[gnutls-devel] gnutls 3.5.17

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Jan 17 08:13:15 CET 2018

 I've just released gnutls 3.5.17. This is a bug fix release on the
current stable branch.

* Version 3.5.17 (released 2018-01-17)

** libgnutls: Address issue of loading of all PKCS#11 modules on startup
   on systems with a PKCS#11 trust store (as opposed to a file trust store).
   Introduced a multi-stage initialization which loads the trust modules, and
   other modules are deferred for the first pure PKCS#11 request.

** libgnutls: Improved getrandom() detection in newer glibc versions.

** libgnutls: When verifying against a self signed certificate ignore issuer.
   That is, ignore issuer when checking the issuer's parameters strength, resolving
   issue #347 which caused self signed certificates to be additionally marked as of
   insufficient security level.

** libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
   MTU calculation now, it correctly accounts for the fixed overhead due to
   padding (as 1 byte), while at the same time considers the rest of the
   padding as part of data MTU. Resolves issue #360.

** API and ABI modifications:
No changes since last version.

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-devel mailing list