[gnutls-help] gnutls 3.7.0

Daiki Ueno ueno at gnu.org
Wed Dec 2 11:42:38 CET 2020

 We've just released gnutls 3.7.0. This is the first release on the
3.7.x branch, with several new features and behavior changes.

We'd like to thank everyone who contributed in this release:
Albrecht Dreß, Alexander Sosedkin, Anderson Toshiyuki Sasaki, Andreas
Metzler, Daiki Ueno, Daniel Lenski, Dmitry Baryshkov, Fiona Klute, Hans
Leidekker, James Bottomley, JonasZhou, KrenzelokFrantisek, Lei Maohui,
Michael Catanzaro, Nikolay Sivov, Nikos Mavrogiannopoulos, Petr Pavlu,
Remi Olivier, Sahana Prasad, Steve Lhomme, Tim Rühsen, Tomas Mraz,
Vitezslav Cizek, and ihsinme.

The detailed list of changes follows:

* Version 3.7.0 (released 2020-12-02)

** libgnutls: Depend on nettle 3.6 (!1322).

** libgnutls: Added a new API that provides a callback function to
   retrieve missing certificates from incomplete certificate chains
   (#202, #968, #1100).

** libgnutls: Added a new API that provides a callback function to
   output the complete path to the trusted root during certificate
   chain verification (#1012).

** libgnutls: OIDs exposed as gnutls_datum_t no longer account for the
   terminating null bytes, while the data field is null terminated.
   The affected API functions are: gnutls_ocsp_req_get_extension,
   gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension

** libgnutls: Added a new set of API to enable QUIC implementation (#826, #849,

** libgnutls: The crypto implementation override APIs deprecated in 3.6.9 are
   now no-op (#790).

** libgnutls: Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support (!1161).

** libgnutls: Support for padlock has been fixed to make it work with Zhaoxin
   CPU (#1079).

** libgnutls: The maximum PIN length for PKCS #11 has been increased from 31
   bytes to 255 bytes (#932).

** API and ABI modifications:
gnutls_x509_trust_list_set_getissuer_function: Added
gnutls_x509_trust_list_get_ptr: Added
gnutls_x509_trust_list_set_ptr: Added
gnutls_session_set_verify_output_function: Added
gnutls_record_encryption_level_t: New enum
gnutls_handshake_read_func: New callback type
gnutls_handshake_set_read_function: New function
gnutls_handshake_write: New function
gnutls_handshake_secret_func: New callback type
gnutls_handshake_set_secret_function: New function
gnutls_alert_read_func: New callback type
gnutls_alert_set_read_function: New function
gnutls_crypto_register_cipher: Deprecated; no-op
gnutls_crypto_register_aead_cipher: Deprecated; no-op
gnutls_crypto_register_mac: Deprecated; no-op
gnutls_crypto_register_digest: Deprecated; no-op

Getting the Software

GnuTLS may be downloaded directly from <
A list of GnuTLS mirrors can be found at <

Here are the XZ compressed sources:


Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871:


Note that it has been signed with my openpgp key:
pub   rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
uid           [ultimate] Daiki Ueno <ueno at unixuser.org>
uid           [ultimate] Daiki Ueno <ueno at gnu.org>
sub   rsa4096 2010-02-04 [E]

Daiki Ueno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20201202/0ddfae1c/attachment.sig>

More information about the Gnutls-help mailing list