GnuTLS 3.0.12

Simon Josefsson simon at
Fri Jan 20 14:36:58 CET 2012

This release adds OCSP functionality to GnuTLS, and some other fixes.

* Version 3.0.12 (released 2012-01-20)

** libgnutls: Added OCSP support.
There is a new header file gnutls/ocsp.h and a set of new functions
under the gnutls_ocsp namespace.  Currently the functionality provided
is to parse and extract information from OCSP requests/responses, to
generate OCSP requests and to verify OCSP responses.  See the manual
for more information.  Run ./configure with --disable-ocsp to build
GnuTLS without OCSP support.

This work was sponsored by Smoothwall <>.

** ocsptool: Added new command line tool.
The tool can parse OCSP request/responses, generate OCSP requests and
verify OCSP responses.  See the manual for more information.

** certtool: --outder option now works for private
and public keys as well.

** libgnutls: Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET
to warn when no or insufficient priorities were set.

** libgnutls: Corrected an alignment issue in ECDH
key generation which prevented some keys from being
correctly aligned in rare circumstances.

** libgnutls: Corrected memory leaks in DH parameter
generation and ecc_projective_check_point().

** libgnutls: Added gnutls_x509_dn_oid_name() to 
return a descriptive name of a DN OID.

** API and ABI modifications:
gnutls_pubkey_encrypt_data: Added
gnutls_x509_dn_oid_name: Added
gnutls_session_resumption_requested: Added
gnutls/ocsp.h: Added new header file.
gnutls_ocsp_print_formats_t: Added new type.
gnutls_ocsp_resp_status_t: Added new type.
gnutls_ocsp_cert_status_t: Added new type.
gnutls_x509_crl_reason_t: Added new type.
gnutls_ocsp_req_add_cert: Added.
gnutls_ocsp_req_add_cert_id: Added.
gnutls_ocsp_req_deinit: Added.
gnutls_ocsp_req_export: Added.
gnutls_ocsp_req_get_cert_id: Added.
gnutls_ocsp_req_get_extension: Added.
gnutls_ocsp_req_get_nonce: Added.
gnutls_ocsp_req_get_version: Added.
gnutls_ocsp_req_import: Added.
gnutls_ocsp_req_init: Added.
gnutls_ocsp_req_print: Added.
gnutls_ocsp_req_randomize_nonce: Added.
gnutls_ocsp_req_set_extension: Added.
gnutls_ocsp_req_set_nonce: Added.
gnutls_ocsp_resp_deinit: Added.
gnutls_ocsp_resp_export: Added.
gnutls_ocsp_resp_get_certs: Added.
gnutls_ocsp_resp_get_extension: Added.
gnutls_ocsp_resp_get_nonce: Added.
gnutls_ocsp_resp_get_produced: Added.
gnutls_ocsp_resp_get_responder: Added.
gnutls_ocsp_resp_get_response: Added.
gnutls_ocsp_resp_get_signature: Added.
gnutls_ocsp_resp_get_signature_algorithm: Added.
gnutls_ocsp_resp_get_single: Added.
gnutls_ocsp_resp_get_status: Added.
gnutls_ocsp_resp_get_version: Added.
gnutls_ocsp_resp_import: Added.
gnutls_ocsp_resp_init: Added.
gnutls_ocsp_resp_print: Added.
gnutls_ocsp_resp_verify: Added.

Getting the Software

GnuTLS may be downloaded from one of the GNU mirror sites or directly
From <>.  The list of GNU mirrors can be
found at <> and a list of GnuTLS mirrors
can be found at <>.

Here are the XZ compressed sources:

Here are OpenPGP detached signatures signed using key 0xB565716F:

pub   1280R/B565716F 2002-05-05 [expires: 2013-05-10]
      Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F
uid                  Simon Josefsson <simon at>
sub   1280R/4D5D40AE 2002-05-05 [expires: 2013-05-10]

Happy hacking,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 424 bytes
Desc: not available
URL: </pipermail/attachments/20120120/c7efbdf6/attachment.pgp>

More information about the Gnutls-devel mailing list