GnuTLS 2.5.8, fourth release candidate for 2.6.0

Simon Josefsson simon at josefsson.org
Sun Sep 21 13:02:09 CEST 2008


The GnuTLS 2.5.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

The intention is to release a new stable branch on October 1th, unless
problems are reported.  Test this as if it were the new stable release!

Here are the compressed sources:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.5.8.tar.bz2 (4.9MB)
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.5.8.tar.bz2

Here is the OpenPGP signature:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.5.8.tar.bz2.sig
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.5.8.tar.bz2.sig

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.  You
can contribute by reporting bugs, improve the software, or donate money
or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a Stockholm
based privately held company, is currently funding GnuTLS maintenance.
We are always looking for interesting development projects.  See
http://josefsson.org/ for more details.

/Simon

* Version 2.5.8 (released 2008-09-21)

** certtool: updated so it can add several subject alternative names using
the template file.

** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can
either set or append alternative names. It can also handle binary structures
such as IP addresses.

** libgnutls: Fix crash in hashing code when using non-libgcrypt handlers.

** libgnutls: New function to set minimum acceptable SRP bits.
The function is gnutls_srp_set_prime_bits.  Tiny patch by Kevin Quick
<quick at sparq.org> in <https://savannah.gnu.org/support/index.php?106454>.

** libgnutls: Check for overflows in gnutls_calloc and gnutls_secure_calloc.
Also fix overflows in calls to those functions.  Reported by Werner
Koch <wk at gnupg.org>.

** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode.
The function is gnutls_register_md5_handler.  When libgcrypt is in
FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in
the PRF.

** Opencdk: Add calls to gnutls_assert to ease debugging.

** Indent code.

** API and ABI modifications:
gnutls_srp_set_prime_bits: ADDED
gnutls_register_md5_handler: ADDED
gnutls_x509_crt_set_crl_dist_points2: ADDED
gnutls_x509_crt_set_subject_alt_name: ADDED





More information about the Gnutls-devel mailing list