[gnutls-dev] GnuTLS 1.7.2

Simon Josefsson simon at josefsson.org
Sun Jan 14 22:41:14 CET 2007

A lot of changes has been added since the last release, so it is about
time to get this out for further testing.  Remember, the GnuTLS 1.7.x
branch is NOT what you want for your stable system.  It is intended
for developers and experienced users.

* Version 1.7.2 (released 2007-01-14)

** Certtool now print the value of the pathLenConstraints field for certs.

** Certtool now query for path length constraints when generating CA certs.
For batch uses, the certtool configuration name is "path_len".
Suggested by Sascha Ziemann <sascha.ziemann at secunet.com>.

** Add new API to get/set pathLenConstraint in the Basic Constraints.
The new functions gnutls_x509_crt_get_basic_constraints and
gnutls_x509_crt_set_basic_constraints provide a superset of the
functionality in the old gnutls_x509_crt_get_ca_status and
gnutls_x509_crt_set_ca_status (respectively), but the old functions
will continue to be supported.

** Add new API in OpenCDK to extract public/secret OpenPGP key to S-expr.
The functions are cdk_pubkey_to_sexp and cdk_seckey_to_sexp.  A proper
OpenCDK release with this patch will be made soon, which should bump
the OpenCDK version number.  Patch by Mario Lenz <mario.lenz at gmx.net>.

** Certtool --to-p12 can now store more than one certificate in the blob.
Before it could only store one certificate, but now it will read and
store as many certificate there are from the --load-certificate file.
Suggested by Sascha Ziemann <sascha.ziemann at secunet.com>.

** Clean up separation of gnutls and gnutls-extra for OpenPGP.
In particular, the OpenPGP function variables are no longer part of
the exported libgnutls interface, and no header files from
libgnutls-extra (GPL) are needed by libgnutls (LGPL).  The variables
were never intended for non-internal purposes, and thus this does not
imply a change in the external API/ABI.

** Print URL to gaa when missing, and fix srcdir!=builddir for GAA files.
Reported by ludovic.courtes at laas.fr (Ludovic Courtès).

** GnuTLS no longer uses -mms-bitfields --enable-runtime-pseudo-reloc.
Before these parameters were set to make GnuTLS build under mingw32,
however, they appear to no longer be necessary.

** A minor fix to the C++ library to make it build.
Reported by Pavlov Konstantin <thresh at altlinux.ru>.

** Update of gnulib files.

** API and ABI modifications:
gnutls_x509_crt_get_basic_constraints: ADD.
gnutls_x509_crt_set_basic_constraints: ADD.
cdk_pubkey_to_sexp: ADD (in opencdk).
cdk_seckey_to_sexp: ADD (in opencdk).

Here are the compressed sources (4.1MB):

Here are GPG detached signatures signed using key 0xB565716F:

Here are the SHA-1 and SHA-224 checksums:

708166c359e3172d11f13cf769db52701074b878  gnutls-1.7.2.tar.bz2
6b62c5af653968e1a9ca3152fd54e1bfcb5458ab  gnutls-1.7.2.tar.bz2.sig

2899127cb9af44827d36b5eae556c8af20e9647fb7fb229e10fa0821  gnutls-1.7.2.tar.bz2
d9077641286903818c55c871fc3ff6e44fe2dbb58d885cae00c939f7  gnutls-1.7.2.tar.bz2.sig

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
Url : /pipermail/attachments/20070114/fdf1aeac/attachment-0001.pgp 

More information about the Gnutls-dev mailing list