[gnutls-dev] GnuTLS 1.7.3

Simon Josefsson simon at josefsson.org
Thu Feb 1 16:42:25 CET 2007

This is mostly to get support for Proxy Certificates (RFC 3820)
released.  Remember, the GnuTLS 1.7.x branch is NOT what you want for
your stable system.  It is intended for developers and experienced

* Version 1.7.3 (released 2007-02-01)

** New option to certtool: --generate-proxy.
This will generate a Proxy Certificate from an end entity certificate.
Proxy Certificates are documented in RFC 3820.  You will need to
specify the proxy certificate's private key with --load-privkey, the
user certificate with --load-certificate and the private key used to
sign the new proxy certificate with --load-ca-privkey.  Certtool will
query for proxy path length and the policy language OID.  Currently
only OIDs that have an empty policy are supported (which includes the
two OIDs defined by RFC 3820).

** Certtool --certificate-info now prints information for Proxy Certificates.
Before the proxy extension was just printed as DER encoded data.

** New APIs to set proxy subject names and get/set proxy cert extension.

** Fix parsing of pathLenConstraints in BasicConstraints with missing cA.

** Added self-test to test for regressions of pathLenConstraint bug.
Incidentally, this also test (some) other regressions or changes in
the output from certtool --certificate-info.

** When certtool generates CA certificates, pressing enter on the path
** length constraint query will now remove the field.
Before it set the path length constraint to 0, which is a rather poor

** Certtool now print times in UTC when printing certificate/CRL info.

** Add better fix to work around C++ compiler bug on Mac OS X.
Reported and tiny patch provided by Matthias Scheler <tron at NetBSD.org>.

** Fix import of ASCII armored OpenPGP keys.
Patch by ludovic.courtes at laas.fr (Ludovic Courtès).

** API and ABI modifications:
gnutls_x509_crt_set_proxy_dn: ADD.
gnutls_x509_crt_set_proxy: ADD.
gnutls_x509_crt_get_proxy: ADD.

Here are the compressed sources (4.1MB):

Here are GPG detached signatures signed using key 0xB565716F:

Here are the SHA-1 and SHA-224 checksums:

c16cd860fb07d2c431bf9d160fe71c3afb18d46a  gnutls-1.7.3.tar.bz2
82e2ee965d6add0daab99ce895d18a697999ce5a  gnutls-1.7.3.tar.bz2.sig

c2d8b2fa000d0f108a63ad8bbe060f960002d22387d6c72da5cc681a  gnutls-1.7.3.tar.bz2
1645e5fefef93102c5e13a7c5e2a2e58c37a9dab489124875a2d35c7  gnutls-1.7.3.tar.bz2.sig

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20070201/6254252e/attachment.pgp>

More information about the Gnutls-devel mailing list