[gnutls-devel] gnutls 3.3.23

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri May 20 07:50:14 CEST 2016 

Hello, 
 I've just released gnutls 3.3.23. This is a bug-fix release on
the previous stable branch.

* Version 3.3.23 (released 2016-05-20)

** libgnutls: Corrected behavior of ALPN extension parsing during
   session resumption. Report and patches by Yuriy M. Kaminskiy.

** libgnutls: Properly print the IP Adress name constraints.

** libgnutls: Fixes in gnutls_privkey_import_ecc_raw().

** libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the
   GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that
   operation could fail on certain PKCS#11 modules.

** libgnutls: gnutls_pkcs11_obj_import_url() and
   gnutls_x509_crt_import_pkcs11_url() can accept the
   GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.

** libgnutls: gnutls_certificate_set_key() was enhanced to import the
   DNS name of the certificates if the provided names are NULL.

** libgnutls: when receiving SNI names, only save and expose to
   application the supported DNS names.

** libgnutls: when importing the certificate names at the
   gnutls_certificate_set* functions, only consider the CN as a
   fallback if DNS names are provided via the alternative name
   extension.

** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers
   serving chunk encoding which ocsptool doesn't support. Reported by
   Thomas Klute.

** certtool: do not require a CA for OCSP signing tag. This follows the
   recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate
   OCSP signing to another certificate without requiring it to be a
   CA. Reported by Thomas Klute.

** gnutls-cli: on OCSP verification do not fail if we have a single
   valid reply. Report and reproducer by Thomas Klute.

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.23.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.23.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos

More information about the Gnutls-devel mailing list