gnutls 3.0.10

[Nikos Mavrogiannopoulos]

Hello,
 I've just released gnutls 3.0.13. This release fixes bugs and adds
new features in the current stable branch. The main additions are,
(1) a new helper interface to support trust on first use (SSH-like)
authentication, (2) gnutls-cli and ocsptool support the on-line
verification of a certificate using OCSP, (3) several updates in
Datagram TLS handling of missed packets and retransmissions (thanks
to work of Sean Buckheister).


* Version 3.0.13 (released 2012-02-18)

** gnutls-cli: added the --ocsp option which will verify
the peer's certificate with OCSP.

** gnutls-cli: added the --tofu and if specified, gnutls-cli
will use an ssh-style authentication method.

** gnutls-cli: if no --x509cafile is provided a default is
assumed (/etc/ssl/certs/ca-certificates.crt), if it exists.

** ocsptool: Added --ask parameter, to verify a certificate's
status from an ocsp server.

** command line apps: Use gnu autogen (libopts) to parse command
line arguments and template files.

** tests: Added stress test for DTLS packet losses and
out-of-order receival. Contributed by Sean Buckheister.

** libgnutls: Several updates and corrections in the DTLS
DTLS lost packet handling and retransmission timeouts.
Report and patches by Sean Buckheister.

** libgnutls: Added new functions to easily allow the usage of
a trust on first use (SSH-style) authentication.

** libgnutls: SUITEB128 and SUITEB192 priority strings account
for the RFC6460 requirements.

** libgnutls: Added new security parameter GNUTLS_SEC_PARAM_LEGACY
to account for security level of 96-bits.

** libgnutls: In client side if server does not advertise any
known CAs and only a single certificate is set in the credentials,
sent that one.

** libgnutls: Added functions to parse authority key identifiers
when stored as a 'general name' and serial combo.

** libgnutls: Added function to force explicit reinitialization
of PKCS #11 modules. This is required on the child process after
a fork (if PKCS #11 functionality is desirable).

** libgnutls: Depend on p11-kit 0.11.

** API and ABI modifications:
gnutls_dtls_get_timeout: Added
gnutls_verify_stored_pubkey: Added
gnutls_store_pubkey: Added
gnutls_store_commitment: Added
gnutls_x509_crt_get_authority_key_gn_serial: Added
gnutls_x509_crl_get_authority_key_gn_serial: Added
gnutls_pkcs11_reinit: Added
gnutls_ecc_curve_list: Added
gnutls_priority_certificate_type_list: Added
gnutls_priority_sign_list: Added
gnutls_priority_protocol_list: Added
gnutls_priority_compression_list: Added
gnutls_priority_ecc_curve_list: Added
gnutls_tdb_init: Added
gnutls_tdb_set_store_func: Added
gnutls_tdb_set_store_commitment_func: Added
gnutls_tdb_set_verify_func: Added
gnutls_tdb_deinit: Added


Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/>.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.13.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.13.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos