GnuTLS 2.3.12 - first release candidate for 2.4.0

Simon Josefsson simon at
Wed Jun 4 11:44:58 CEST 2008

The GnuTLS 2.3.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

This release merges the gnutls_with_netconf branch, and is likely the
last feature-related work on the 2.3.x branch.  This the first release
candidate for 2.4.0.  Anything that doesn't live up to the expectations
on a stable release should be reported before this turns into the real
2.4.0.  I'll post updated draft 2.4.0 release notes separately.

The goals for the 2.3.x branch are tracked at:

Alas, the spammers have found our trac site so it is almost useless. :(
Hopefully I can move it to another host soon...  Is anyone interested in
helping to admin it?  Can anyone sponsor a VPS to run this on?  Help!

More ideas are welcome, just create a new ticket.

Here are the compressed sources:

Here is the Windows binaries:

Thanks to Enrico Tassi, we also have mingw32 *.deb's available:

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See for more details.

News in this release:

* Version 2.3.12 (released 2008-06-04)

** Merge gnutls_with_netconf branch.

*** libgnutls [PSK]: New API to retrieve PSK identity hint in client.
The function is gnutls_psk_client_get_hint.

*** libgnutls [PSK]: New API to set PSK identity hint in server.
The function is gnutls_psk_set_server_credentials_hint.

*** libgnutls [PSK]: Support server key exchange with PSK identity hint.
In the client, the message is parsed and the application can use
gnutls_psk_client_get_hint to retrieve the hint.  In the server, the
message is sent if the application has specified a PSK identity hint
using gnutls_psk_set_server_credentials_hint.

*** libgnutls [PSK]: Support Netconf PSK key derivation.
The function gnutls_psk_netconf_derive_key supports the PSK key
derivation as specified in draft-ietf-netconf-tls-02.txt.  New self
test netconf-psk.c.

*** psktool: Support new --netconf-hint to generate PSK key from password.
Uses the Netconf algorithm to derive PSK key from password.

*** gnutls-serv: Support new --pskhint parameter to set PSK identity hint.

*** gnutls-cli: Always support PSK modes, through a callback.
The callback will derive a PSK key using Netconf algorithm.  It will
print the PSK identity hint to help the user.

*** New PSK example client and server.
See doc/examples/ex-client-psk.c and doc/examples/ex-serv-psk.c.

** libgnutls: Fix gnutls_x509_crl_set_version on arm platforms.
The code didn't work properly on platforms where 'char' is unsigned,
when you set version 0.  Reported by Laurence Withers
<l at> in

** libgnutls-openssl: added RAND_pseudo_bytes API.
Patch from Robert Millan <rmh at>.

** API and ABI modifications:
RAND_pseudo_bytes: ADDED to libgnutls-openssl.
gnutls_psk_client_get_hint: ADDED.
gnutls_psk_set_server_credentials_hint: ADDED.
gnutls_psk_netconf_derive_key: ADDED

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20080604/5204d1ec/attachment.pgp>

More information about the Gnutls-devel mailing list