gnutls 2.11.5

Nikos Mavrogiannopoulos nmav at
Wed Dec 1 22:53:37 CET 2010


The GnuTLS 2.11.x branch is NOT what you want for your stable system.
It is intended for developers and experienced users.

This is major update release that includes features such as PKCS #11
support for cryptographic objects, a PKCS #11 token manipulation tool
(p11tool), support for local system thread locks, new message buffering
layer, support for nettle library and more.

Unless there are issues, this version contains the final version of the
PKCS #11 support for 2.12.x. It has been mostly tested with opensc and
Feitian smart cards, but I'd appreciate if you can test it with other
tokens and pkcs11 modules you may have.

Here are the compressed sources:

Here is the OpenPGP signature:


* Version 2.11.5 (released 2010-12-01)

** libgnutls: Reverted default behavior for verification and
introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
V1 trusted CAs are allowed, unless the new flag is specified.

** libgnutls: Correctly add leading zero to PKCS #8 encoded DSA key.
Reported by Jeffrey Walton.

** libgnutls: Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL
as priority strings. Those allow to set all the supported algorithms
at once.

** p11tool: Introduced. It allows manipulating pkcs 11 tokens.

** gnutls-cli: Print channel binding only in verbose mode.
Before it printed it after the 'Compression:' output, thus breaking
Emacs starttls.el string searches.

** API and ABI modifications:
gnutls_pkcs11_token_init: New function
gnutls_pkcs11_token_set_pin: New function

More information about the Gnutls-devel mailing list