[gnutls-dev] GnuTLS 1.7.6

Simon Josefsson simon at josefsson.org
Mon Feb 12 16:06:26 CET 2007

Various fixes, see below.  Remember, the GnuTLS 1.7.x branch is NOT
what you want for your stable system.  It is intended for developers
and experienced users.

* Version 1.7.6 (released 2007-02-12)

** Support for 'otherName' Subject Alternative Names.
The existing API gnutls_x509_crt_get_subject_alt_name may now return
the new type GNUTLS_SAN_OTHERNAME together with the otherName value.
To find out the otherName OID (necessary for proper parsing of the
value), use the new API gnutls_x509_crt_get_subject_alt_othername_oid.
For known OIDs, gnutls_x509_crt_get_subject_alt_othername_oid will
return "virtual" SAN values, e.g., GNUTLS_SAN_OTHERNAME_XMPP to
simplify OID matching.  Suggested by Matthias Wimmer <m at tthias.eu>.

** Certtool can print otherName SAN values for certificates.
For known otherName OIDs (currently only id-on-xmppAddr as defined by
RFC 3920), it will also print the name.

** Fix TLS 1.2 RSA signing in servers.
Before it used the old-style MD5+SHA1 signature, but the TLS
signatures should be normal PKCS#1 signatures.  FYI, we use and
require that DigestInfo parameters are present and NULL for TLS 1.2.

** Add APIs to access X.509 extensions sequentially.
The existing APIs gnutls_x509_crt_get_extension_oid() and
gnutls_x509_crt_get_extension_by_oid() does not permit callers to
inspect the extensions in the order defined by the certificate.

** Add API to extract signature value from X.509 certificates.
The function is gnutls_x509_crt_get_signature.

** Fix crash when generating proxy certificates in batch mode.
If you don't specify a proxy policy in batch mode, it will use

** Add API to print information about X.509 certificates.
The function is gnutls_x509_crt_print.

** Certtool uses the new API gnutls_x509_crt_print to print certificate info.
One consequence of this is that the output syntax has changed
slightly.  Some more fields are printed.

** Doc fixes.

** API and ABI modifications:
gnutls_x509_crt_print: ADD
gnutls_certificate_print_formats_t: ADD, new enum.
gnutls_x509_crt_get_signature: ADD.
gnutls_x509_crt_get_extension_data: ADD.
gnutls_x509_crt_get_extension_info: ADD.
gnutls_x509_crt_get_subject_alt_othername_oid: ADD.
GNUTLS_SAN_OTHERNAME: ADD, new gnutls_x509_subject_alt_name_t element.
GNUTLS_SAN_OTHERNAME_XMPP: ADD, new gnutls_x509_subject_alt_name_t element.

Here are the compressed sources (4.2MB):

Here are GPG detached signatures signed using key 0xB565716F:

Here are the SHA-1 and SHA-224 checksums:

7d3c3342a749cbd996007f8f6f6140ea61ea0ee9  gnutls-1.7.6.tar.bz2
b0a3907ede3eefa3e6a29e12f08bbfbb1fdf4c33  gnutls-1.7.6.tar.bz2.sig

fa885612040b34f62728db5a4fcd8203e24c8ceb625c8ed35bb40ff9  gnutls-1.7.6.tar.bz2
cadd2db39cbe7dbcd8fd8953211bb8e6ba84feb9b94e98ca1ad86c5c  gnutls-1.7.6.tar.bz2.sig

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20070212/720b20bf/attachment.pgp>

More information about the Gnutls-devel mailing list