[gnutls-devel] gnutls 3.3.7

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Aug 24 10:04:38 CEST 2014

 I've just released gnutls 3.3.7. This is a bug-fix release on the next-stable branch.

* Version 3.3.7 (released 2014-08-24)

** libgnutls: Added function to export the public key of a PKCS #11
private key. Contributed by Wolfgang Meyer zu Bergsten.

** libgnutls: Explicitly set the exponent in PKCS #11 key generation.
That improves compatibility with certain PKCS #11 modules. Contributed by
Wolfgang Meyer zu Bergsten.

** libgnutls: When generating a PKCS #11 private key allow setting
the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten.

** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session
to the key.

** libgnutls: bundle replacements of inet_pton and inet_aton if not

** libgnutls: initialize parameters variable on PKCS #8 decryption.

** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1

** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125
requirement of checking the Common Name (CN) part of DN only if there is
a single CN present in the certificate.

** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used
to force the FIPS mode, when set to 1.

** libgnutls: In DTLS ignore only errors that relate to unexpected packets
and decryption failures.

** p11tool: Added --info parameter.

** certtool: Added --mark-wrap parameter.

** danetool: --check will attempt to retrieve the server's certificate
chain and verify against it.

** danetool/gnutls-cli-debug: Added --app-proto parameters which can
be used to enforce starttls (currently only SMTP and IMAP) on the connection.

** danetool: Added openssl linking exception, to allow linking
with libunbound.

** API and ABI modifications:
gnutls_pkcs11_privkey_export_pubkey: Added
gnutls_pkcs11_obj_flags_get_str: Added
gnutls_pkcs11_obj_get_flags: Added

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ and LZIP compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-devel mailing list