[gnutls-devel] gnutls 3.5.1
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Jun 14 16:44:56 CEST 2016
Hello,
I've just released gnutls 3.5.1. This is a minor feature update for
the 3.5.x branch.
* Version 3.5.1 (released 2016-06-14)
** libgnutls: The SSL 3.0 protocol support can completely be removed
using a compile time option. The configure option is
--disable-ssl3-support.
** libgnutls: The SSL 2.0 client hello support can completely be
removed using a compile time option. The configure option is
--disable-ssl2-support. For info on why this is not the
default see https://gitlab.com/gnutls/gnutls/issues/97
** libgnutls: Added support for OCSP Must staple PKIX extension. That
is, implemented the RFC7633 TLSFeature for OCSP status request
extension. Feature implemented by Tim Kosse.
** libgnutls: More strict OCSP staple verification. That is, no longer
ignore invalid or too old OCSP staples. The previous behavior was
to rely on application use gnutls_ocsp_status_request_is_checked(),
while the new behavior is to include OCSP verification by default
and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on
error.
** libgnutls: Treat CA certificates with the "Server Gated
Cryptography" key purpose OIDs equivalent to having the
GNUTLS_KP_TLS_WWW_SERVER OID. This improves interoperability with
several old intermediate CA certificates carrying these legacy OIDs.
** libgnutls: Re-read the system wide priority file when needed. Patch
by Daniel P. Berrange.
** libgnutls: Allow for fallback in system-specific initial keywords
(prefixed with '@'). That allows to specify a keyword such as
"@KEYWORD1,KEYWORD2" which will use the first available of these
two keywords. Patch by Daniel P. Berrange.
** libgnutls: The SSLKEYLOGFILE environment variable can be used to log
session keys. These session keys are compatible with the NSS Key Log
Format and can be used to decrypt the session for debugging using
wireshark.
** API and ABI modifications:
GNUTLS_CERT_INVALID_OCSP_STATUS: Added
gnutls_x509_crt_set_crq_extension_by_oid: Added
gnutls_x509_ext_import_tlsfeatures: Added
gnutls_x509_ext_export_tlsfeatures: Added
gnutls_x509_tlsfeatures_add: Added
gnutls_x509_tlsfeatures_init: Added
gnutls_x509_tlsfeatures_deinit: Added
gnutls_x509_tlsfeatures_get: Added
gnutls_x509_crt_get_tlsfeatures: Added
gnutls_x509_crt_set_tlsfeatures: Added
gnutls_x509_crq_get_tlsfeatures: Added
gnutls_x509_crq_set_tlsfeatures: Added
gnutls_ext_get_name: Added
Getting the Software
====================
GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.
Here are the XZ compressed sources:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.1.tar.xz
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.1.tar.xz.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
More information about the Gnutls-devel
mailing list