Hello, I've just released gnutls 2.99.2. It's main addition is the experimental support for Elliptic curves (ECDH and ECDSA).
The GnuTLS 2.99.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. The changes since the development release are: * Version 2.99.2 (released 2011-05-26) ** libgnutls: Added Elliptic curve support. This is not enabled by default. Requires priority strings: +CURVE-ALL: to add all supported curves +ECDHE-RSA: to add ephemeral ECDHE with an RSA-signed certificate +ECDHE-ECDSA: to add ephemeral ECDHE with an ECDSA-signed certificate +ANON-ECDHE: to add anonymous ECDH ** libgnutls: PKCS #11 URLs conform to the latest draft being http://tools.ietf.org/html/draft-pechanec-pkcs11uri-04. ** certtool: Can now load private keys and public keys from PKCS #11 tokens via URLs. ** libgnutls: Added gnutls_global_set_audit_log_function() that allows to get important auditing information including the corresponding session. That might be useful to block DoS or other attacker from specific IPs. ** libgnutls: gnutls_pkcs11_privkey_import_url() will now correctly read the public key algorithm of the key. ** libgnutls: Added gnutls_certificate_get_issuer() and gnutls_x509_trust_list_get_issuer() to compensate for the missing gnutls_certificate_get_x509_cas(). ** libgnutls: Added gnutls_x509_crq_verify() to allow verification of the self signature in a certificate request. This allows verifying whether the owner of the private key is the generator of the request. ** libgnutls: gnutls_x509_crt_set_crq() implicitly verifies the self signature of the request. ** API and ABI modifications: gnutls_certificate_get_issuer: ADDED gnutls_x509_trust_list_get_issuer: ADDED gnutls_x509_crq_verify: ADDED gnutls_global_set_audit_log_function: ADDED gnutls_ecc_curve_get_name: ADDED gnutls_ecc_curve_get_size: ADDED gnutls_x509_privkey_import_ecc_raw: ADDED gnutls_x509_privkey_export_ecc_raw: ADDED gnutls_global_set_time_function: ADDED GNUTLS_E_ECC_NO_SUPPORTED_CURVES: New error code GNUTLS_E_ECC_UNSUPPORTED_CURVE: New error code GNUTLS_KX_ECDHE_RSA: New key exchange method GNUTLS_KX_ECDHE_ECDSA: New key exchange method GNUTLS_KX_ANON_ECDH: New key exchange method GNUTLS_PK_ECC: New public key algorithm GNUTLS_SIGN_ECDSA_SHA1: New signature algorithm GNUTLS_SIGN_ECDSA_SHA256: New signature algorithm GNUTLS_SIGN_ECDSA_SHA384: New signature algorithm GNUTLS_SIGN_ECDSA_SHA512: New signature algorithm GNUTLS_SIGN_ECDSA_SHA224: New signature algorithm GNUTLS_ECC_CURVE_INVALID: New curve definition GNUTLS_ECC_CURVE_SECP224R1: New curve definition GNUTLS_ECC_CURVE_SECP256R1: New curve definition GNUTLS_ECC_CURVE_SECP384R1: New curve definition GNUTLS_ECC_CURVE_SECP521R1: New curve definition Here are the compressed sources: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.2.tar.bz2 ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.2.tar.bz2 Here is the OpenPGP signature: ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.99.2.tar.bz2.sig ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-2.99.2.tar.bz2.sig regards, Nikos _______________________________________________ GNU Announcement mailing list <info-gnu@gnu.org> https://lists.gnu.org/mailman/listinfo/info-gnu
