gnutls 3.1.4
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Nov 10 01:05:58 CET 2012
Hello,
I've just released gnutls 3.1.4. This release includes initial support
for the DTLS-SRTP protocol contributed by martin Storsjo updated on the
new DANE library, and several simplifications on the existing API.
* Version 3.1.4 (released 2012-11-10)
** libgnutls: gnutls_certificate_verify_peers2() will set flags
depending on the available revocation data validity.
** libgnutls: Added gnutls_certificate_verification_status_print(), a
function to print the verification status code in human readable text.
** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS.
** libgnutls: Simplified certificate verification by adding
gnutls_certificate_verify_peers3().
** libgnutls: Added support for extension to establish keys for SRTP.
Contributed by Martin Storsjo.
** libgnutls: The X.509 verification functions check the key
usage bits and pathlen constraints and on failure output
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE.
** libgnutls: gnutls_x509_crl_verify() includes the time checks.
** libgnutls: Added verification flag
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN and made
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default.
** libgnutls: Always tolerate key usage violation errors from the side
of the peer, but also notify via an audit message.
** gnutls-cli: Added --local-dns option.
** danetool: Corrected bug that prevented loading PEM files.
** danetool: Added --check option to allow querying and verifying a
site's DANE data.
** libgnutls-dane: Added pkg-config file for the library.
** API and ABI modifications:
gnutls_session_get_id2: Added
gnutls_sign_is_secure: Added
gnutls_certificate_verify_peers3: Added
gnutls_ocsp_status_request_is_checked: Added
gnutls_certificate_verification_status_print: Added
gnutls_srtp_set_profile: Added
gnutls_srtp_set_profile_direct: Added
gnutls_srtp_get_selected_profile: Added
gnutls_srtp_get_profile_name: Added
gnutls_srtp_get_profile_id: Added
gnutls_srtp_get_keys: Added
gnutls_srtp_get_mki: Added
gnutls_srtp_set_mki: Added
gnutls_srtp_profile_t: Added
dane_cert_type_name: Added
dane_match_type_name: Added
dane_cert_usage_name: Added
dane_verification_status_print: Added
GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added
GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added
GNUTLS_CERT_UNEXPECTED_OWNER: Added
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added
Getting the Software
====================
GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/>. The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.
Here are the XZ compressed sources:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.xz
http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.xz
Here are the LZIP compressed sources:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.lz
http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.lz
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.xz.sig
http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.xz.sig
ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.lz.sig
http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.lz.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
More information about the Gnutls-devel
mailing list