Hello, I've just released gnutls 2.99.3. Currently it depends on the cvs version of nettle (http://www.lysator.liu.se/~nisse/nettle/). The changes since last version are attached below.
The GnuTLS 2.99.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. The changes since the development release are: * Version 2.99.3 (released 2011-06-18) ** libgnutls: Added new PKCS #11 flags to force an object being private or not. (GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) ** libgnutls: Added SUITEB128 and SUITEB192 priority strings to enable the NSA SuiteB cryptography ciphersuites. ** libgnutls: Added gnutls_pubkey_verify_data2() that will verify data provided the signature algorithm. ** libgnutls: Simplified the handling of handshake messages to be hashed. Instead of hashing during the handshake process we now keep the data until handshake is over and hash them on request. This uses more memory but eliminates issues with TLS 1.2 and simplifies code. ** libgnutls: Added AES-GCM optimizations using the PCLMULQDQ instruction. Uses Andy Polyakov's assembly code. ** libgnutls: Added gnutls_x509_trust_list_add_named_crt() and gnutls_x509_trust_list_verify_named_crt() that allow having a list of certificates in the trusted list that will be associated with a name (e.g. server name) and will not be used as CAs. ** libgnutls: PKCS #11 back-end rewritten to use p11-kit http://p11-glue.freedesktop.org/p11-kit.html. Rewrite by Stef Walter. ** libgnutls: Added ECDHE-PSK ciphersuites for TLS (RFC 5489). ** API and ABI modifications: gnutls_pubkey_verify_data2: ADDED gnutls_ecc_curve_get: ADDED gnutls_x509_trust_list_add_named_crt: ADDED gnutls_x509_trust_list_verify_named_crt: ADDED gnutls_x509_privkey_verify_data: REMOVED gnutls_crypto_bigint_register: REMOVED gnutls_crypto_cipher_register: REMOVED gnutls_crypto_digest_register: REMOVED gnutls_crypto_mac_register: REMOVED gnutls_crypto_pk_register: REMOVED gnutls_crypto_rnd_register: REMOVED gnutls_crypto_single_cipher_register: REMOVED gnutls_crypto_single_digest_register: REMOVED gnutls_crypto_single_mac_register: REMOVED GNUTLS_KX_ECDHE_PSK: New key exchange method GNUTLS_VERIFY_DISABLE_CRL_CHECKS: New certificate verification flag. GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: New PKCS#11 object flag. GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: New PKCS#11 object flag. Here are the compressed sources: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.3.tar.xz ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.3.tar.xz Here is the OpenPGP signature: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.3.tar.xz.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.3.tar.xz.sig regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
