[mod_gnutls-devel] New release: mod_gnutls 0.10.0
fiona.klute at gmx.de
Mon Feb 3 21:10:20 CET 2020
I have just uploaded a new source archive and matching signature to
https://mod.gnutls.org/downloads/ as well as the signed
mod_gnutls/0.10.0 tag to the git repositories [1, 2].
This release brings a lot of new features and better tests:
* Added support for stapling multiple OCSP responses (TLS 1.3 only).
mod_gnutls will staple for as many consecutive certificates in the
certificate chain as possible.
* Added support for TLS 1.3 post-handshake authentication, used if TLS
client authentication is required only for some resources on the server.
Rehandshake (for older TLS versions) is not supported, the existing but
broken code has been removed.
* The test infrastructure has been mostly rewritten in Python, note the
new dependencies (Python 3, Pyyaml). Tests can run multiple TLS
connections and HTTP(S) requests as well as custom hooks now, see
test/README.md for details.
* Server certificates are checked for the must-staple TLS feature
extension, stapling must be enabled if it is present.
* Compatibility fix for GnuTLS 3.6.11 in the test suite: Handle peer
certificate type in TLS session information strings.
* The test system will automatically detect if it needs to load critical
modules (e.g. mod_logio) that are built-in with the Debian packages.
This makes the tests work on Fedora without modifications, and likely on
similar distributions too.
* Tests can optionally run with Valgrind for the primary HTTPD instance
by running ./configure with --enable-valgrind-test, see test/README.md
* Known issue: When using MSVA client certificate validation the
Valgrind tests indicate memory leaks from libcurl, which is used by
libmsv to send requests to the MSVA. For details see the bug report:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the mod_gnutls-devel