[gnutls-devel] gnutls 3.4.15
nmav at gnutls.org
Thu Sep 8 07:59:24 CEST 2016
I've just released gnutls 3.4.15. This is a bug fix release of the
current stable branch.
* Version 3.4.15 (released 2016-09-08)
** libgnutls: Corrected the comparison of the serial size in OCSP
response. Previously the OCSP certificate check wouldn't verify the
serial length and could succeed in cases it shouldn't
(GNUTLS-SA-2016-3). Reported by Stefan Buehler.
** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was
ignoring flags if all certificates in the list fit within the
initially allocated memory.
** libgnutls: Corrected issue which made
gnutls_certificate_get_x509_crt() to return invalid pointers when
returned more than a single certificate. Report and fix by Stefan
** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the
complete chain. Report and fix by Stefan Sørensen.
** libgnutls: Added support for decrypting PKCS#8 files which use the
HMAC-SHA256 as PRF.
** libgnutls: Addressed issue with PKCS#11 signature generation on
ECDSA keys. The signature is now written as unsigned integers into
the DSASignatureValue structure. Previously signed integers could be
written depending on what the underlying module would produce.
** API and ABI modifications:
No changes since last version.
Getting the Software
GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.
Here are the XZ compressed sources:
Here are OpenPGP detached signatures signed using key 0x96865171:
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
More information about the Gnutls-devel