtls_debug_crt): New.
	* src/util.h (debug_crt): New macro.
	* src/x509.c (x509_log_serial, x509_log_time): New.
	(_ntbtls_x509_log_cert): New.
	* src/protocol-cli.c (read_server_hello): Tweak debug levels.
	* src/protocol.c (_ntbtls_read_certificate): Call debug_crt.

2017-01-20  NIIBE Yutaka  <gniibe@fsij.org>

	configure: Add check for sys/socket.
	+ commit af472e2554bf8b8ed0c3387a7625a65792e85ffb
	* configure.ac (gl_HEADER_SYS_SOCKET): Add.
	* m4/sys_socket_h.m4: New from gnupg.
	* src/Makefile.am (libntbtls_la_LIBADD, ntbtls_cli_LDADD): Fix.

	Fix ntbtls-cli.c for Windows.
	+ commit 33f3b5f298ded3c34b65bc08ee714294c9918411
	* src/ntbtls-cli.c: Include files fix.

	Add src/versioninfo.rc.in.
	+ commit 876e1b298022b84277890036b84d3d94452c9a1e
	* src/versioninfo.rc.in: New.
	* src/Makefile.am (EXTRA_DIST): Add versioninfo.rc.in.
	* configure.ac: Add versioninfo.rc output.

2017-01-19  NIIBE Yutaka  <gniibe@fsij.org>

	Add missing m4/libtool.m4.
	+ commit 2832bfe5373fc1967e0af5d71f9db6af4e35059c
	* m4/Makefile.am (EXTRA_DIST): Update.
	* m4/libtool.m4: New.

	Fix ciphersuite version check.
	+ commit 190afc87b3fd6742398fa67cf5dd3469233c0529
	* src/ciphersuites.c (_ntbtls_ciphersuite_version_ok): Fix.

	Release CA at ntbtls_release.
	+ commit 983512851b9052720bd65eb582bbfbd612441a21


	Rename ntbtls_x509_* to ntbtls_x509_cert_*.
	+ commit 61d4d3eff76c1321796b56860219104affb24992


	Expose x509 certificate API.
	+ commit 171038778ea3d5acfeca6eb2b34b8041f9d9bf9a


	Expose ntbtls_set_ca_chain API.
	+ commit 8ae0bdff28ffabc9018da032fb207872cab7368a


	Use hostname removing peer_cn.
	+ commit 4c5dc1776227c81d106e177e231fc43c2d044f66
	* src/context.h (struct _ntbtls_context_s): Remove peer_cn field.
	* src/protocol.c (_ntbtls_read_certificate): Use ->hostname.

2017-01-18  NIIBE Yutaka  <gniibe@fsij.org>

	Move pk_encrypt into pkglue.c.
	+ commit 58ce55fefaf450c534622fea63d073dac8f218de
	* src/x509.c (_ntbtls_x509_pk_encrypt): Renaming and move to...
	* src/pkglue.c (_ntbtls_pk_encrypt): Here.  Use _ntbtls_x509_get_pk.
	* src/protocol-cli.c (write_encrypted_pms): Follow the rename.

2017-01-17  NIIBE Yutaka  <gniibe@fsij.org>

	Implement public key encryption in write_encrypted_pms.
	+ commit 86d3ccebd64da692ef03a95da015ca68b8c2e938
	* src/x509.c (ntbtls_x509_pk_encrypt): New.
	* src/protocol-cli.c (write_encrypted_pms): Call
	ntbtls_x509_pk_encrypt.

2017-01-16  NIIBE Yutaka  <gniibe@fsij.org>

	Ignore non-fatal TLS_ALERT_MSG.
	+ commit c9231ca6c256708d6e8d583f54bb339d4c6e14c7
	* src/protocol.c (_ntbtls_read_record): Skip to next message.

2016-12-13  NIIBE Yutaka  <gniibe@fsij.org>

	Fix EOF handling.
	+ commit 907219a13b74e4903cc776bd70519cc23a98c227
	* src/protocol.c (_ntbtls_fetch_input): Return GPG_ERR_EOF.

	Modify autogen.sh for git workflow.
	+ commit 9750f0dd64f224e679cfcde8c73f913d431b3964
	* autogen.sh: Fix to check .git directory.

2016-07-13  Werner Koch  <wk@gnupg.org>

	Small debug message improvement.
	+ commit 3a713a5d97f8e19bebf534120fa1d87edd2c9401
	* src/protocol-cli.c (parse_signature_algorithm): Show algo names in
	debug messages.
	* src/util.h: Use the offical GPGRT_ATTR_PRINTF.

	build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
	+ commit 755226dac18a10f56f765a44b9b92509e4963cbd
	* build-aux/config.guess: Update.
	* build-aux/config.sub: Update.

2015-08-25  Werner Koch  <wk@gnupg.org>

	Make --disable-build-timestamp the default.
	+ commit 69809bcb2904b1cb223348afbdabf0c7bf5ef558
	* configure.ac (BUILD_TIMESTAMP): Default to "<none>".

