[Help-gnutls] Experimental: GnuTLS 1.3.2

Simon Josefsson jas at extundo.com
Thu Dec 15 14:18:37 CET 2005


We are pleased to announce the availability of GnuTLS version 1.3.2,
another release on the experimental 1.3.x branch.

The goal of 1.3.x will be to merge work currently done on CVS
branches, for TLS Pre-Shared-Keys and TLS Inner Application (TLS/IA).
Other planned improvements in 1.3.x are system-independent resume data
structures, modularization of the bignum operations, and TLS OpenPGP
improvements.  With this release, the TLS-PSK, TLS/IA and
system-independent resume data goals have been met.

Currently, http://www.gnutls.org/ and ftp://ftp.gnutls.org/ appear to
be down.  The web pages on http://www.gnu.org/software/gnutls/ are no
longer updated automatically, presumably due to Savannah's recent CVS
changes.  This means http://josefsson.org/gnutls/ is the only
distribution point right now.  I'm considering using ftp.gnu.org as
the canonical distribution point in the future.

GnuTLS is a modern C library that implement the standard network
security protocol Transport Layer Security (TLS), for use by network
applications.

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.

If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:
<http://lists.gnu.org/mailman/listinfo/help-gnutls>.

The project page of the library is available at:
  http://josefsson.org/gnutls/ (updated fastest)
  http://www.gnu.org/software/gnutls/

Here are the compressed sources:
  http://josefsson.org/gnutls/releases/gnutls-1.3.2.tar.gz (3.1MB)

Here are GPG detached signatures signed using key 0xB565716F:
  http://josefsson.org/gnutls/releases/gnutls-1.3.2.tar.bz2.sig

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:
  1280R/B565716F 2002-05-05 [expires: 2006-02-28]
  Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F

The key is available from:
  http://josefsson.org/key.txt
  dns:b565716f.josefsson.org?TYPE=CERT

Here are the build reports for various platforms:
  http://josefsson.org/autobuild-logs/gnutls.html

Here are the SHA-1 checksums:

f0bc87bb29591b710d63699896cb26f539a47e6b  gnutls-1.3.2.tar.bz2
2f7293627dd39968d7341b793c4bf252ac366379  gnutls-1.3.2.tar.bz2.sig

Enjoy,
Nikos and Simon

Noteworthy changes since version 1.3.1:

** GnuTLS now support TLS Inner application (TLS/IA).
This is per draft-funk-tls-inner-application-extension-01.  This
functionality is added to libgnutls-extra, so it is licensed under the
GNU General Public License.

** New APIs to access the TLS Pseudo-Random-Function (PRF).
The PRF is used by some protocols building on TLS, such as EAP-PEAP
and EAP-TTLS.  One function to access the raw PRF and one to access
the PRF seeded with the client/server random fields are provided.
Suggested by Jouni Malinen <jkmaline at cc.hut.fi>.

** New APIs to acceess the client and server random fields in a session.
These fields can be useful by protocols using TLS.  Note that these
fields are typically used as input to the TLS PRF, and if this is your
intended use, you should use the TLS PRF API that use the
client/server random field directly.  Suggested by Jouni Malinen
<jkmaline at cc.hut.fi>.

** Internal type cleanups.
The uint8, uint16, uint32 types have been replaced by uint8_t,
uint16_t, uint32_t.  Gnulib is used to guarantee the presence of
correct types on platforms that lack them.  The uint type have been
replaced by unsigned.

** API and ABI modifications:
New functions to invoke the TLS Pseudo-Random-Function (PRF):
  gnutls_prf
  gnutls_prf_raw

New functions to retrieve the session's client and server random values:
  gnutls_session_get_server_random
  gnutls_session_get_client_random

New function, to perform TLS/IA handshake:
  gnutls_ia_handshake

New function to decide whether to do a TLS/IA handshake:
  gnutls_ia_handshake_p

New functions to allocate a TLS/IA credential:
  gnutls_ia_allocate_client_credentials
  gnutls_ia_free_client_credentials
  gnutls_ia_allocate_server_credentials
  gnutls_ia_free_server_credentials

New functions to handle the AVP callback:
  gnutls_ia_set_client_avp_function
  gnutls_ia_set_client_avp_ptr
  gnutls_ia_get_client_avp_ptr
  gnutls_ia_set_server_avp_function
  gnutls_ia_set_server_avp_ptr
  gnutls_ia_get_server_avp_ptr

New functions, to toggle TLS/IA application phases:
  gnutls_ia_require_inner_phase

New function to mix session keys with inner secret:
  gnutls_ia_permute_inner_secret

Low-level API (used internally by gnutls_ia_handshake):
  gnutls_ia_endphase_send
  gnutls_ia_send
  gnutls_ia_recv

New functions that can be used after successful TLS/IA negotiation:
  gnutls_ia_generate_challenge
  gnutls_ia_extract_inner_secret

Enum type with TLS/IA modes:
  gnutls_ia_mode_t

Enum type with TLS/IA packet types:
  gnutls_ia_apptype_t

Enum values for TLS/IA alerts:
  GNUTLS_A_INNER_APPLICATION_FAILURE
  GNUTLS_A_INNER_APPLICATION_VERIFICATION

New error codes, to signal when an application phase has finished:
  GNUTLS_E_WARNING_IA_IPHF_RECEIVED
  GNUTLS_E_WARNING_IA_FPHF_RECEIVED

New error code to signal TLS/IA verify failure:
  GNUTLS_E_IA_VERIFY_FAILED
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 423 bytes
Desc: not available
URL: </pipermail/attachments/20051215/bc992d36/attachment.pgp>


More information about the Gnutls-help mailing list