+ Extension of GnuTLS' PKCS #11 support to OpenPGP, PSK and SRP
- TOFU callbacks and storage of (signed?) acceptance
- Incorporate session resumption (on both ends) (store creds in memcache?)
-- Key derivation API with the PRF functionality of TLS 1.2 (RFC 5705)
-- RFC 5705: repeated seeding labels? overlap proto-fixed ones? session revival?
++ Key derivation API with the PRF functionality of TLS 1.2 (RFC 5705)
++ RFC 5705: repeated seeding labels? overlap proto-fixed ones? session revival?
+ Error translation from GnuTLS and BerkeleyDB to errno (with detail report)
+ Transactions for an entire thread
-- Thread cleanup with pthread_setcanceltype(), pthread_cleanup_push()
+X Thread cleanup with pthread_setcanceltype(), pthread_cleanup_push()
+ Free memory as assumed by GnuTLS and BerkeleyDB API's
+ Setup server credentials for searching databases as is done in the client
- Regularly refresh DH parameters ; find out how to apply refcnt and/or locks
- Add support for TLS-KDH when GnuTLS offers it
+ Move database environment and names into configuration parameters
+ Move DH params file to a configuration parameter
-- Explain how to generate X.509 and GnuPG certificates with PKCS #11
-- Recognise callbacks with a "same" file handle as session access requests
-- Move PID file handling to daemon.c; make -k switch after new initialisation
++ Explain how to generate X.509 and GnuPG certificates with PKCS #11
++ Recognise callbacks with a "same" file handle as session access requests
++ Move PID file handling to daemon.c; make -k switch after new initialisation
+ Add autotools support with bootstrap.sh and subsequent ./configure
+ Port to the FreeBSD platform
-- Port to the Windows platform
++ Port to the Windows platform
- Port to the Mac OS X platform
-- Consider a thread pool for session passthrough (the current copycat function)
++ Consider a thread pool for session passthrough (the current copycat function)
+ Support asynchronous access to the TLS Pool in starttls_xxx() functions