simon at josefsson.org
Thu Feb 21 12:42:30 CET 2008
The GnuTLS 2.3.x branch is NOT what you want for your stable system. It
is intended for developers and experienced users.
I tried to make sure there are no ABI/ABI modifications/deletions in
this compared to v2.2.x, but as the changes have been quite large, I may
have missed something. Note that we don't guarantee ABI compatibility
during development releases, so if there are ABI breaks in this release,
we'll consider those bugs and revert them, rather than bumping the ABI.
Also, we need to figure out how opencdk is going to be included -- right
now there is no non-gnutls opencdk under LGPL, but we need one. There
is only the opencdk included in this release.
While releasing this, I noticed that the openpgpself test fails... but
that can wait for the next release.
News in this release:
* Version 2.3.1 (released 2008-02-21)
** OpenPGP support merged into libgnutls and is now licensed under LGPL.
The included copy of OpenCDK has been stripped down and re-licensed
under the LGPL.
** Cipher priority string handling now handle strings that starts with NULL.
Thanks to Laurence Withers <l at lwithers.me.uk>.
** gnutls-cli: When -d is used, also prints RNG information from libgcrypt.
** Corrected memory leaks in session resuming and DHE ciphersuites. Reported
by Daniel Stenberg.
** Increased the default certificate verification chain limits and allowed
for checks without limitation.
** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
strings and return the proper size.
** Add section 'On Record Padding' to the manual.
This collects all problems related to record padding with
Nokia/Sony-Ericsson phones that we know about.
** Several improvements in the OpenPGP authentication.
Now subkeys can be used for authentication, according to
** certtool can print information on OpenPGP certificates and keys.
** Added gnutls_x509_dn_import/init/deinit() to access raw DER DN.
Patch by Joe Orton.
** Added gnutls_certificate_export_x509_cas and other functions to
export elements from the certificate credentials structure. Based on
suggestion from Joe Orton.
** Doc fixes.
Clarify that srp_base64 is not the same as normal base64.
** Fix non-portable use of brace expansion in makefiles.
** API and ABI modifications:
gnutls_openpgp_keyid_t: ADDED, instead of hard-coded 'unsigned char'.
gnutls_openpgp_crt_get_key_id: ADDED, obsoletes gnutls_openpgp_crt_get_id.
GNUTLS_CRT_PRINT_FULL: ADDED, same as old GNUTLS_X509_CRT_FULL.
GNUTLS_CRT_PRINT_ONELINE: ADDED, same as old GNUTLS_X509_CRT_ONELINE.
GNUTLS_CRT_PRINT_UNSIGNED_FULL: ADDED, same as
The goals for the 2.3.x branch are tracked at:
More ideas are welcome, just create a new ticket.
Here are the compressed sources:
Improving GnuTLS is costly, but you can help! We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.
Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance. Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance. We are always looking for interesting development
projects. See http://josefsson.org/ for more details.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 419 bytes
Desc: not available
More information about the Gnutls-devel