[gnutls-devel] gnutls 3.2.9

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Jan 24 19:09:15 CET 2014 

Hello,
 I've just released gnutls 3.2.9. This is a bugfix release which
also marks the gnutls 3.2 branch is as the current stable.


* Version 3.2.9 (released 2014-01-24)

** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.

** libgnutls: %COMPAT implies %DUMBFW.

** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.

* libgnutls: In PKCS #11 allow deleting multiple non-certificate data.

** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
configure option --with-default-trust-store-pkcs11), then the PKCS #11
token is used on demand to obtain the trusted anchors, rather than
preloading all trusted certificates. That delegates CA certificate
management and blacklist checking to the PKCS #11 module.

** libgnutls: When a PKCS #11 trust store is specified in configure
option or in gnutls_x509_trust_list_add_trust_file(), then the module is
used to obtain the verification anchors and any required blacklists as
in
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html

** libgnutls: Fix in OCSP certificate status extension handling
in non-blocking servers. Patch by Nils Maier.

** p11tool: Added --so-login option to force login as security
officer (admin).

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ and LZIP compressed sources:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.9.tar.xz
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.9.tar.lz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.9.tar.xz.sig
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.9.tar.lz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos

More information about the Gnutls-devel mailing list