[gnutls-devel] gnutls 3.4.6

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Oct 20 18:19:30 CEST 2015


Hello, 
 I've just released gnutls 3.4.6. This version fixes bugs and adds
minor features to the next stable branch.


* Version 3.4.6 (released 2015-10-20)

** libgnutls: Added new simple verification functions. That avoids the
   need to install a callback to perform certificate verification. See
   doc/examples/ex-client-x509.c for usage.

** libgnutls: Introduced the security parameter 'future' which is at
   the 256-bit level of security, and 'ultra' was aligned to its 
   documented size at 192-bits.

** libgnutls: When writing a certificate into a PKCS #11 token, ensure
   that CKA_SERIAL_NUMBER and CKA_ISSUER are written. Reported by Sumit
   Bose.

** libgnutls: Allow the presence of legacy ciphers and key exchanges in
   priority strings and consider them a no-op.

** libgnutls: Handle the extended master secret as a mandatory 
   extension. That fixes incompatibility issues with Chromium (#45). 
   Reported by Hubert Kario.

** libgnutls: Added the ability to copy a public key into a PKCS #11
   token.

** tools: Added support for LDAP and XMPP negotiation for STARTTLS.

** p11tool: Allow writing a public key into a PKCS #11 token.

** certtool: Key generation security level was switched to HIGH. That
   is, by default the tool generates 3072 bit keys for RSA and DSA.

** API and ABI modifications:
gnutls_session_set_verify_function: Added
gnutls_session_set_verify_cert: Added
gnutls_session_set_verify_cert2: Added
gnutls_session_get_verify_cert_status: Added
gnutls_pkcs11_copy_pubkey: Added


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ and LZIP compressed sources:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.6.tar.xz
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.6.tar.lz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.6.tar.xz.sig
  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-3.4.6.tar.lz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos




More information about the Gnutls-devel mailing list