This year we participate in Google Summer of code under the GNU project umbrella. To discuss ideas you may use the gnutls mailing lists. To propose a project follow the information in the Google summer of code 2012 site.
- Strict certificate path validation.
Currently GnuTLS implements a simple and straightforward certificate path validation algorithm. However a complete validation algorithm, such as the one described in RFC5280, requires the consideration of several factors that are currently ignored (certificate policies, path constraints etc). The target of this project is to implement the complete certificate path validation algorithm from RFC5280.
- RSASSA-PSS signature scheme.
Currently GnuTLS implements the PKCS #1 1.5 signature algorithm for certificate and CRL signatures. This target of this project is to enhance GnuTLS to support the PKCS #1, RSASSA-PSS signature scheme.
- TLS and DTLS extensions.
Two extensions are to be implemented:
- DTLS Heartbeat
- Certificate status request
- Faster elliptic curve scalar multiplication.
- Implementation of additional encryption schemas for PKCS #12 and PKCS #8
Improve the support for encrypted private keys and certificates, by implementing the algorithms and formats used by other popular implementations (openssl, windows).