gnutls 3.0.10
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Feb 18 14:34:49 CET 2012
Hello,
I've just released gnutls 3.0.13. This release fixes bugs and adds
new features in the current stable branch. The main additions are,
(1) a new helper interface to support trust on first use (SSH-like)
authentication, (2) gnutls-cli and ocsptool support the on-line
verification of a certificate using OCSP, (3) several updates in
Datagram TLS handling of missed packets and retransmissions (thanks
to work of Sean Buckheister).
* Version 3.0.13 (released 2012-02-18)
** gnutls-cli: added the --ocsp option which will verify
the peer's certificate with OCSP.
** gnutls-cli: added the --tofu and if specified, gnutls-cli
will use an ssh-style authentication method.
** gnutls-cli: if no --x509cafile is provided a default is
assumed (/etc/ssl/certs/ca-certificates.crt), if it exists.
** ocsptool: Added --ask parameter, to verify a certificate's
status from an ocsp server.
** command line apps: Use gnu autogen (libopts) to parse command
line arguments and template files.
** tests: Added stress test for DTLS packet losses and
out-of-order receival. Contributed by Sean Buckheister.
** libgnutls: Several updates and corrections in the DTLS
DTLS lost packet handling and retransmission timeouts.
Report and patches by Sean Buckheister.
** libgnutls: Added new functions to easily allow the usage of
a trust on first use (SSH-style) authentication.
** libgnutls: SUITEB128 and SUITEB192 priority strings account
for the RFC6460 requirements.
** libgnutls: Added new security parameter GNUTLS_SEC_PARAM_LEGACY
to account for security level of 96-bits.
** libgnutls: In client side if server does not advertise any
known CAs and only a single certificate is set in the credentials,
sent that one.
** libgnutls: Added functions to parse authority key identifiers
when stored as a 'general name' and serial combo.
** libgnutls: Added function to force explicit reinitialization
of PKCS #11 modules. This is required on the child process after
a fork (if PKCS #11 functionality is desirable).
** libgnutls: Depend on p11-kit 0.11.
** API and ABI modifications:
gnutls_dtls_get_timeout: Added
gnutls_verify_stored_pubkey: Added
gnutls_store_pubkey: Added
gnutls_store_commitment: Added
gnutls_x509_crt_get_authority_key_gn_serial: Added
gnutls_x509_crl_get_authority_key_gn_serial: Added
gnutls_pkcs11_reinit: Added
gnutls_ecc_curve_list: Added
gnutls_priority_certificate_type_list: Added
gnutls_priority_sign_list: Added
gnutls_priority_protocol_list: Added
gnutls_priority_compression_list: Added
gnutls_priority_ecc_curve_list: Added
gnutls_tdb_init: Added
gnutls_tdb_set_store_func: Added
gnutls_tdb_set_store_commitment_func: Added
gnutls_tdb_set_verify_func: Added
gnutls_tdb_deinit: Added
Getting the Software
====================
GnuTLS may be downloaded from one of the GNU mirror sites or directly
>From <ftp://ftp.gnu.org/gnu/gnutls/>. The list of GNU mirrors can be
found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors
can be found at <http://www.gnu.org/software/gnutls/download.html>.
Here are the XZ compressed sources:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz
http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz
ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.13.tar.xz
Here are OpenPGP detached signatures signed using key 0x96865171:
ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz.sig
http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz.sig
ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.13.tar.xz.sig
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
gmail.com>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
regards,
Nikos
More information about the Gnutls-help
mailing list