gnutls 2.99.2

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu May 26 19:05:43 CEST 2011


Hello,
 I've just released gnutls 2.99.2. It's main addition is the
experimental support for Elliptic curves (ECDH and ECDSA).


The GnuTLS 2.99.x branch is NOT what you want for your stable system.
It is intended for developers and experienced users.
The changes since the development release are:

* Version 2.99.2 (released 2011-05-26)

** libgnutls: Added Elliptic curve support. This is not
enabled by default. Requires priority strings:
+CURVE-ALL: to add all supported curves
+ECDHE-RSA: to add ephemeral ECDHE with an RSA-signed certificate
+ECDHE-ECDSA: to add ephemeral ECDHE with an ECDSA-signed certificate
+ANON-ECDHE: to add anonymous ECDH

** libgnutls: PKCS #11 URLs conform to the latest draft
being http://tools.ietf.org/html/draft-pechanec-pkcs11uri-04.

** certtool: Can now load private keys and public keys from PKCS #11
tokens via URLs.

** libgnutls: Added gnutls_global_set_audit_log_function() that allows
to get important auditing information including the corresponding
session. That might be useful to block DoS or other attacker from
specific IPs.

** libgnutls: gnutls_pkcs11_privkey_import_url() will now correctly read
the public key algorithm of the key.

** libgnutls: Added gnutls_certificate_get_issuer() and
gnutls_x509_trust_list_get_issuer() to compensate for the
missing gnutls_certificate_get_x509_cas().

** libgnutls: Added gnutls_x509_crq_verify() to allow
verification of the self signature in a certificate request.
This allows verifying whether the owner of the private key
is the generator of the request.

** libgnutls: gnutls_x509_crt_set_crq() implicitly verifies
the self signature of the request.

** API and ABI modifications:
gnutls_certificate_get_issuer: ADDED
gnutls_x509_trust_list_get_issuer: ADDED
gnutls_x509_crq_verify: ADDED
gnutls_global_set_audit_log_function: ADDED
gnutls_ecc_curve_get_name: ADDED
gnutls_ecc_curve_get_size: ADDED
gnutls_x509_privkey_import_ecc_raw: ADDED
gnutls_x509_privkey_export_ecc_raw: ADDED
gnutls_global_set_time_function: ADDED

GNUTLS_E_ECC_NO_SUPPORTED_CURVES: New error code
GNUTLS_E_ECC_UNSUPPORTED_CURVE: New error code
GNUTLS_KX_ECDHE_RSA: New key exchange method
GNUTLS_KX_ECDHE_ECDSA: New key exchange method
GNUTLS_KX_ANON_ECDH: New key exchange method
GNUTLS_PK_ECC: New public key algorithm
GNUTLS_SIGN_ECDSA_SHA1: New signature algorithm
GNUTLS_SIGN_ECDSA_SHA256: New signature algorithm
GNUTLS_SIGN_ECDSA_SHA384: New signature algorithm
GNUTLS_SIGN_ECDSA_SHA512: New signature algorithm
GNUTLS_SIGN_ECDSA_SHA224: New signature algorithm
GNUTLS_ECC_CURVE_INVALID: New curve definition
GNUTLS_ECC_CURVE_SECP224R1: New curve definition
GNUTLS_ECC_CURVE_SECP256R1: New curve definition
GNUTLS_ECC_CURVE_SECP384R1: New curve definition
GNUTLS_ECC_CURVE_SECP521R1: New curve definition


Here are the compressed sources:
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.2.tar.bz2
  ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.2.tar.bz2

Here is the OpenPGP signature:
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.2.tar.bz2.sig
  ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.2.tar.bz2.sig

regards,
Nikos





More information about the Gnutls-help mailing list