2015-06-24  Werner Koch  <wk@gnupg.org>

	Change state handler names from parse_* to read_*.
	+ commit 94ad8969257ea19ce9ae3bdf98ed6230e56d0805


	Rework some debug messages.
	+ commit c82ad134f10620db6d9395f584cd6b3f2319c237
	* src/protocol.c (_ntbtls_state2str): New.
	* src/ntbtls-cli.c (simple_client): Send some headers.

2015-06-23  Werner Koch  <wk@gnupg.org>

	Use buffer to int conversion macros and other cleanups.
	+ commit 5da1924db8bc9dc3283aa66adbef5cedad4a4be6
	* src/util.h (buf16_to_uint, buf16_to_size_t)
	(buf24_to_size_t, buf32_to_u32): New.  Use them where approriate.

	* src/protocol.c (is_aead_mode): New.  Use instead of explicit
	conditionals.
	(encrypt_buf, decrypt_buf): Add error checking.

	* src/protocol-cli.c (parse_server_dh_params): Set lower limit to
	1024.
	(parse_server_psk_hint): Check length of length header.

2014-12-28  Werner Koch  <wk@gnupg.org>

	Code cleanup of the server hello parser.
	+ commit a41846450b37a2dd44d732fe0e61466d183f381f
	* src/protocol-cli.c (parse_server_hello): Use meaningful var name and
	change strange loop construct.

	Add Lucky Thirteen protection.
	+ commit 11e5666cf4576d57bc8beb601a44c03642ee6b5c
	* src/protocol.c (decrypt_buf): Keep on hashing.

	Use new error code GPG_ERR_REQUEST_TOO_LONG.
	+ commit a28c9e756eec9798e5f33b6f5f85bd52efb8a661
	* src/protocol.c (_ntbtls_fetch_input): Change error code.

	Add some comments.
	+ commit 57876545cc6b12ade5ba9bb7d5d48c30eebae972
	* src/ntbtls-cli.c (main): Add option --help.

	Remove unused code for stream modes.
	+ commit 35ceea0149853c43438472d2b0c8419c82798aa2
	* src/protocol.c (_ntbtls_derive_keys, encrypt_buf)
	(decrypt_buf): Remove cipher_mode_stream branches.

2014-10-02  Werner Koch  <wk@gnupg.org>

	Add ntbtls_set_hostname.
	+ commit edbd2d22fab66c2bdc7dc2666aeb5b9e949aee9b


2014-10-01  Werner Koch  <wk@gnupg.org>

	More changes - first successful handshake.
	+ commit e51efcab2b4fb9383dae56f639d12e1b704a59ee
	* src/dhm.c: New.
	* src/pkglue.c: New.
	* src/util.c: New.

	Add ciphersuites code from PolarSSL.
	+ commit 9fb4d1d1a12fec458c758f22c84c6956315491e0
	* src/ciphersuites.c: New. Change license from GPLv2+ to GPLv3+.  Some
	editorial changes.
	* src/ciphersuites.h: New. Ditto.

	Replaced error codes by libgpg-error and other changes.
	+ commit 9d11c0356b6c5a686f36ee2b8601f7e0dfcd2df0


	Remove most non-TLS-1.2 stuff and most configure options - part 2.
	+ commit 2305e06e786b92d56b8dcf7fb61de466d4d2f95e
	* src/protocol-cli.c, src/protocol-srv.c: Simplify.

2014-09-16  Werner Koch  <wk@gnupg.org>

	Add new header files and rename ssl_{tls,cli,srv}.c.
	+ commit 665d29cb2f28b91d36c79f9acfd609a05ce621d2
	* src/util.h: New.
	* src/ntbtls-int.h: New.
	* src/ssl_tls.c: Rename to protocol.c.
	* src/ssl_cli.c: Rename to protocol-cli.c.
	* src/ssl_srv.c: Rename to protocol-srv.c.
	* src/protocol.c, src/protocol-cli.c, src/protocol-srv.c: Change
	license from GPLv2+ to GPLv3+.  Replace most include files by
	ntbtls-int.h.
	(polarssl_zeroize): Remove.  Change callers to use wipememory.

2014-09-15  Werner Koch  <wk@gnupg.org>

	Add wipemem.h.
	+ commit 7c838d620b7fec057816831b00e92e50e2af3b8e
	* src/wipemem.h: New.

	Add some build environment files.
	+ commit 0b42607158b370a1950ea00e5b2fa0d927d228f4


	Remove most non-TLS-1.2 stuff and most configure options.
	+ commit 6b265ce7b42a701f25705513fb4c713da730fd35


        -----
	Copyright (C) 2014 g10 Code GmbH

	Copying and distribution of this file and/or the original GIT
	commit log messages, with or without modification, are
	permitted provided the copyright notice and this notice are
	preserved.
