GnuTLS 2.7.6

Simon Josefsson simon at
Fri Feb 27 16:57:51 CET 2009

The GnuTLS 2.7.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

Here are the compressed sources: (5.8MB)

Here is the OpenPGP signature:

Known open issues holding back the next stable release:

 * Make gnutls-cli/gnutls-serv work under Windows again
 * Resolve how to treat the partial TLS 1.2 implementation
 * Fix the API man page for priority strings

The plan is to resolve these issues and post release candidates during
March and release on April 1th.  If you want to see anything else in the
next stable release, now is the time to speak!

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.  You
can contribute by reporting bugs, improve the software, or donate money
or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See for more details.


* Version 2.7.6 (released 2009-02-27)

** certtool: Query for multiple dnsName subjectAltName in interactive mode.
This applies both to generating certificates and certificate requests.

** pkix.asn: Removed unneeded definitions to reduce memory usage.

** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify.
Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to
be used for chain verification.

** gnutls-serv: No longer disable MAC padding by default.
Use --priority NORMAL:%COMPAT to disable MAC padding again.

** gnutls-cli: Certificate information output format changed.
The tool now uses libgnutls' functions to print certificate
information.  This avoids code duplication.

** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5
** and %VERIFY_ALLOW_X509_V1_CA_CRT.
They can be used to override the default certificate chain validation

** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to 
specify the client hello message record version. Used to overcome buggy 
TLS servers. Report by Martin von Gagern.

** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode.

** libgnutls: gnutls_openpgp_crt_print supports oneline mode.

** doc: Update gnutls-cli and gnutls-serv --help output descriptions.

** API and ABI modifications:
No changes since last version.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20090227/2c02cf3e/attachment.pgp>

More information about the Gnutls-devel mailing list