GnuTLS 2.7.4

Simon Josefsson simon at josefsson.org
Wed Jan 7 12:59:55 CET 2009


The GnuTLS 2.7.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

Here are the compressed sources:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.7.4.tar.bz2 (5.8MB)
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.7.4.tar.bz2

Here is the OpenPGP signature:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.7.4.tar.bz2.sig
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.7.4.tar.bz2.sig

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.  You
can contribute by reporting bugs, improve the software, or donate money
or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

/Simon

* Version 2.7.4 (released 2009-01-07)

** gnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
This is a bugfix -- the previous attempt to do this from internal x509
certificate verification procedures did not return the correct value
for certificates using a weak hash.  Reported by Daniel Kahn Gillmor
<dkg at fifthhorseman.net> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
debugged and patch by Tomas Mraz <tmraz at redhat.com> and Daniel Kahn
Gillmor <dkg at fifthhorseman.net>.

** gnutls: New interface to get key id for certificate requests.
Patch from David Marín Carreño <davefx at gmail.com> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3321>.

** gnutls: gnutls_x509_crq_print will now also print public key id.

** certtool: --verify-chain now prints results of using library verification.
Earlier, certtool --verify-chain used its own validation algorithm
which wasn't guaranteed to give the same result as the libgnutls
internal validation algorithm.  Now this command print a new final
line with header 'Chain verification output:' that contains the result
From using the internal verification algorithm on the same chain.

** tests: Add crq_key_id self-test of gnutls_x509_crq_get_key_id.

** API and ABI modifications:
gnutls_x509_crq_get_key_id: ADDED.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20090107/2f4bd593/attachment.pgp>


More information about the Gnutls-devel mailing list