GnuTLS 2.3.8

Simon Josefsson simon at josefsson.org
Tue Apr 29 20:07:15 CEST 2008 

The GnuTLS 2.3.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

The goals for the 2.3.x branch are tracked at:

http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4

More ideas are welcome, just create a new ticket.

Here are the compressed sources:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.3.8.tar.bz2
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.3.8.tar.bz2

Here is the Windows binaries:
  http://josefsson.org/gnutls4win/gnutls-2.3.8.exe
  http://josefsson.org/gnutls4win/gnutls-2.3.8.zip

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

News in this release:

* Version 2.3.8 (released 2008-04-29)

** libgnutls: Increase default handshake packet size limit to 48kb.
The old limit was 16kb and some servers send huge list of trusted CAs,
thus running into the limit.  FYI, applications can further increase
this limit using gnutls_handshake_set_max_packet_length.  Thanks to
Marc Haber <mh+debian-bugs at zugschlus.de> and "Marc F. Clemente"
<marc at mclemente.net> for reporting and providing test servers.

** libgnutls: Add new error code: GNUTLS_E_HANDSHAKE_TOO_LARGE
Returned when the handshake data size is too large.  Before
GNUTLS_E_MEMORY_ERROR was used, which could be confused with other
error situations.

** libgnutls: Hide definitions in crypto.h.
We have decided that the APIs defined in crypto.h are not stable
enough for v2.4, so don't use any of those functions.

** gnutls-cli: exit when hostname doesn't match certificate.
Use --insecure to avoid hostname comparison.

** certtool: --inder and --outder replaced by --inraw and --outraw.
The reason is to align terminology with OpenPGP, which doesn't use
DER.  The old parameters will continue to work for some time.

** doc: Add section 'Index of new symbols in 2.4.0' to the GTK-DOC manual.

** doc: Many cosmetic fixes, to silence (most) gtk-doc warnings.

** Mingw32: Revert libgcrypt vasprintf work-around added in last release.
Use libgcrypt 1.4.1 or later when building on MinGW32, it removes the
vasprintf symbol from the libgcrypt library which caused problems.

** Update of gnulib files.

** tests: New self-test of crypto.h RNG code tests/crypto_rng.

** API and ABI modifications:
GNUTLS_E_HANDSHAKE_TOO_LARGE: ADDED.

/Simon

More information about the Gnutls-devel mailing list