[gnutls-devel] gnutls 3.5.12

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu May 11 07:53:21 CEST 2017


Hello, 
 I've just released gnutls 3.5.12. This is a bug fix release on the
3.5.x branch.

* Version 3.5.12 (released 2017-05-11)

** libgnutls: enabled TCP Fast open for MacOSX. Patch by Tim Ruehsen.

** libgnutls: gnutls_x509_crt_check_hostname2() no longer matches IP
   addresses against DNS fields of certificate (CN or DNSname). The
   previous behavior was to tolerate some misconfigured servers, but
   that was non-standard and skipped any IP constraints present in
   higher level certificates.

** libgnutls: when converting to IDNA2008, fallback to IDNA2003 (i.e.,
   transitional encoding) if the domain cannot be converted. That
   provides maximum compatibility with browsers like firefox that
   perform the same conversion.

** libgnutls: fix issue in RSA-PSK client callback which resulted in no
   username being sent to the peer. Patch by Nicolas Dufresne.

** libgnutls: fix regression causing stapled extensions in trust
   modules not to be considered.

** certtool: introduced the email_protection_key option.  This option
   was introduced in documentation for certtool without an
   implementation of it. It is a shortcut for option
   'key_purpose_oid = 1.3.6.1.5.5.7.3.4'.

** certtool: made printing of key ID and key PIN consistent between
   certificates, public keys, and private keys. That is the private
   key printing now uses the same format as the rest.

** gnutls-cli: introduced the --sni-hostname option. This allows 
   overriding the hostname advertised to the peer.

** API and ABI modifications:
No changes since last version.


Getting the Software
====================

GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>.  A list of GnuTLS mirrors can be
found at <http://www.gnutls.org/download.html>.

Here are the XZ compressed sources:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.12.tar.xz

Here are OpenPGP detached signatures signed using key 0x96865171:

  ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.12.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid                  Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid                  Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub   2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub   2048R/1404A91D 2008-05-04 [expires: 2018-05-02]

regards,
Nikos




More information about the Gnutls-devel mailing list