[mod_gnutls-devel] New Release: mod_gnutls 0.7.1

Thomas Klute thomas2.klute at uni-dortmund.de
Mon Oct 19 18:04:49 CEST 2015

Hello everyone,

I'm happy to announce the release of mod_gnutls 0.7.1. This is a
maintenance release with a change to the GnuTLSP11Module option and a
few general improvements. The change to GnuTLSP11Module only affects
configurations using multiple PKCS #11 modules.

Nikos Mavrogiannopoulos pointed out that loading PKCS #11 modules from
both system configuration and GnuTLSP11Module can have unexpected side
effects, in particular if multiple versions of the same module are
installed on the system, and provided a patch to load only the module
specified using GnuTLSP11Module if the option is set [1]. I've build on
that patch to allow loading multiple modules using multiple occurrences
of GnuTLSP11Module. If you use a configuration with more than one PKCS
#11 module, please ensure that you use either the system-wide p11-kit
configuration, or specify GnuTLSP11Module multiple times in the Apache
configuration (once for each module).

Changelog since mod_gnutls 0.7:

- Improved handling of PKCS #11 modules: mod_gnutls now loads either
  modules specified using GnuTLSP11Module, or the system defaults, but
  not both. Thanks to Nikos Mavrogiannopoulos for the report and
  initial patch!
- Initialize variables to safe defaults during client certificate
  verification. Certain error code paths did not set them, but they
  should never be hit due to config validation. This adds another line
  of defense.
- Enable C99 support via autoconf
- Test suite improvements. Most importantly, automake now handles
  environment setup without any external make calls. Rules to build
  the certificates are included from the old test makefile. Note that
  the dependency on GNU make is not new (the test makefile always used
  GNU make syntax), it just wasn't listed explicitly.

You can download the release archive and detached PGP signature from


or check out the signed tag "mod_gnutls/0.7.1" from the mod_gnutls git
repository [2] or my personal repository on Github [3].

Kind regards,
Thomas Klute

[2] https://mod.gnutls.org/git/mod_gnutls
[3] https://github.com/airtower-luna/mod_gnutls

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151019/56619f0d/attachment-0001.sig>

More information about the mod_gnutls-devel mailing list