gnutls 3.1.2

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Sep 26 20:54:28 CEST 2012


Hello,
 I've just released gnutls 3.1.2. This release includes feature
updates, notably support for the DTLS heartbeat message, and bug fixes
in the current stable branch.


* Version 3.1.2 (released 2012-09-26)

** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust()
and gnutls_x509_trust_list_add_trust_mem() that prevented the loading
of certificates in the windows platform.

** libgnutls: Corrected bug in OpenPGP subpacket encoding.

** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk.
(the work was done during Google Summer of Code).

** libgnutls: Added X.509 certificate verification flag
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification
of unsorted certificate chains and is enabled by default for
TLS certificate verification (if gnutls_certificate_set_verify_flags()
does not override it).

** libgnutls: Prints warning on certificates that contain keys of
an insecure level. If the %COMPAT priority flag is not specified
the TLS connection fails.

** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode
if interrupted during the retrasmition of handshake data.

** libgnutls: Better mingw32 support (patch by LRN).

** libgnutls: The %COMPAT keyword, if specified, will tolerate
key usage violation errors (they are far too common to ignore).

** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
which provides a tool to counter compression-related attacks where
parts of the data are controlled by the attacker _and_ are placed in
separate records (use with care - do not use compression if not sure).

** libgnutls: Depends on libtasn1 2.14 or later.

** certtool: Prints the number of bits of the public key algorithm
parameter in a private key.

** API and ABI modifications:
gnutls_x509_privkey_get_pk_algorithm2: Added
gnutls_heartbeat_ping: Added
gnutls_heartbeat_pong: Added
gnutls_heartbeat_allowed: Added
gnutls_heartbeat_enable: Added
gnutls_heartbeat_set_timeouts: Added
gnutls_heartbeat_get_timeout: Added
GNUTLS_SEC_PARAM_WEAK: Added
GNUTLS_SEC_PARAM_INSECURE: Added


Getting the Software
====================

GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/>.  The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.2.tar.xz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.2.tar.xz

Here are the LZIP compressed sources:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.2.tar.lz
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.2.tar.lz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.2.tar.xz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.2.tar.xz.sig

  ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.2.tar.lz.sig
  http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.2.tar.lz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos




More information about the Gnutls-devel mailing list