Version 0.5.5 (3/09/2002)
- Updated the SRP implementation to the latest draft. The blowfish
  crypt implementation was removed, since the new draft does not allow
  other hash algorithms except for the srpsha. 
- Renamed all the constructed types in order to have more consistent
  names. 
- Improved the certificate and key read functions. Now they can read 
  the certificate and the private key from the same file.
- Updated and corrected documentation.

Version 0.5.4 (27/08/2002)
- Fixes in TLS 1.0 PRF and SSL3 random functions.
- gnutls_handshake_set_exportable_detection() was obsoleted.
- Added gnutls_openpgp_extract_key_id() which returns the key ID.
- Corrected bug in DHE key exchange
- Added support for temporary RSA keys which are needed for the
  export cipher suites.
- Added the TLS_RSA_EXPORT_ARCFOUR_40_MD5 ciphersuite.

Version 0.5.3 (23/08/2002)
- No changes. Replaces the tarball of 0.5.2 which accidentaly contained
  code from the unstable branch.

Version 0.5.2 (22/08/2002)
- Added an error code that is returned in clients which connect
  to export only servers. This must be enabled using the
  gnutls_handshake_set_exportable_detection() function.
- Updated openssl compatibility layer.
- Added gnutls_handshake_get_direction() function which returns
  the state of the handshake when interrupted.

Version 0.5.1 (17/07/2002)
- Corrected the m4 macros which used <gnutls.h> instead of
  <gnutls/gnutls.h>
- Documentation fixes
- Added gnutls_transport_set_ptr2() function, which accepts two
  different pointers, to be used while receiving, and 
  while sending data.
- Semantic changes in gnutls_record_set_max_size(). The requested
  size is now immediately enforced at the output buffers.
- gnutls_global_init_extra() now fails if the library versions do
  not match.
- Fixes in client and server example programs. Null encryption can
  be used in these programs, to assist in debuging.
- Fixes in zlib compression code.

Version 0.5.0 (6/07/2002)
- Added X.509 certificate tests in tests/ directory
- Removed stubs for SRP and Anonymous authentication. They served
  no purpose since they are always included, unless it was requested
  not to do so.
- Added gnutls_handshake_set_private_extensions() function. This
  function can be used to enable private (gnutls specific) cipher suites
  and compression algorithms.
- Added check for C99 macro support by the compiler.
- Added functions gnutls_b64_encode_fmt2() and gnutls_b64_decode_fmt2()
- Added the new libtasn1 library.
- Removed the gdbm backend. Applications are now responsible for the
  session resuming backend. The gnutls-serv application contains an
  simple example on how to use gdbm for resuming.
- Headers for the gnutls library are now installed in $(includedir)/gnutls
- Added an OpenSSL compatible interface (with some limitations).
- Added functions to convert DER encoded certificates to XML format.

Version 0.4.4 (24/06/2002)
- Corrected bug in PKCS-1 RSA encryption which prevented gnutls to encrypt
  using keys of some specific size.

Version 0.4.3 (23/05/2002)
- The gnutls-extra library now compiles fine, if the opencdk library is
  not present.
- Several bug fixes.
- Added gnutls_global_set_mem_func() function, to set the memory allocation
  functions, if other than the defaults are to be used.
- The default memory allocation functions are now the ones in libc.

Version 0.4.2 (21/05/2002)
- Separated ASN.1 structures parser documentation and TLS library
  documentation.
- Added gnutls_handshake_set_rsa_pms() function, which disables the
  version check in RSA premaster secret.
- Added gnutls_session_is_resumed() function, which reports if a session
  is a resumed one.
- Added gnutls_state_set_ptr() and gnutls_state_get_ptr() functions, to
  assist in callback functions.
- Replaced the included 1024 bit prime for Diffie Hellman, with a new
  random one.
- Relicensed the library under the GNU Lesser General Public License
- Added gnutls-extra library which contains the GPL covered code of gnutls.

