Hello, I've just released gnutls 3.5.7. This is the last release in the 3.5.x branch introducing major changes. The next releases after 3.5.7 will be marked as stable and replace the 3.4.x branch. New features will enter at a new 3.6.x branch.
* Version 3.5.7 (released 2016-12-8) ** libgnutls: Include CHACHA20-POLY1305 ciphersuites in the SECURE128 and SECURE256 priority strings. ** libgnutls: Require libtasn1 4.9; this ensures gnutls will correctly operate with OIDs which have elements that exceed 2^32. ** libgnutls: The DN decoding functions output the traditional DN format rather than the strict RFC4514 compliant textual DN. This reverts the 3.5.6 introduced change, and allows applications which depended on the previous format to continue to function. Introduced new functions which output the strict format by default, and can revert to the old one using a flag. ** libgnutls: Improved TPM key handling. Check authorization requirements prior to using a key and fix issue on loop for PIN input. Patches by James Bottomley. ** libgnutls: In all functions accepting UTF-8 passwords, ensure that passwords are normalized according to RFC7613. When invalid UTF-8 passwords are detected, they are only tolerated for decryption. This introduces a libunistring dependency on GnuTLS. A version of libunistring is included in the library for the platforms that do not ship it; it can be used with the '--with-included-unistring' option to configure script. ** libgnutls: When setting a subject alternative name in a certificate which is in UTF-8 format, it will transparently be converted to IDNA form prior to storing. ** libgnutls: GNUTLS_CRT_PRINT_ONELINE flag on gnutls_x509_crt_print() will print the SHA256 key-ID instead of a certificate fingerprint. ** libgnutls: enhance the PKCS#7 verification capabilities. In the case signers that are not discoverable using the trust list or input, use the stored list as pool to generate a trusted chain to the signer. ** libgnutls: Improved MTU calculation precision for the CBC ciphersuites under DTLS. ** libgnutls: [added missing news entry since 3.5.0] No longer tolerate certificate key usage violations for TLS signature verification, and decryption. That is GnuTLS will fail to connect to servers which incorrectly use a restricted to signing certificate for decryption, or vice-versa. This reverts the lax behavior introduced in 3.1.0, due to several such broken servers being available. The %COMPAT priority keyword can be used to work- around connecting on these servers. ** certtool: When exporting a CRQ in DER format ensure no text data are intermixed. Patch by Dmitry Eremin-Solenikov. ** certtool: Include the SHA-256 variant of key ID in --certificate- info options. ** p11tool: Introduced the --initialize-pin and --initialize-so-pin options. ** API and ABI modifications: gnutls_utf8_password_normalize: Added gnutls_ocsp_resp_get_responder2: Added gnutls_x509_crt_get_issuer_dn3: Added gnutls_x509_crt_get_dn3: Added gnutls_x509_rdn_get2: Added gnutls_x509_dn_get_str2: Added gnutls_x509_crl_get_issuer_dn3: Added gnutls_x509_crq_get_dn3: Added Getting the Software ==================== GnuTLS may be downloaded directly from <ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be found at <http://www.gnutls.org/download.html>. Here are the XZ compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.7.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.7.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org> uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
