gnutls 3.1.3

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Oct 12 19:20:38 CEST 2012


Hello,
 I've just released gnutls 3.1.3. This release includes initial support
for the DANE protocol and the OCSP status request TLS extension. The
DANE protocol is an IETF protocol to verify certificates using DNSSEC.

* Version 3.1.3 (released 2012-10-12)

** libgnutls: Added support for the OCSP Certificate Status
extension.

** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP
certificate status extension in verification.

** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl().

** libgnutls: Increased maximum password length in the PKCS #12
functions.

** libgnutls: Fixed the receipt of session tickets during session
resumption. Reported by danblack at http://savannah.gnu.org/support/?108146

** libgnutls: Added functions to export structures in an allocated buffer.

** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the
OCSP response corresponds to the given certificate.

** libgnutls: In client side gnutls_init() enables the session ticket
and OCSP certificate status request extensions by default. The flag
GNUTLS_NO_EXTENSIONS can be used to prevent that.

** libgnutls: Several updates in the OpenPGP code. The generating code
is fully RFC6091 compliant and RFC5081 support is only supported in
client mode.

** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC
certificate verification.

** gnutls-cli: Added --dane option to enable DANE certificate verification.

** danetool: Added tool to generate DANE TLSA Resource Records (RR).

** API and ABI modifications:
gnutls_certificate_get_peers_subkey_id: Added
gnutls_certificate_set_ocsp_status_request_function: Added
gnutls_certificate_set_ocsp_status_request_file: Added
gnutls_ocsp_status_request_enable_client: Added
gnutls_ocsp_status_request_get: Added
gnutls_ocsp_resp_check_crt: Added
gnutls_dh_params_export2_pkcs3: Added
gnutls_pubkey_export2: Added
gnutls_x509_crt_export2: Added
gnutls_x509_dn_export2: Added
gnutls_x509_crl_export2: Added
gnutls_pkcs7_export2: Added
gnutls_x509_privkey_export2: Added
gnutls_x509_privkey_export2_pkcs8: Added
gnutls_x509_crq_export2: Added
gnutls_openpgp_crt_export2: Added
gnutls_openpgp_privkey_export2: Added
gnutls_pkcs11_obj_export2: Added
gnutls_pkcs12_export2: Added
gnutls_pubkey_import_openpgp_raw: Added
gnutls_pubkey_import_x509_raw: Added
dane_state_init: Added
dane_state_deinit: Added
dane_query_tlsa: Added
dane_query_status: Added
dane_query_entries: Added
dane_query_data: Added
dane_query_deinit: Added
dane_verify_session_crt: Added
dane_verify_crt: Added
dane_strerror: Added


Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/>.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.3.tar.xz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.3.tar.xz

Here are the LZIP compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.3.tar.lz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.3.tar.lz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.3.tar.xz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.3.tar.xz.sig

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.3.tar.lz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.3.tar.lz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos




More information about the Gnutls-devel mailing list