GnuTLS 2.7.3

Simon Josefsson simon at
Wed Dec 10 17:35:41 CET 2008

The GnuTLS 2.7.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

Here are the compressed sources: (5.8MB)

Here is the OpenPGP signature:

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.  You
can contribute by reporting bugs, improve the software, or donate money
or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See for more details.


* Version 2.7.3 (released 2008-12-10)

** gnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.
Reported by Michael Kiefer <Michael-Kiefer at> in
<> forwarded by
Andreas Metzler <ametzler at> in

** gnutls: Libgcrypt initialization changed.
If libgcrypt has not already been initialized, GnuTLS will now
initialize libgcrypt with disabled secure memory.  Initialize
libgcrypt explicitly in your application if you want to enable secure
memory.  Before GnuTLS initialized libgcrypt to use GnuTLS's memory
allocation functions, which doesn't use secure memory, so there is no
real change in behaviour.

** gnutls: Fix memory leak in PSK authentication.
Reported by Michael Weiser <michael at> in

** gnutls: Small byte reads via gnutls_record_recv() optimized.

** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier.
It needs to be invoked before libgcrypt is initialized.

** gnutls-cli: Return non-zero exit code on error conditions.

** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.

** tests: Added chainverify self-test that tests X.509 chain verifications.

** API and ABI modifications:
No changes since last version.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20081210/1af877cc/attachment.pgp>

More information about the Gnutls-devel mailing list