Log message:
Update comment:
Assembler support is still broken under Mac OS X in version 3.2.9.
Somebody should re-check Solaris as well.

Log message:
Update to 3.2.9 based on patch from Richard Palo.
Assembler issues still seem to be there at least on SunOS.

* Version 3.2.9 (released 2014-01-24)

** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.

** libgnutls: %COMPAT implies %DUMBFW.

** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.

* libgnutls: In PKCS #11 allow deleting multiple non-certificate data.

** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
configure option --with-default-trust-store-pkcs11), then the PKCS #11
token is used on demand to obtain the trusted anchors, rather than
preloading all trusted certificates. That delegates CA certificate management
and blacklist checking to the PKCS #11 module.

** libgnutls: When a PKCS #11 trust store is specified in configure option
or in gnutls_x509_trust_list_add_trust_file(), then the module is used
to obtain the verification anchors and any required blacklists as in
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html

** libgnutls: Fix in OCSP certificate status extension handling
in non-blocking servers. Patch by Nils Maier.

** p11tool: Added --so-login option to force login as security
officer (admin).

** API and ABI modifications:
No changes since last version.

Log message:
Disable inline assembly on SunOS for now too.

Log message:
Disable assembler code under Mac OS X which is broken in this release.

Log message:
Update to 3.2.8.1.

Changes in 3.2.8.1:
Note, that I've realized that this release has issues with the
assembly files in win32 and macosx systems. In these systems
use gnutls 3.2.8.1.

3.2.8:

* Version 3.2.8 (released 2013-12-20)

** libgnutls: Updated code for AES-NI. That prevents an uninitialized
variable complaint from valgrind.

** libgnutls: Enforce a maximum size for DH primes.

** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy Polyakov's
code.

** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code.

** libgnutls: It only links to librt if the required functions are
not present in libc. This also prevents an indirect linking to libpthread.

** libgnutls: Fixed issue with gnulib strerror replacement by adding
the strerror gnulib module.

** libgnutls: The time provided in the TLS random values is only precise
on its first 3 bytes. That prevents leakage of the precise system
time (at least on the client side when only few connections are
done on a single server).

** certtool: The --verify option will use the system CAs if the
load-ca-certificate option is not provided.

** configure: Added option --with-default-blacklist-file to allow
specifying a certificate blacklist file.

** configure: Added --disable-non-suiteb-curves option. This option
restricts the supported curves to SuiteB curves.

** API and ABI modifications:
gnutls_record_check_corked: Added

Log message:
Disable autogen detection.
Addresses PR 48523 by Kai-Uwe Eckhardt.

Log message:
Update to 3.2.7:

* Version 3.2.7 (released 2013-11-23)

** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in
GCM ciphers (previously it returned the implicit IV used in TLS).

** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided
with a PKCS #11 URL pointing to a certificate, will attempt to load the whole
chain.

** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid
looking in unrelated to the object tokens.

** libgnutls: Added an experimental %DUMBFW option in priority strings. This
avoids a black hole behavior in some firewalls by sending a large client hello.
See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html

** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number
will force output of debug messages to stderr.

** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set()
is used with another protocol than the GNUTLS_DTLS0_9 protocol.

** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined
expiration date when (time_t)-1 is specified as date.

** libgnutls: Session tickets are encrypted using AES-GCM.

** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.

** libgnutls: Forbid all compression methods in DTLS.

** gnutls-serv: Fixed issue with IPv6 address in UDP mode.

** certtool: When exporting an encrypted PEM private key do not output the key
parameters.

** certtool: Expiration days template option allows for a -1 value which
will set to the no well defined expiration date (RFC5280), and no longer
chokes on integer overflows. Suggested by Stefan Buehler.

** certtool: Added new template options: 'activation_date', and
'expiration_date'.

** tools: The environment variable GNUTLS_PIN can be used to read any PIN
requested from tokens.

** tools: The installed version of libopts is used if the autogen tool is
present.

** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported

Log message:
Add --without-tpm to configure arguments to have consistency across
platforms.
Reported by Richard PALO.

Log message:
Update to 3.2.6:

* Version 3.2.6 (released 2013-10-31)

** libgnutls: Support for TPM via trousers is now enabled by default.

** libgnutls: Camellia in GCM mode has been added in default priorities, and
GCM mode is prioritized over CBC in all of the default priority strings.

** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.

** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.
Reported by Stefan Buehler.

** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.

** libgnutls: Minimum acceptable DH group parameters were increased to 767
bits from 727.

** libgnutls: Added function to obtain random data from PKCS #11 tokens.
Contributed by Wolfgang Meyer zu Bergsten.

** gnulib: updated.

** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
previous fix. Reported by Tomas Mraz.

** p11tool: Added option generate-random.

** API and ABI modifications:
gnutls_pkcs11_token_get_random: Added

Log message:
Update to 3.2.5:

* Version 3.2.5 (released 2013-10-23)

** libgnutls: Documentation and build-time fixes.

** libgnutls: Allow the generation of DH groups of less than 700 bits.

** libgnutls: Added several combinations of ciphersuites with SHA256 and SHA384 \ 
as MAC,
as well as Camellia with GCM.

** libdane: Added interfaces to allow initialization of dane_query_t from
external DNS resolutions, and to allow direct verification of a certificate
chain against a dane_query_t. Contributed by Christian Grothoff.

** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
triggered by a DNS server supplying more than 4 DANE records. Report and fix
by Christian Grothoff.

** srptool: Fixed index command line option. Patch by Attila Molnar.

** gnutls-cli: Added support for inline commands, using the
--inline-commands-prefix and --inline-commands options. Patch by Raj Raman.

** certtool: pathlen constraint is now read correctly. Reported by
Christoph Seitz.

** API and ABI modifications:
gnutls_certificate_get_crt_raw: Added
dane_verify_crt_raw: Added
dane_raw_tlsa: Added

* Version 3.2.4 (released 2013-08-31)

** libgnutls: Fixes when session tickets and session DB are used.
Report and initial patch by Stefan Buehler.

** libgnutls: Added the RSA-PSK key exchange. Patch by by Frank Morgner,
based on previous patch by Bardenheuer GmbH and Bundesdruckerei GmbH.

** libgnutls: Added ciphersuites that use ARCFOUR with ECDHE. Patch
by Stefan Buehler.

** libgnutls: Added the PFS priority string option.

** libgnutls: Gnulib included files are strictly LGPLv2.

** libgnutls: Corrected gnutls_certificate_server_set_request().
Reported by Petr Pisar.

** API and ABI modifications:
gnutls_record_set_timeout: Exported