[gnutls-help] gnutls 3.6.6

Fri Jan 25 09:02:50 CET 2019

Hello, I've just released gnutls 3.6.6. This is a bug fix release on the 3.6.x branch. It introduces support for raw public keys, fixes several small issues and issues related to TLS1.3 support. I'd like to thank everyone who contributed in this release: Tim Rühsen, Daiki Ueno, Dmitry Eremin-Solenikov, Hugo Beauzée-Luyssen, Peter Wu, Andreas Metzler, Fabrice Fontaine, Alon Bar-Lev, Maks Naumov, Marga Manterola and Tom Vrancken. The detailed list of changes follows; they can be seen in more detail in our milestone tracker: https://gitlab.com/gnutls/gnutls/milestones/18 Changes ======= * Version 3.6.6 (released 2019-01-25) ** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits on the public key (#640). ** libgnutls: Added support for raw public-key authentication as defined in RFC7250. Raw public-keys can be negotiated by enabling the corresponding certificate types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). ** libgnutls: When on server or client side we are sending no extensions we do not set an empty extensions field but we rather remove that field competely. This solves a regression since 3.5.x and improves compatibility of the server side with certain clients. ** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if the CKA_SIGN is not set (#667). ** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely disable extensions at all cases, while providing a functional session. This also implies that when specified, TLS1.3 is disabled. ** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous definition was non-functional (#609). ** API and ABI modifications: GNUTLS_ENABLE_RAWPK: Added GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK) GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated GNUTLS_PCERT_NO_CERT: Deprecated Getting the Software ==================== GnuTLS may be downloaded directly from <ftp://ftp.gnutls.org/gcrypt/gnutls/>. A list of GnuTLS mirrors can be found at <http://www.gnutls.org/download.html>. Here are the XZ compressed sources: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.6.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.6.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org> uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos 