GnuTLS 2.7.4

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GnuTLS 2.7.4

From:	Simon Josefsson
Subject:	GnuTLS 2.7.4
Date:	Wed, 07 Jan 2009 12:59:55 +0100
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

The GnuTLS 2.7.x branch is NOT what you want for your stable system.  It
is intended for developers and experienced users.

Here are the compressed sources:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.7.4.tar.bz2 (5.8MB)
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.7.4.tar.bz2

Here is the OpenPGP signature:
  http://alpha.gnu.org/gnu/gnutls/gnutls-2.7.4.tar.bz2.sig
  ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.7.4.tar.bz2.sig

Improving GnuTLS is costly, but you can help!  We are looking for
organizations that find GnuTLS useful and wish to contribute back.  You
can contribute by reporting bugs, improve the software, or donate money
or equipment.

Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance.  Simon Josefsson Datakonsult AB, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance.  We are always looking for interesting development
projects.  See http://josefsson.org/ for more details.

/Simon

* Version 2.7.4 (released 2009-01-07)

** gnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
This is a bugfix -- the previous attempt to do this from internal x509
certificate verification procedures did not return the correct value
for certificates using a weak hash.  Reported by Daniel Kahn Gillmor
<address@hidden> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
debugged and patch by Tomas Mraz <address@hidden> and Daniel Kahn
Gillmor <address@hidden>.

** gnutls: New interface to get key id for certificate requests.
Patch from David Marín Carreño <address@hidden> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3321>.

** gnutls: gnutls_x509_crq_print will now also print public key id.

** certtool: --verify-chain now prints results of using library verification.
Earlier, certtool --verify-chain used its own validation algorithm
which wasn't guaranteed to give the same result as the libgnutls
internal validation algorithm.  Now this command print a new final
line with header 'Chain verification output:' that contains the result
From using the internal verification algorithm on the same chain.

** tests: Add crq_key_id self-test of gnutls_x509_crq_get_key_id.

** API and ABI modifications:
gnutls_x509_crq_get_key_id: ADDED.

pgpBtMvRYU2FT.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

GnuTLS 2.7.4, Simon Josefsson <=

Prev by Date: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Next by Date: gnutls fails to use Verisign CA cert without a Basic Constraint
Previous by thread: Re: deprecating MD5 in signature verification for gnutls-{cli, serv}
Next by thread: gnutls fails to use Verisign CA cert without a Basic Constraint
Index(es):
- Date
- Thread