Version 0.4.1 (7/04/2002)
- Now uses alloca() for temporary variables
- Optimized RSA signing
- Added functions to return the peer's certificate activation and
  expiration time.
- Corrected time function's behaviour (the time value returned no longer
  relate to local timezone).

Version 0.4.0 (1/04/2002)
- Added support for RFC2630 (PKCS7) X.509 certificate sets
- Added new functions: gnutls_x509_extract_certificate_pk_algorithm(),
  gnutls_openpgp_extract_key_pk_algorithm().
- Several optimizations in the Handshake protocol
- Several optimizations in RSA algorithm
- Unified the return values because of small buffers.

Version 0.3.92 (23/03/2002)
- Updated documentation
- Combined error codes of ASN.1 parser and gnutls
- Removed GNUTLS_CERT_TRUSTED from the CertificateStatus enumeration
- Added protection against CBC chosen plaintext attack (disabled by default)
- Improved and optimized compression support

Version 0.3.91 (3/03/2002)
- Added gnutls-cli-debug program
- Corrections in session resumption
- Rehandshake can now handle negotiation of different authentication
  type.
- gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are 
  now being installed.

Version 0.3.90 (24/02/2002)
- Handshake messages are not kept in memory any more. Now we use 
  less memory during a handshake
- Added support for certificates with DSA parameters
- Added DHE_DSS cipher suites
- Key exchange methods changed so they do not depend on the 
  certificate type. Added certificate type negotiation TLS extension.
- Added openpgp key support (EXPERIMENTAL)
- Improved Diffie Hellman key exchange support.
- Bug fixes in the RSA key exchange.
- Added check for the requested TLS extensions
- TLS extensions now use a 16 bit type field.
- Added a minimal string library to assist in ASN.1 parsing
- Changes in ASN.1 parser to work with the new bison
- Added gnutls_x509_extract_subject_alt_name(), which deprecates 
  gnutls_x509_extract_subject_dns_name()
- gnutls_x509_set_trust_(file/mem) can now be called multiple times
- gnutls_srp_server_set_cred_file() can now be called multiple times

Version 0.3.5 (25/01/2002)
- Corrected the RSA key exchange method, to avoid attacks against
  PKCS-1 formating.

Version 0.3.4 (20/01/2002)
- Corrected bugs in DHE_RSA key exchange method

Version 0.3.3 (19/01/2002)
- Added gnutls_x509pki_verify_certificate()
- Added gnutls_x509pki_set_trust_mem() and gnutls_x509pki_set_key_mem()
- Bug fixes in srpcrypt (based on patch by Marc Huber)
- Bug fixes in the Handshake protocol (based on patch by Guillaume Morin)
- Corrected library versioning

Version 0.3.2 (5/01/2002)
- Corrected bug which did not allow a client to accept multiple CA names
- Added gnutls_fingerprint()
- Added gnutls_x509pki_extract_certificate_serial()
- Added gnutls_b64_encode_fmt() and gnutls_b64_decode_fmt()
- Corrected behaviour in version advertizing
- Updated documentation
- Prefixed all types in gnutls.h with 'GNUTLS_' to avoid namespace collisions

Version 0.3.1 (21/12/2001)
- Corrections in the configuration files
- Fixes a bug in anonymous authentication

Version 0.3.0 (17/12/2001)
- Corrected bug in new integer formatting (now we use the old format again)
- Several corrections and usual cleanups

Version 0.2.91 (10/12/2001)
- Fixes in MPI handling (fixes possible bug with signed integers)
- Removed name indication extension
- Added gnutls_transport_get_ptr() and gnutls_db_get_ptr()
- Optimizations in server certificate callback.
- Fixes in anonymous authentication
- Corrections in client ciphersuite selection

Version 0.2.90 (7/12/2001)
- gnutls_handshake(), gnutls_read() etc. functions no longer require
  the 'SOCKET cd' argument. This argument is set using the function
  gnutls_set_transport_ptr().
- introduced gnutls_x509pki_get_peer_certificate_list(). This function returns
  a list containing peer's certificate and issuers DER encoded.
- Updated X.509 certificate handling API
- Added callback to select the server certificate
- More consistent function naming (changes in several function names)
- Buffer overflow checking in ASN.1 structures parser
- Updated documentation

