[gnutls-dev] GnuTLS 1.5.4 aka 1.6.0rc1 - experimental

Simon Josefsson jas at extundo.com
Tue Nov 7 13:38:45 CET 2006

I am happy to announce GnuTLS 1.5.4, a release on the current
development branch.  We still recommend the 1.4.x branch as the stable

This release is a release candidate for the next major stable release,
1.6.0.  Please test this release as if it were a stable release, and
report any regressions since the 1.4.x branch.  Hopefully we can
release 1.6.0 in a week or so.

One goal with the 1.5.x branch is to make Windows x86 a supported
platform for GnuTLS.  We do this by providing a binary Windows
installer of GnuTLS, cross-compiled from GNU/Linux using MinGW and
NSIS.  The installer is (lightly) tested on Windows 2000 and Windows
XP.  It is possible to develop applications in Visual Studio or MinGW
that links to the library.  See http://josefsson.org/gnutls4win/ for
more information on the Windows releases.

GnuTLS is a modern C library that implement the standard network
security protocol Transport Layer Security (TLS), for use by network

Noteworthy changes since 1.5.3:

** New API functions to set errno in push/pull functions.
Under Windows, setting the errno variable in a push/pull replacement
may end up setting the wrong errno variable, and GnuTLS send/recv
functions become confused about the real errno returned from a failed
push/pull function.  Therefor, we have added two APIs to set the errno
variable used by GnuTLS.  The APIs can also help to keep things
thread-safe, by avoiding potentially global variables.  Typically,
instead of setting errno in your push/pull function, you will call one
of these functions.  It is recommended to use
gnutls_transport_set_errno, but if you don't have the session variable
easily accessible in the push/pull replacement function, you can use
gnutls_transport_set_global_errno.  Suggested by Tim Kosse
<tim.kosse at filezilla-project.org>.

void gnutls_transport_set_errno (gnutls_session_t session, int err);
void gnutls_transport_set_global_errno (int err);

** When calling `recv' or `send' Windows errors are handled properly.
The Windows recv/send functions doesn't use errno, and GnuTLS now use
WSAGetLastError to access the error condition instead.

** Several OpenPGP API fixes.
All suggested by ludovic.courtes at laas.fr (Ludovic Courtès).  The most
important fix is to change the return value of
gnutls_openpgp_privkey_get_pk_algorithm and
gnutls_openpgp_key_get_pk_algorithm from 'int' to
'gnutls_pk_algorithm_t', which is an enum type (and thus API/ABI
compatible with 'int').

** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
** version, try to negotiate the highest version support by the GnuTLS server,
** instead of the lowest.
Reported by <Pasi.Eronen at nokia.com>.

** Replace old constructs with use of gnulib modules.
For example, we can now assume unistd.h, sys/stat.h, sys/socket.h in
the code.  If the headers doesn't exist on the target system, gnulib
will make sure its replacement header files are used instead.

** Fix SOVERSION computation for *.def files.
This fixes build errors similar to "No rule to make target
`libgnutls-`expr', needed by `all-am'." when building for Windows.

** gnutls_check-version uses strverscmp from gnulib.

** Update of gnulib files.

** API and ABI modifications:
gnutls_transport_set_errno: ADD
gnutls_transport_set_global_errno: ADD

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

All manual formats are available from:

Direct link to the most popular formats:
  http://www.gnutls.org/manual/gnutls.html - HTML format
  http://www.gnutls.org/manual/gnutls.pdf  - PDF format
  http://www.gnutls.org/reference/ch01.html  - API Reference, GTK-DOC HTML

If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:

The project page of the library is available at:

Here are the compressed sources (4.1MB):

Here are GPG detached signatures signed using key 0xB565716F:

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:

pub   1280R/B565716F 2002-05-05 [expires: 2007-02-15]
uid                  Simon Josefsson <jas at extundo.com>
uid                  Simon Josefsson <simon at josefsson.org>
sub   1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15]
sub   1024R/09CC4670 2006-03-18 [expires: 2007-04-22]
sub   1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22]
sub   1024R/A14C401A 2006-03-18 [expires: 2007-04-22]

The key is available from:

Here are the SHA-1 and SHA-224 checksums:

8d9895023a3939f45de95e84e6e9aa9103713e65  gnutls-1.5.4.tar.bz2
09765fad04e6f6bb27fa2cb338544e3cb50575d0  gnutls-1.5.4.tar.bz2.sig

706e17646b8f0152d64204479ef9c157fd2efef45acf9b3267750a56  gnutls-1.5.4.tar.bz2
38a77f2b3d89f288e88086d06b70b063d183ebe75dfd2ddd91ddd226  gnutls-1.5.4.tar.bz2.sig

Nikos and Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
Url : /pipermail/attachments/20061107/f65d1d63/attachment.pgp

More information about the Gnutls-dev mailing list