[gnutls-devel] gnutls 3.4.17

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Dec 8 07:57:52 CET 2016

 I've just released gnutls 3.4.17. This is a bug fix release of the
current stable branch.

* Version 3.4.17 (released 2016-12-8)

** libgnutls: Introduced time and constraints checks in the end
   certificate   in the gnutls_x509_crt_verify_data2() and
   gnutls_pkcs7_verify_direct() functions.

** libgnutls: Set limits on the maximum number of alerts handled. That
   is, applications using gnutls could be tricked into an busy loop if 
   the peer sends continuously alert messages. Applications which set a
   maximum handshake time (via gnutls_handshake_set_timeout) will
   eventually recover but others may remain in a busy loops 
   indefinitely. This is related but not identical to CVE-2016-8610,
   due to the difference in alert handling of the libraries (gnutls
   delegates that handling to applications).

** libgnutls: Enhanced the PKCS#7 parser to allow decoding old
   (pre-rfc5652) structures with arbitrary encapsulated content.

** libgnutls: Backported cipher priorities order from 3.5.x branch.
   That adds CHACHA20-POLY1305 ciphersuite to SECURE priority strings.

** certtool: When exporting a CRQ in DER format ensure no text data are
   intermixed. Patch by Dmitry Eremin-Solenikov.

** API and ABI modifications:
gnutls_pkcs7_get_embedded_data_oid: Added

Getting the Software

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x96865171:


Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]


More information about the Gnutls-devel mailing list