[gnutls-help] gnutls 3.3.23
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri May 20 07:50:14 CEST 2016
Hello,
I've just released gnutls 3.3.23. This is a bug-fix release on
the previous stable branch.
* Version 3.3.23 (released 2016-05-20)
** libgnutls: Corrected behavior of ALPN extension parsing during
session resumption. Report and patches by Yuriy M. Kaminskiy.
** libgnutls: Properly print the IP Adress name constraints.
** libgnutls: Fixes in gnutls_privkey_import_ecc_raw().
** libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the
GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that
operation could fail on certain PKCS#11 modules.
** libgnutls: gnutls_pkcs11_obj_import_url() and
gnutls_x509_crt_import_pkcs11_url() can accept the
GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.
** libgnutls: gnutls_certificate_set_key() was enhanced to import the
DNS name of the certificates if the provided names are NULL.
** libgnutls: when receiving SNI names, only save and expose to
application the supported DNS names.
** libgnutls: when importing the certificate names at the
gnutls_certificate_set* functions, only consider the CN as a
fallback if DNS names are provided via the alternative name
extension.
** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers
serving chunk encoding which ocsptool doesn't support. Reported by
Thomas Klute.
** certtool: do not require a CA for OCSP signing tag. This follows the
recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate
OCSP signing to another certificate without requiring it to be a
CA. Reported by Thomas Klute.
** gnutls-cli: on OCSP verification do not fail if we have a single
valid reply. Report and reproducer by Thomas Klute.
** API and ABI modifications:
No changes since last version.
Getting the Software
====================
GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.
Here are the XZ compressed sources:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.23.tar.xz
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.23.tar.xz.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
More information about the Gnutls-help
mailing list