Version 0.2.11 (16/11/2001)
- Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value
  is returned, then the caller should perform a handshake or send
  an alert to the peer.
- Made receive buffer dynamic. Normaly if no large chunks are received
  it occupies less space.
- Added max_record_size extension
- Bugfixes in session handling
- Improved non blocking IO support in the Handshake Protocol
- Usual bugfixes and cleanups
- Documentation updated (includes ASN.1 documentation)

Version 0.2.10 (5/11/2001)
- Corrected bugs and improved non blocking IO
- Added hooks to use external database to store sessions
- Usual cleanups

Version 0.2.9 (27/10/2001)
- AUTH_INFO types and structures were moved to library internals
- AUTH_FAILED is no longer returned in SRP authentication
  (any fatal error in SRP means auth failed)
- Introduced GNUTLS_E_INTERRUPTED
- Added support for non blocking IO
- gnutls_recv() and gnutls_send() are now obsolete
- Changed semantics of gnutls_rehandshake()

Version 0.2.4 (12/10/2001)
- Better handling of X.509 certificate extensions
- Added DHE_RSA ciphersuites
- Updated the Name Indication (dnsname) extension
- Improvements in Diffie Hellman primes handling

Version 0.2.3 (19/09/2001)
- Memory optimizations in gnutls_recv()
- Fixed several memory leaks
- Added ability to specify callback for x509 client certificate selection
- Better documentation

Version 0.2.2 (21/08/2001)
- Several bugfixes (library and documentation)

Version 0.2.1 (07/08/2001)
- SRP fixes

Version 0.2.0 (07/08/2001)
- Partial support for X.509v3 Certificate extensions.
- Added Internal memory handlers
- Removed gnutls_x509_set_cn()
- Added X.509 client authentication
- Several bug fixes and protocol fixes

Version 0.1.9 (30/07/2001)
- Corrected bug(s) in ChangeCipherSpec packet (fixes renegotiate)
- SRP is updated to conform to the newest draft.
- Added support for DNSNAME extension.
- Reentracy fixes in ASN.1 Parsing.
- Optimizations in hash/hmac functions
- (Error) message handling has changed
- Better Protocol Version handling
- Added X.509 Certificate Verification
- gnutls_read() semantics are now closer to read(2) - added EOF
- Documented some part of gnutls in doc/tex/ using Latex

Version 0.1.4 (22/06/2001)
- Corrected (srp) base64 encoding.
- Changed bcrypt algorithm to include username.
- Added RSA Ciphersuites (no certificate checking).
- Fixes in SSL 2.0 client hello parsing.
- Added ASN.1 and DER parsers.
- Bugfixes in session resuming
- Updated Ciphersuite selection algorithm
- Added internal representation of X.509 structures.
- Added global state

Version 0.1.3 (01/06/2001)
- Updated API (and the way it is documented - we use inline documentation)
- Added function to access alert messages.
- Added support for renegotiating parameters.
- Better and Faster Resume Database handling.
- Several bugfixes

Version 0.1.2 (14/05/2001)
- Updated API
- Fixes in extension handling

Version 0.1.1 (13/05/2001)
- Added compatibility with Stanford's libsrp library

Version 0.1.0 (09/05/2001)
- Added SSL 2.0 client hello support
- GNUTLS is a gnu library
- Added support for TLS extensions.
- Added support for SRP

Version 0.0.7 (11/01/2001)
- Added server side session resuming (using gdbm)
- Added twofish algorithm

Version 0.0.6 (20/12/2000)
- Added client side session resuming
- Better documentation (check doc/API)
- Better socket handling (gnutls can be used with select())
- Some primitive support for non blocking IO and socket options has been added.

Version 0.0.5 (7/12/2000)
- Added Compression (using ZLIB)
- Added SSL 3.0 support
