[gnutls-dev] GnuTLS 1.7.7

Simon Josefsson simon at josefsson.org
Thu Feb 22 09:58:30 CET 2007

Support for Supplemental handshake messages and the TLS authorization
extension, and some other stuff.  Remember, the GnuTLS 1.7.x branch is
NOT what you want for your stable system.  It is intended for
developers and experienced users.

* Version 1.7.7 (released 2007-02-22)

** Support for supplemental handshake messages and authorization data.
Supplemental data is described in RFC 4680 and the authorization
extensions in draft-housley-tls-authz-extns-07.

** Support for authorization data in gnutls-cli and gnutls-serv.
New parameters --authz-x509-attr-cert and --authz-saml-assertion.

** Fix for gnutls_x509_crt_check_hostname.
Before it would have reported that the certificate matched a hostname
when it did not have any dNSName or any CN field.  Report and tiny
patch from "Richard W.M. Jones" <rjones at redhat.com>.

** New self test for RFC 2818 comparison in gnutls_x509_crt_check_hostname.
Tests regressions of the bug, and several other features.

** GnuTLS now matches URI's with IP Addresses against iPAddress SAN's.
Before there were no support for iPAddress SAN's during comparison.

** New API to print information about CRL's.
The function is gnutls_x509_crl_print.

** New API to extract signature value from CRL's.
The function is gnutls_x509_crl_get_signature.

** Support for directoryName Subject Alternative Name's.
The gnutls_x509_crt_get_subject_alt_name function returns the DN as a
string in the provided buffer.

** Internal improvements to certtool.
It uses gnutls_x509_crl_print to print CRL information.  It uses some
more gnulib modules to simplify error handling.

** API and ABI modifications:
GNUTLS_HANDSHAKE_SUPPLEMENTAL: ADD, new gnutls_handshake_description_t element.
gnutls_supplemental_data_format_type_t: ADD.
gnutls_authz_data_format_type_t: ADD.
gnutls_supplemental_get_name: ADD.
gnutls_authz_send_callback_func: ADD, callback prototypes.
gnutls_authz_enable: ADD.
gnutls_authz_send_saml_assertion_url: ADD.
GNUTLS_SAN_DN: ADD, new gnutls_x509_subject_alt_name_t element.
gnutls_x509_crl_print: ADD.
gnutls_x509_crl_get_signature: ADD.

Here are the compressed sources (4.2MB):

Here are GPG detached signatures signed using key 0xB565716F:

Here are the SHA-1 and SHA-224 checksums:

2306eaa68b41ff51f81d3801282208c5bc12baae  gnutls-1.7.7.tar.bz2
b2a14e5469e7029425c4e524a45c89997b95b075  gnutls-1.7.7.tar.bz2.sig

a4dd37fae3070321ff5936c8384c272192f5d447ffba4aaabe3e6655  gnutls-1.7.7.tar.bz2
7a72d5ffe485419058810ef6400fb181e8bf7795c845dca608a1d7a4  gnutls-1.7.7.tar.bz2.sig

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20070222/351ee4b3/attachment.pgp>

More information about the Gnutls-devel mailing list