Hello, I've just released gnutls 3.5.1. This is a minor feature update for the 3.5.x branch.
* Version 3.5.1 (released 2016-06-14) ** libgnutls: The SSL 3.0 protocol support can completely be removed using a compile time option. The configure option is --disable-ssl3-support. ** libgnutls: The SSL 2.0 client hello support can completely be removed using a compile time option. The configure option is --disable-ssl2-support. For info on why this is not the default see https://gitlab.com/gnutls/gnutls/issues/97 ** libgnutls: Added support for OCSP Must staple PKIX extension. That is, implemented the RFC7633 TLSFeature for OCSP status request extension. Feature implemented by Tim Kosse. ** libgnutls: More strict OCSP staple verification. That is, no longer ignore invalid or too old OCSP staples. The previous behavior was to rely on application use gnutls_ocsp_status_request_is_checked(), while the new behavior is to include OCSP verification by default and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error. ** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This improves interoperability with several old intermediate CA certificates carrying these legacy OIDs. ** libgnutls: Re-read the system wide priority file when needed. Patch by Daniel P. Berrange. ** libgnutls: Allow for fallback in system-specific initial keywords (prefixed with '@'). That allows to specify a keyword such as "@KEYWORD1,KEYWORD2" which will use the first available of these two keywords. Patch by Daniel P. Berrange. ** libgnutls: The SSLKEYLOGFILE environment variable can be used to log session keys. These session keys are compatible with the NSS Key Log Format and can be used to decrypt the session for debugging using wireshark. ** API and ABI modifications: GNUTLS_CERT_INVALID_OCSP_STATUS: Added gnutls_x509_crt_set_crq_extension_by_oid: Added gnutls_x509_ext_import_tlsfeatures: Added gnutls_x509_ext_export_tlsfeatures: Added gnutls_x509_tlsfeatures_add: Added gnutls_x509_tlsfeatures_init: Added gnutls_x509_tlsfeatures_deinit: Added gnutls_x509_tlsfeatures_get: Added gnutls_x509_crt_get_tlsfeatures: Added gnutls_x509_crt_set_tlsfeatures: Added gnutls_x509_crq_get_tlsfeatures: Added gnutls_x509_crq_set_tlsfeatures: Added gnutls_ext_get_name: Added Getting the Software ==================== GnuTLS may be downloaded directly from <ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be found at <http://www.gnutls.org/download.html>. Here are the XZ compressed sources: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.1.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.1.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org> uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
