gnutls 2.99.0

Nikos Mavrogiannopoulos nmav at
Sat Apr 9 10:05:56 CEST 2011


The GnuTLS 2.99.x branch is NOT what you want for your stable system.
It is intended for developers and experienced users.

This is an update release that includes features such as Datagram TLS
AES-GCM and more.

This release includes documentation for the usage of DTLS as part
of the main GnuTLS manual, but the major changes are summarized by
this commit:;a=commitdiff;h=08a1b04b3d049a4a44132c0bce0c017c0c70f892

The changes since the last stable branch are:
* Version 2.99.0 (released 2011-04-09)

** libgnutls: Added Datagram TLS support.

** libgnutls: Uses a single configure file and a single
gnulib library to save space.

** libgnutls: Several bug fixes.

** libgnutls: gnutls_transport_set_lowat() is no more.

** libgnutls-openssl: modified to use modern gnutls' functions.
This introduces an ABI incompatibility with previous versions.

** libgnutls: Corrected signature generation and verification
in the Certificate Verify message when in TLS 1.2. Reported
by Todd A. Ouska.

** libgnutlsxx: The C++ interface returns exception on
every error and not only on fatal ones. This allows easier
handling of errors.

** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored
the PSK callback.

** libgnutls: SRP and PSK are no longer set on the default priorities.
They have to be explicitly set.

** libgnutls: During handshake message verification using DSS
use the hash algorithm required by it.

** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION
on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH.

** libgnutls: Added GCM mode (interoperates with

** libgnutls-extra: Inner application extension was removed.
It was never standardized nor published as an RFC.

** libgnutls: Added new certificate verification functions, that
can provide more details and are more efficient. Check

** certtool: Uses the new certificate verification functions for

** certtool: Added new certificate verification functionality
using the --verify option. Combined with --load-ca-certificate
it can verify a certificate chain against a list of certificates.

** API and ABI modifications:
gnutls_dtls_set_timeouts: ADDED
gnutls_dtls_get_mtu: ADDED
gnutls_dtls_get_data_mtu: ADDED
gnutls_dtls_set_mtu: ADDED
gnutls_dtls_cookie_send: ADDED
gnutls_dtls_cookie_verify: ADDED
gnutls_dtls_prestate_set: ADDED
gnutls_x509_trust_list_verify_crt: ADDED
gnutls_x509_trust_list_add_crls: ADDED
gnutls_x509_trust_list_add_cas: ADDED
gnutls_x509_trust_list_init: ADDED
gnutls_x509_trust_list_deinit: ADDED
gnutls_cipher_add_auth: ADDED
gnutls_cipher_tag: ADDED
gnutls_psk_netconf_derive_key: REMOVED
gnutls_certificate_verify_peers: REMOVED
gnutls_session_set_finished_function: REMOVED
gnutls_ext_register: REMOVED
gnutls_certificate_get_x509_crls: REMOVED
gnutls_certificate_get_x509_cas: REMOVED
gnutls_certificate_get_openpgp_keyring: REMOVED
gnutls_session_get_server_random: REMOVED
gnutls_session_get_client_random: REMOVED
gnutls_session_get_master_secret: REMOVED
gnutls_ia_allocate_client_credentials: REMOVED
gnutls_ia_allocate_server_credentials: REMOVED
gnutls_ia_enable: REMOVED
gnutls_ia_endphase_send: REMOVED
gnutls_ia_extract_inner_secret: REMOVED
gnutls_ia_free_client_credentials: REMOVED
gnutls_ia_free_server_credentials: REMOVED
gnutls_ia_generate_challenge: REMOVED
gnutls_ia_get_client_avp_ptr: REMOVED
gnutls_ia_get_server_avp_ptr: REMOVED
gnutls_ia_handshake: REMOVED
gnutls_ia_handshake_p: REMOVED
gnutls_ia_permute_inner_secret: REMOVED
gnutls_ia_recv: REMOVED
gnutls_ia_send: REMOVED
gnutls_ia_set_client_avp_function: REMOVED
gnutls_ia_set_client_avp_ptr: REMOVED
gnutls_ia_set_server_avp_function: REMOVED
gnutls_ia_set_server_avp_ptr: REMOVED
gnutls_ia_verify_endphase: REMOVED

Here are the compressed sources:

Here is the OpenPGP signature:


More information about the Gnutls-devel mailing list