gnutls 2.99.3

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Jun 18 21:30:16 CEST 2011


Hello,
 I've just released gnutls 2.99.3. Currently it depends on the
cvs version of nettle (http://www.lysator.liu.se/~nisse/nettle/).
The changes since last version are attached below.

The GnuTLS 2.99.x branch is NOT what you want for your stable system.
It is intended for developers and experienced users.
The changes since the development release are:

* Version 2.99.3 (released 2011-06-18)

** libgnutls: Added new PKCS #11 flags to force an object being private
or not. (GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and
GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE)

** libgnutls: Added SUITEB128 and SUITEB192 priority
strings to enable the NSA SuiteB cryptography ciphersuites.

** libgnutls: Added gnutls_pubkey_verify_data2() that will
verify data provided the signature algorithm.

** libgnutls: Simplified the handling of handshake messages to
be hashed. Instead of hashing during the handshake process we now
keep the data until handshake is over and hash them on request.
This uses more memory but eliminates issues with TLS 1.2 and
simplifies code.

** libgnutls: Added AES-GCM optimizations using the PCLMULQDQ
instruction. Uses Andy Polyakov's assembly code.

** libgnutls: Added gnutls_x509_trust_list_add_named_crt() and
gnutls_x509_trust_list_verify_named_crt() that allow having a
list of certificates in the trusted list that will be associated
with a name (e.g. server name) and will not be used as CAs.

** libgnutls: PKCS #11 back-end rewritten to use p11-kit
http://p11-glue.freedesktop.org/p11-kit.html. Rewrite by
Stef Walter.

** libgnutls: Added ECDHE-PSK ciphersuites for TLS (RFC 5489).

** API and ABI modifications:
gnutls_pubkey_verify_data2: ADDED
gnutls_ecc_curve_get: ADDED
gnutls_x509_trust_list_add_named_crt: ADDED
gnutls_x509_trust_list_verify_named_crt: ADDED
gnutls_x509_privkey_verify_data: REMOVED
gnutls_crypto_bigint_register: REMOVED
gnutls_crypto_cipher_register: REMOVED
gnutls_crypto_digest_register: REMOVED
gnutls_crypto_mac_register: REMOVED
gnutls_crypto_pk_register: REMOVED
gnutls_crypto_rnd_register: REMOVED
gnutls_crypto_single_cipher_register: REMOVED
gnutls_crypto_single_digest_register: REMOVED
gnutls_crypto_single_mac_register: REMOVED
GNUTLS_KX_ECDHE_PSK: New key exchange method
GNUTLS_VERIFY_DISABLE_CRL_CHECKS: New certificate verification flag.
GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: New PKCS#11 object flag.
GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: New PKCS#11 object flag.

Here are the compressed sources:
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.3.tar.xz
  ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.3.tar.xz

Here is the OpenPGP signature:
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.3.tar.xz.sig
  ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.3.tar.xz.sig

regards,
Nikos





More information about the Gnutls-help mailing list