Hello, The GnuTLS 2.99.x branch is NOT what you want for your stable system. It is intended for developers and experienced users.
This is an update release that includes features such as Datagram TLS AES-GCM and more. This release includes documentation for the usage of DTLS as part of the main GnuTLS manual, but the major changes are summarized by this commit: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=08a1b04b3d049a4a44132c0bce0c017c0c70f892 The changes since the last stable branch are: * Version 2.99.0 (released 2011-04-09) ** libgnutls: Added Datagram TLS support. ** libgnutls: Uses a single configure file and a single gnulib library to save space. ** libgnutls: Several bug fixes. ** libgnutls: gnutls_transport_set_lowat() is no more. ** libgnutls-openssl: modified to use modern gnutls' functions. This introduces an ABI incompatibility with previous versions. ** libgnutls: Corrected signature generation and verification in the Certificate Verify message when in TLS 1.2. Reported by Todd A. Ouska. ** libgnutlsxx: The C++ interface returns exception on every error and not only on fatal ones. This allows easier handling of errors. ** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored the PSK callback. ** libgnutls: SRP and PSK are no longer set on the default priorities. They have to be explicitly set. ** libgnutls: During handshake message verification using DSS use the hash algorithm required by it. ** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH. ** libgnutls: Added GCM mode (interoperates with tls.secg.org) ** libgnutls-extra: Inner application extension was removed. It was never standardized nor published as an RFC. ** libgnutls: Added new certificate verification functions, that can provide more details and are more efficient. Check gnutls_x509_trust_list_*. ** certtool: Uses the new certificate verification functions for --verify-chain. ** certtool: Added new certificate verification functionality using the --verify option. Combined with --load-ca-certificate it can verify a certificate chain against a list of certificates. ** API and ABI modifications: gnutls_dtls_set_timeouts: ADDED gnutls_dtls_get_mtu: ADDED gnutls_dtls_get_data_mtu: ADDED gnutls_dtls_set_mtu: ADDED gnutls_dtls_cookie_send: ADDED gnutls_dtls_cookie_verify: ADDED gnutls_dtls_prestate_set: ADDED gnutls_x509_trust_list_verify_crt: ADDED gnutls_x509_trust_list_add_crls: ADDED gnutls_x509_trust_list_add_cas: ADDED gnutls_x509_trust_list_init: ADDED gnutls_x509_trust_list_deinit: ADDED gnutls_cipher_add_auth: ADDED gnutls_cipher_tag: ADDED gnutls_psk_netconf_derive_key: REMOVED gnutls_certificate_verify_peers: REMOVED gnutls_session_set_finished_function: REMOVED gnutls_ext_register: REMOVED gnutls_certificate_get_x509_crls: REMOVED gnutls_certificate_get_x509_cas: REMOVED gnutls_certificate_get_openpgp_keyring: REMOVED gnutls_session_get_server_random: REMOVED gnutls_session_get_client_random: REMOVED gnutls_session_get_master_secret: REMOVED gnutls_ia_allocate_client_credentials: REMOVED gnutls_ia_allocate_server_credentials: REMOVED gnutls_ia_enable: REMOVED gnutls_ia_endphase_send: REMOVED gnutls_ia_extract_inner_secret: REMOVED gnutls_ia_free_client_credentials: REMOVED gnutls_ia_free_server_credentials: REMOVED gnutls_ia_generate_challenge: REMOVED gnutls_ia_get_client_avp_ptr: REMOVED gnutls_ia_get_server_avp_ptr: REMOVED gnutls_ia_handshake: REMOVED gnutls_ia_handshake_p: REMOVED gnutls_ia_permute_inner_secret: REMOVED gnutls_ia_recv: REMOVED gnutls_ia_send: REMOVED gnutls_ia_set_client_avp_function: REMOVED gnutls_ia_set_client_avp_ptr: REMOVED gnutls_ia_set_server_avp_function: REMOVED gnutls_ia_set_server_avp_ptr: REMOVED gnutls_ia_verify_endphase: REMOVED Here are the compressed sources: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.0.tar.bz2 ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.0.tar.bz2 Here is the OpenPGP signature: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.0.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.0.tar.bz2.sig regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
