[gnutls-devel] gnutls 3.6.11

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Dec 1 22:48:32 CET 2019 

Hello, 
 I've just released gnutls 3.6.11. This is a bug fix release on the
stable 3.6.x branch.

I'd like to thank everyone who contributed in this release:
Dmitry Eremin-Solenikov, Tim Rühsen, Daiki Ueno, Tom Vrancken,
Fiona Klute, Ludovic Courtès, Andreas Metzler, Nia Alarie, Björn Jacke,
Karsten Ohme, Günther Deschner, Miroslav Lichvar and Ricardo M.
Correia.

The detailed list of changes follows; they can be seen in more detail
in our milestone tracker:
https://gitlab.com/gnutls/gnutls/-/milestones/25


Changes
=======

* Version 3.6.11 (released 2019-12-01)

** libgnutls: Use KERN_ARND for the system random number generator on
NetBSD.
   This syscall provides an endless stream of random numbers from the kernel's
   ChaCha20-based random number generator, without blocking or requiring an open file
   descriptor.

** libgnutls: Corrected issue with TLS 1.2 session ticket handling as
   client during resumption (#841).

** libgnutls: gnutls_base64_decode2() succeeds decoding the empty string
   to the empty string. This is a behavioral change of the API but it conforms
   to the RFC4648 expectations (#834).

** libgnutls: Fixed AES-CFB8 implementation, when input is shorter than
   the block size. Fix backported from nettle.

** certtool: CRL distribution points will be set in CA certificates even
   when non self-signed (#765).

** gnutls-cli/serv: added raw public-key handling capabilities (RFC7250).
   Key material can be set via the --rawpkkeyfile and --rawpkfile flags.

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded directly from <ftp://ftp.gnutls.org/gcrypt/gnutls/>.
A list of GnuTLS mirrors can be found at <http://www.gnutls.org/download.html>

Here are the XZ compressed sources:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.11.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.11.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos

More information about the Gnutls-devel mailing list