[gnutls-devel] gnutls 3.4.17
nmav at gnutls.org
Thu Dec 8 07:57:52 CET 2016
I've just released gnutls 3.4.17. This is a bug fix release of the
current stable branch.
* Version 3.4.17 (released 2016-12-8)
** libgnutls: Introduced time and constraints checks in the end
certificate in the gnutls_x509_crt_verify_data2() and
** libgnutls: Set limits on the maximum number of alerts handled. That
is, applications using gnutls could be tricked into an busy loop if
the peer sends continuously alert messages. Applications which set a
maximum handshake time (via gnutls_handshake_set_timeout) will
eventually recover but others may remain in a busy loops
indefinitely. This is related but not identical to CVE-2016-8610,
due to the difference in alert handling of the libraries (gnutls
delegates that handling to applications).
** libgnutls: Enhanced the PKCS#7 parser to allow decoding old
(pre-rfc5652) structures with arbitrary encapsulated content.
** libgnutls: Backported cipher priorities order from 3.5.x branch.
That adds CHACHA20-POLY1305 ciphersuite to SECURE priority strings.
** certtool: When exporting a CRQ in DER format ensure no text data are
intermixed. Patch by Dmitry Eremin-Solenikov.
** API and ABI modifications:
Getting the Software
GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.
Here are the XZ compressed sources:
Here are OpenPGP detached signatures signed using key 0x96865171:
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
More information about the Gnutls-devel