[gnutls-dev] GnuTLS 1.7.3
simon at josefsson.org
Thu Feb 1 16:42:25 CET 2007
This is mostly to get support for Proxy Certificates (RFC 3820)
released. Remember, the GnuTLS 1.7.x branch is NOT what you want for
your stable system. It is intended for developers and experienced
* Version 1.7.3 (released 2007-02-01)
** New option to certtool: --generate-proxy.
This will generate a Proxy Certificate from an end entity certificate.
Proxy Certificates are documented in RFC 3820. You will need to
specify the proxy certificate's private key with --load-privkey, the
user certificate with --load-certificate and the private key used to
sign the new proxy certificate with --load-ca-privkey. Certtool will
query for proxy path length and the policy language OID. Currently
only OIDs that have an empty policy are supported (which includes the
two OIDs defined by RFC 3820).
** Certtool --certificate-info now prints information for Proxy Certificates.
Before the proxy extension was just printed as DER encoded data.
** New APIs to set proxy subject names and get/set proxy cert extension.
** Fix parsing of pathLenConstraints in BasicConstraints with missing cA.
** Added self-test to test for regressions of pathLenConstraint bug.
Incidentally, this also test (some) other regressions or changes in
the output from certtool --certificate-info.
** When certtool generates CA certificates, pressing enter on the path
** length constraint query will now remove the field.
Before it set the path length constraint to 0, which is a rather poor
** Certtool now print times in UTC when printing certificate/CRL info.
** Add better fix to work around C++ compiler bug on Mac OS X.
Reported and tiny patch provided by Matthias Scheler <tron at NetBSD.org>.
** Fix import of ASCII armored OpenPGP keys.
Patch by ludovic.courtes at laas.fr (Ludovic Courtès).
** API and ABI modifications:
Here are the compressed sources (4.1MB):
Here are GPG detached signatures signed using key 0xB565716F:
Here are the SHA-1 and SHA-224 checksums:
Improving GnuTLS is costly, but you can help! We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.
Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance. Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance. We are always looking for interesting development
projects. See http://josefsson.org/ for more details.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 419 bytes
Desc: not available
Url : /pipermail/attachments/20070201/6254252e/attachment.pgp
More information about the Gnutls-dev