GnuTLS 2.3.3

Simon Josefsson simon at josefsson.org
Mon Mar 10 15:37:07 CET 2008 

The GnuTLS 2.3.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

I tried to make sure there are no ABI/ABI modifications/deletions in
this compared to v2.2.x, but as the changes have been quite large, I may
have missed something.  Note that we don't guarantee ABI compatibility
during development releases, so if there are ABI breaks in this release,
we'll consider those bugs and revert them, rather than bumping the ABI.

Also, we need to figure out how the LGPL opencdk should be handled.  The
only LGPL'ed opencdk is the one included in this release.  There should
probably be an external release of this code.

News in this release:

* Version 2.3.3 (released 2008-03-10)

** Fix build failure in libextra/gnutls_extra.c that needed opencdk.h.
Reported by Roman Bogorodskiy <novel at FreeBSD.org>.

** No longer compiled using -D_REENTRANT -D_THREAD_SAFE.
We could not find any modern justification for enabling these flags by
default.  If you know of some platform that needs one of the flags to
work properly, please let us know.  (Actually introduced in v2.3.0 but
not documented until now.)

** Importing many CA certificates are now considerably faster.
This affect gnutls_certificate_set_x509_trust_mem,
gnutls_certificate_set_x509_trust, and
gnutls_certificate_set_x509_trust_file.  The complexity was reduced
From O(2*n^2) to O(n).  When adding 206 files containing 408
certificates, using gnutls_certificate_set_x509_trust_file, the time
dropped from 40 seconds to 0.3 seconds.  Thanks to Edgar Fuß for code
to trigger the problem.  See also
<http://blog.josefsson.org/2008/02/27/real-world-performance-tuning-with-callgrind/>.

** Clarify documentation for gnutls_x509_crt_set_subject_alternative_name
** to be explicit that it takes zero terminated data.

** gnutls-cli --print-cert now print PKCS#3 format Diffie-Hellman parameters.

** Documentation fixes for the GTK-DOC manual.

** Fix compilation error related to __FUNCTION__ on some systems.
Reported by Tim Mooney, see
<https://savannah.gnu.org/support/?106267>.

** Updated translations.

** Update gnulib files.

** API and ABI modifications:
gnutls_hex2bin: MODIFIED, uses size_t instead of int for string length,
		and char* instead of void* for output buffer.

The goals for the 2.3.x branch are tracked at:

http://trac.gnutls.org/cgi-bin/trac.cgi/milestone/gnutls-2.4

More ideas are welcome, just create a new ticket.

Here are the compressed sources:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.3.3.tar.bz2
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.3.3.tar.bz2

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20080310/403e8200/attachment.pgp>

More information about the Gnutls-devel mailing list