[gnutls-devel] gnutls 3.5.4

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Sep 8 07:49:37 CEST 2016

 I've just released gnutls 3.5.4. This is a minor enhancements and
bugfix release for the 3.5.x branch.

* Version 3.5.4 (released 2016-09-08)

** libgnutls: Corrected the comparison of the serial size in OCSP
   response. Previously the OCSP certificate check wouldn't verify the
   serial length and could succeed in cases it shouldn't 
   (GNUTLS-SA-2016-3). Reported by Stefan Buehler.

** libgnutls: Added support for IP name constraints. Patch by Martin

** libgnutls: Added support for PKCS#8 file decryption using
   DES-CBC-MD5. This is added to allow decryption of PKCS #8 private
   keys from openssl prior to 1.1.0.

** libgnutls: Added support for decrypting PKCS#8 files which use 
   HMAC-SHA256 as PRF. This allow decrypting PKCS #8 private keys
   generated with openssl 1.1.0.

** libgnutls: Added support for internationalized passwords in PKCS#12
   files. Previous versions would only encrypt or decrypt using
   passwords from the ASCII set.

** libgnutls: Addressed issue with PKCS#11 signature generation on
   ECDSA keys. The signature is now written as unsigned integers into
   the DSASignatureValue structure. Previously signed integers could be
   written depending on what the underlying module would produce.
   Addresses #122.

** gnutls-cli: Fixed starttls regression from 3.5.3.

** API and ABI modifications:
gnutls_x509_cidr_to_rfc5280: Added
gnutls_oid_to_mac: Added

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-devel mailing list