[Help-gnutls] Experimental: GnuTLS 1.3.3

Simon Josefsson jas at extundo.com
Thu Jan 12 22:32:03 CET 2006 

We are pleased to announce the availability of GnuTLS version 1.3.3,
another release on the experimental 1.3.x branch.

The goal of 1.3.x will be to add support for TLS Pre-Shared-Keys and
TLS Inner Application (TLS/IA).  Other planned improvements in 1.3.x
are system-independent resume data structures, modularization of the
bignum operations, and TLS OpenPGP improvements.  So far, the TLS-PSK,
TLS/IA and system-independent resume data goals have been met.

GnuTLS is a modern C library that implement the standard network
security protocol Transport Layer Security (TLS), for use by network
applications.

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.

If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:
<http://lists.gnu.org/mailman/listinfo/help-gnutls>.

The project page of the library is available at:
  http://www.gnutls.org/
  http://www.gnu.org/software/gnutls/
  http://josefsson.org/gnutls/ (updated fastest)

Here are the compressed sources:
  http://josefsson.org/gnutls/releases/gnutls-1.3.3.tar.gz (3.1MB)
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.3.3.tar.bz2 (3.1MB)

Here are GPG detached signatures signed using key 0xB565716F:
  http://josefsson.org/gnutls/releases/gnutls-1.3.3.tar.bz2.sig
  ftp://ftp.gnutls.org/pub/gnutls/gnutls-1.3.3.tar.bz2.sig

The software is cryptographically signed by the author using an
OpenPGP key identified by the following information:
  1280R/B565716F 2002-05-05 [expires: 2006-02-28]
  Key fingerprint = 0424 D4EE 81A0 E3D1 19C6  F835 EDA2 1E94 B565 716F

The key is available from:
  http://josefsson.org/key.txt
  dns:b565716f.josefsson.org?TYPE=CERT

Here are the build reports for various platforms:
  http://josefsson.org/autobuild-logs/gnutls.html

Here are the SHA-1 checksums:

65e255278632646afc48b284fbe03ddef996551b  gnutls-1.3.3.tar.bz2
e4a401b914d4f39f13e5c714b0278b00bb11fef3  gnutls-1.3.3.tar.bz2.sig

Enjoy,
Nikos and Simon

Noteworthy changes since version 1.3.2:

** New API to access the TLS master secret.
When possible, you should use the TLS PRF functions instead.
Suggested by Jouni Malinen <jkmaline at cc.hut.fi>.

** Improved handling when multiple libraries use GnuTLS at the same time.
Now gnutls_global_init() can be called multiple times, and
gnutls_global_deinit() will only deallocate the structure when it has
been called as many times as gnutls_global_init() was called.

** Added a self test of TLS resume functionality.

** Fix crash in TLS resume code, caused by TLS/IA changes.

** Documentation fixes about thread unsafety, prompted by
** discussion with bryanh at giraffe-data.com (Bryan Henderson).
In particular, gnutls_global_init() and gnutls_global_deinit() are not
thread safe.  Careful callers may want to protect the call using a
mutex.  The problem could also be ignored, which would cause a memory
leak under rare conditions when two threads invoke the function
roughly at the same time.

** Add 'const' keywords in various places, from Frediano ZIGLIO.

** The code was indented again, including the external header files.

** API and ABI modifications:
New functions to retrieve the master secret value:
  gnutls_session_get_master_secret

Add a 'const' keyword to existing API:
  gnutls_x509_crq_get_challenge_password

More information about the Gnutls-help mailing list