[gnutls-devel] [gnutls-help] GnuTLS 3.6.0 released

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Sep 8 10:16:30 CEST 2017


On Wed, Sep 6, 2017 at 5:57 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On Wed 2017-09-06 13:12:11 +0200, Nikos Mavrogiannopoulos wrote:
>> The options seem to be:
>>  * deprecate the API and force applications specify explicitly a hash
>> for signing
>>  * Update/break the ABI for 3.6 and make the underlying algorithm used
>> to be undefined (i.e., a secure but unspecified one).
>
> fwiw, i prefer the second option.  It's always good to have a "do what
> you currently think is best" simple API.
>
> This also resolves the request for a "@SYSTEM" mechanism for _sign2(),
> since the way to do that would just be to use _sign().  I don't even
> think this is a large enough API/behavioral change to _sign() to warrant
> an SONAME bump, personally, esp. since SHA1 is deprecated for this
> purpose.

A merge request incorporating these:
https://gitlab.com/gnutls/gnutls/merge_requests/504/



More information about the Gnutls-devel mailing list