[gnutls-dev] GnuTLS 1.7.8

Simon Josefsson simon at josefsson.org
Mon Apr 16 16:33:49 CEST 2007

A long overdue release...  Remember, the GnuTLS 1.7.x branch is NOT
what you want for your stable system.  It is intended for developers
and experienced users.

* Version 1.7.8 (released 2007-04-16)

** Added examples for the authorization extension.
See doc/examples/ex-client-authz.c and doc/examples/ex-serv-authz.c.

** The examples only use gnutls_set_default_priority().
The exception is when DH_ANON is needed.

** Improve gnutls_set_default_priority() priorities.
The new approach is for it to try and negotiate all secure and
standard mechanisms available.  Currently, DH_ANON ciphersuites and
LZO compressions are not enabled by default, because they are,
respectively, insecure and non-standardized.  Note that TLS 1.2 will
not be enabled by default in non-experimental release until it has
been approved by the IETF.

** gnutls-cli and gnutls-serv now uses the library's default priorities.
This means that to get DH_ANON and LZO compression, you'll need to
specify that manually using '--kx anon' or '--comp lzo'.

** Minor fixes to the human display format of X.509 certificates.

** New APIs to extract Distinguished Name's from X.509 certificates.
Based on patch from Howard Chu <hyc at symas.com>.

** Improved library searching for opencdk.
It will now add the appropriate -R or -Wl,-rpath flags as necessary.
The deprecated opencdk.m4 is no longer used.

** New APIs to list supported algorithms in the library.
The APIs are gnutls_cipher_list, gnutls_mac_list,
gnutls_compression_list, gnutls_protocol_list,
gnutls_certificate_type_list, gnutls_kx_list, and
gnutls_cipher_suite_info.  Suggested by Howard Chu <hyc at symas.com>.

** The gnutls_x509_crt_get_key_id API now handle non-RSA/DSA keys.

** New configure option --disable-tls-authorization to disable tls-authz.

** Fix prototype for `gnutls_psk_set_client_credentials'.
The last parameter was renamed from 'flags' to 'format' and the type
changed from 'unsigned int' to 'gnutls_psk_key_flags' (an enum type),
which shouldn't cause any ABI changes.  Reported by ludo at chbouib.org
(Ludovic Courtès).

** API and ABI modifications:
gnutls_x509_dn_t: ADD.
gnutls_x509_ava_st: ADD.
gnutls_x509_crt_get_issuer: ADD.
gnutls_x509_dn_get_rdn_ava: ADD.
gnutls_cipher_list: ADD.
gnutls_mac_list: ADD.
gnutls_compression_list: ADD.
gnutls_protocol_list: ADD.
gnutls_certificate_type_list: ADD.
gnutls_kx_list: ADD.
gnutls_cipher_suite_info: ADD.

Here are the compressed sources (4.3MB):

Here are GPG detached signatures signed using key 0xB565716F:

Here are the SHA-1 and SHA-224 checksums:

9ac5719cf96061203be7e8c1c475bc871da4c67c  gnutls-1.7.8.tar.bz2
f6ed3fd8723c270bf304991d5db093772f781a7d  gnutls-1.7.8.tar.bz2.sig

9b2ecd4416b73d758f0f63eaa8bc5e083d62dc3eef8ea721cb4ca678  gnutls-1.7.8.tar.bz2
bc4a79862d00fe6ed15b1da540a86ef8b78bb65199fdfe0017dff4b6  gnutls-1.7.8.tar.bz2.sig

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20070416/b17d68ef/attachment.pgp>

More information about the Gnutls-devel mailing list