Hello, I've just released gnutls 3.3.23. This is a bug-fix release on the previous stable branch.
* Version 3.3.23 (released 2016-05-20) ** libgnutls: Corrected behavior of ALPN extension parsing during session resumption. Report and patches by Yuriy M. Kaminskiy. ** libgnutls: Properly print the IP Adress name constraints. ** libgnutls: Fixes in gnutls_privkey_import_ecc_raw(). ** libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that operation could fail on certain PKCS#11 modules. ** libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_pkcs11_url() can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. ** libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS name of the certificates if the provided names are NULL. ** libgnutls: when receiving SNI names, only save and expose to application the supported DNS names. ** libgnutls: when importing the certificate names at the gnutls_certificate_set* functions, only consider the CN as a fallback if DNS names are provided via the alternative name extension. ** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers serving chunk encoding which ocsptool doesn't support. Reported by Thomas Klute. ** certtool: do not require a CA for OCSP signing tag. This follows the recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate OCSP signing to another certificate without requiring it to be a CA. Reported by Thomas Klute. ** gnutls-cli: on OCSP verification do not fail if we have a single valid reply. Report and reproducer by Thomas Klute. ** API and ABI modifications: No changes since last version. Getting the Software ==================== GnuTLS may be downloaded directly from <ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be found at <http://www.gnutls.org/download.html>. Here are the XZ compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.23.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.23.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org> uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
