#11588: gnutls-3.6.6
-------------------------+------------------------
Reporter: bdubbs | Owner: blfs-book
Type: enhancement | Status: new
Priority: normal | Milestone: 8.4
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------
Comment (by bdubbs):
* Version 3.6.6 (released 2019-01-25)
* libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number
bits
on the public key
* libgnutls: Added support for raw public-key authentication as defined in
RFC7250.
Raw public-keys can be negotiated by enabling the corresponding
certificate
types via the priority strings. The raw public-key mechanism must be
explicitly
enabled via the GNUTLS_ENABLE_RAWPK init flag
* libgnutls: When on server or client side we are sending no extensions we
do
not set an empty extensions field but we rather remove that field
competely.
This solves a regression since 3.5.x and improves compatibility of the
server
side with certain clients.
* libgnutls: We no longer mark RSA keys in PKCS11 tokens as RSA-PSS
capable if
the CKA_SIGN is not set
* libgnutls: The priority string option %NO_EXTENSIONS was improved to
completely
disable extensions at all cases, while providing a functional session.
This
also implies that when specified, TLS1.3 is disabled.
* libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as
deprecated.
The previous definition was non-functional
* API and ABI modifications:
- GNUTLS_ENABLE_RAWPK: Added
- GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by
GNUTLS_ENABLE_RAWPK)
- GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated
- GNUTLS_PCERT_NO_CERT: Deprecated
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11588#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
