[gnutls-devel] gnutls 3.5.3
nmav at gnutls.org
Tue Aug 9 07:40:20 CEST 2016
I've just released gnutls 3.5.3. This is a minor enhancements and
bugfix release for the 3.5.x branch.
* Version 3.5.3 (released 2016-08-09)
** libgnutls: Added support for TCP fast open (RFC7413), allowing
to reduce by one round-trip the handshake process. Based on proposal
and patch by Tim Ruehsen.
** libgnutls: Adopted a simpler with less memory requirements DTLS
sliding window implementation. Based on Fridolin Pokorny's
implementation for AF_KTLS.
** libgnutls: Use getrandom where available via the syscall interface.
This works around an issue of not-using getrandom even if it exists
since glibc doesn't declare such function.
** libgnutls: Fixed DNS name constraints checking in the case of empty
intersection of domain names in the chain. Report and fix by Martin
** libgnutls: Fixed name constraints checking in the case of chains
where the higher level certificates contained different types of
constraints than the ones present in the lower intermediate CAs.
Report and fix by Martin Ukrop.
** libgnutls: Dropped support for the EGD random generator.
** libgnutls: Allow the decoding of raw elements (starting with #)
in RFC4514 DN string decoding.
** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was
ignoring flags if all certificates in the list fit within the
initially allocated memory. Patch by Tim Kosse.
** libgnutls: Corrected issue which made
gnutls_certificate_get_x509_crt() to return invalid pointers when
returned more than a single certificate. Report and fix by Stefan
** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the
complete chain, even when the extra_certs was non-null. Report and
fix by Stefan Sørensen.
** certtool: Added the "add_extension" and "add_critical_extension"
template options. This allows specifying arbitrary extensions into
certificates and certificate requests.
** gnutls-cli: Added the --fastopen option.
** API and ABI modifications:
Getting the Software
GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.
Here are the XZ compressed sources:
Here are OpenPGP detached signatures signed using key 0x96865171:
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
More information about the Gnutls-devel