[gnutls-help] gnutls 3.6.6
nmav at gnutls.org
Fri Jan 25 09:02:50 CET 2019
I've just released gnutls 3.6.6. This is a bug fix release on the
3.6.x branch. It introduces support for raw public keys, fixes several
small issues and issues related to TLS1.3 support.
I'd like to thank everyone who contributed in this release:
Tim Rühsen, Daiki Ueno, Dmitry Eremin-Solenikov, Hugo Beauzée-Luyssen,
Peter Wu, Andreas Metzler, Fabrice Fontaine, Alon Bar-Lev,
Maks Naumov, Marga Manterola and Tom Vrancken.
The detailed list of changes follows; they can be seen in more detail
in our milestone tracker:
* Version 3.6.6 (released 2019-01-25)
** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
on the public key (#640).
** libgnutls: Added support for raw public-key authentication as defined in RFC7250.
Raw public-keys can be negotiated by enabling the corresponding certificate
types via the priority strings. The raw public-key mechanism must be explicitly
enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280).
** libgnutls: When on server or client side we are sending no extensions we do
not set an empty extensions field but we rather remove that field competely.
This solves a regression since 3.5.x and improves compatibility of the server
side with certain clients.
** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
the CKA_SIGN is not set (#667).
** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
disable extensions at all cases, while providing a functional session. This
also implies that when specified, TLS1.3 is disabled.
** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
The previous definition was non-functional (#609).
** API and ABI modifications:
GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK)
Getting the Software
GnuTLS may be downloaded directly from
<ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can
be found at <http://www.gnutls.org/download.html>.
Here are the XZ compressed sources:
Here are OpenPGP detached signatures signed using key 0x96865171:
Note that it has been signed with my openpgp key:
pub 3104R/96865171 2008-05-04 [expires: 2028-04-29]
uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org>
uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at>
sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02]
sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02]
More information about the Gnutls-help