[gnutls-dev] Experimental: GnuTLS 1.3.2
jas at extundo.com
Thu Dec 15 14:18:37 CET 2005
We are pleased to announce the availability of GnuTLS version 1.3.2,
another release on the experimental 1.3.x branch.
The goal of 1.3.x will be to merge work currently done on CVS
branches, for TLS Pre-Shared-Keys and TLS Inner Application (TLS/IA).
Other planned improvements in 1.3.x are system-independent resume data
structures, modularization of the bignum operations, and TLS OpenPGP
improvements. With this release, the TLS-PSK, TLS/IA and
system-independent resume data goals have been met.
Currently, http://www.gnutls.org/ and ftp://ftp.gnutls.org/ appear to
be down. The web pages on http://www.gnu.org/software/gnutls/ are no
longer updated automatically, presumably due to Savannah's recent CVS
changes. This means http://josefsson.org/gnutls/ is the only
distribution point right now. I'm considering using ftp.gnu.org as
the canonical distribution point in the future.
GnuTLS is a modern C library that implement the standard network
security protocol Transport Layer Security (TLS), for use by network
Improving GnuTLS is costly, but you can help! We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.
Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance. Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance. We are always looking for interesting development
If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:
The project page of the library is available at:
http://josefsson.org/gnutls/ (updated fastest)
Here are the compressed sources:
Here are GPG detached signatures signed using key 0xB565716F:
The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:
1280R/B565716F 2002-05-05 [expires: 2006-02-28]
Key fingerprint = 0424 D4EE 81A0 E3D1 19C6 F835 EDA2 1E94 B565 716F
The key is available from:
Here are the build reports for various platforms:
Here are the SHA-1 checksums:
Nikos and Simon
Noteworthy changes since version 1.3.1:
** GnuTLS now support TLS Inner application (TLS/IA).
This is per draft-funk-tls-inner-application-extension-01. This
functionality is added to libgnutls-extra, so it is licensed under the
GNU General Public License.
** New APIs to access the TLS Pseudo-Random-Function (PRF).
The PRF is used by some protocols building on TLS, such as EAP-PEAP
and EAP-TTLS. One function to access the raw PRF and one to access
the PRF seeded with the client/server random fields are provided.
Suggested by Jouni Malinen <jkmaline at cc.hut.fi>.
** New APIs to acceess the client and server random fields in a session.
These fields can be useful by protocols using TLS. Note that these
fields are typically used as input to the TLS PRF, and if this is your
intended use, you should use the TLS PRF API that use the
client/server random field directly. Suggested by Jouni Malinen
<jkmaline at cc.hut.fi>.
** Internal type cleanups.
The uint8, uint16, uint32 types have been replaced by uint8_t,
uint16_t, uint32_t. Gnulib is used to guarantee the presence of
correct types on platforms that lack them. The uint type have been
replaced by unsigned.
** API and ABI modifications:
New functions to invoke the TLS Pseudo-Random-Function (PRF):
New functions to retrieve the session's client and server random values:
New function, to perform TLS/IA handshake:
New function to decide whether to do a TLS/IA handshake:
New functions to allocate a TLS/IA credential:
New functions to handle the AVP callback:
New functions, to toggle TLS/IA application phases:
New function to mix session keys with inner secret:
Low-level API (used internally by gnutls_ia_handshake):
New functions that can be used after successful TLS/IA negotiation:
Enum type with TLS/IA modes:
Enum type with TLS/IA packet types:
Enum values for TLS/IA alerts:
New error codes, to signal when an application phase has finished:
New error code to signal TLS/IA verify failure:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 423 bytes
Desc: not available
Url : /pipermail/attachments/20051215/bc992d36/attachment.pgp
More information about the Gnutls-dev