[gnutls-dev] GnuTLS 1.5.1 - experimental

Simon Josefsson jas at extundo.com
Thu Sep 21 16:37:43 CEST 2006

I am happy to announce GnuTLS 1.5.1, the second release on our current
development branch.  We still recommend the 1.4.x branch as the stable

One goal with the 1.5.x branch is to make Windows x86 a supported
platform for GnuTLS.  We do this by providing a binary Windows
installer of GnuTLS, cross-compiled from GNU/Linux using MinGW and
NSIS.  The installer is (lightly) tested on Windows 2000 and Windows
XP.  It is possible to develop applications in Visual Studio or MinGW
that links to the library.  See a separate announcement for the binary
installer for this release.

And yes, the patches for the security problem fixed by 1.4.4 are
included in this release too.

GnuTLS is a modern C library that implement the standard network
security protocol Transport Layer Security (TLS), for use by network

* Version 1.5.1 (released 2006-09-21)

** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's
** Crypto 06 rump session attack.
In particular, we check that the digestAlgorithm.parameters field is
missing or empty, to avoid that it can contain "garbage" that may be
used to alter the numeric properties of the signature.  See
<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is
not exactly the same as the problem we fix here).  Reported by Yutaka
OIWA <y.oiwa at aist.go.jp>.

See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more
up to date information.

** Add self test to test for above flaw.

** Fix gnutls-cli-debug regarding resume support detection.
Earlier, if the session-id from the server had a length of 0, it would
indicate the the server supports resumption, which isn't the case.
Reported by Kataja Kai <kai.kataja at op.fi>.

** Fix building of examples on FreeBSD by including netinet/in.h.
Reported by Roman Bogorodskiy <novel at FreeBSD.org>.

** Fix certtool bug that caused the private key to not be loaded when
generating a certificate with --load-request, which in turn triggered
another unrelated bug in gnutls_x509_crt_sign2 (also fixed).  Reported
by Sascha Ziemann <sascha.ziemann at secunet.com>.

** gnutls-cli and gnutls-serv works on Windows.
The problem was the select() call that doesn't work on file
descriptors (stdin) on Windows.  We borrowed some code from plibc to
solve this.  It appears to be somewhat unreliable though.

** Autoconf 2.60 is now used.

** API and ABI modifications:
No changes since last version.

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

All manual formats are available from:

Direct link to the most popular formats:
  http://www.gnutls.org/manual/gnutls.html - HTML format
  http://www.gnutls.org/manual/gnutls.pdf  - PDF format
  http://www.gnutls.org/reference/ch01.html  - API Reference, GTK-DOC HTML

If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:

The project page of the library is available at:
  http://josefsson.org/gnutls/ (updated fastest)

Here are the compressed sources (4.1MB):

Here are GPG detached signatures signed using key 0xB565716F:

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:

pub   1280R/B565716F 2002-05-05 [expires: 2007-02-15]
uid                  Simon Josefsson <jas at extundo.com>
uid                  Simon Josefsson <simon at josefsson.org>
sub   1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15]
sub   1024R/09CC4670 2006-03-18 [expires: 2007-04-22]
sub   1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22]
sub   1024R/A14C401A 2006-03-18 [expires: 2007-04-22]

The key is available from:

Here are the SHA-1 and SHA-224 checksums:

116cdb641fe176b4f834a2709635eeeb3bf0dd73  gnutls-1.5.1.tar.bz2
ab2a7e281c288bd928dd7fc750e75ff3beb913b6  gnutls-1.5.1.tar.bz2.sig

ebf5fadf425f93f04d1eddd71a0940a2d3a97455393be1cb38d92fc5  gnutls-1.5.1.tar.bz2
c5d049ab7df89053b7634285c74c9036963599caba7d6584c4abd14c  gnutls-1.5.1.tar.bz2.sig

Nikos and Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20060921/5153d20c/attachment.pgp>

More information about the Gnutls-devel mailing list