Hello, I've just released gnutls 3.0.13. This release fixes bugs and adds new features in the current stable branch. The main additions are, (1) a new helper interface to support trust on first use (SSH-like) authentication, (2) gnutls-cli and ocsptool support the on-line verification of a certificate using OCSP, (3) several updates in Datagram TLS handling of missed packets and retransmissions (thanks to work of Sean Buckheister).
* Version 3.0.13 (released 2012-02-18) ** gnutls-cli: added the --ocsp option which will verify the peer's certificate with OCSP. ** gnutls-cli: added the --tofu and if specified, gnutls-cli will use an ssh-style authentication method. ** gnutls-cli: if no --x509cafile is provided a default is assumed (/etc/ssl/certs/ca-certificates.crt), if it exists. ** ocsptool: Added --ask parameter, to verify a certificate's status from an ocsp server. ** command line apps: Use gnu autogen (libopts) to parse command line arguments and template files. ** tests: Added stress test for DTLS packet losses and out-of-order receival. Contributed by Sean Buckheister. ** libgnutls: Several updates and corrections in the DTLS DTLS lost packet handling and retransmission timeouts. Report and patches by Sean Buckheister. ** libgnutls: Added new functions to easily allow the usage of a trust on first use (SSH-style) authentication. ** libgnutls: SUITEB128 and SUITEB192 priority strings account for the RFC6460 requirements. ** libgnutls: Added new security parameter GNUTLS_SEC_PARAM_LEGACY to account for security level of 96-bits. ** libgnutls: In client side if server does not advertise any known CAs and only a single certificate is set in the credentials, sent that one. ** libgnutls: Added functions to parse authority key identifiers when stored as a 'general name' and serial combo. ** libgnutls: Added function to force explicit reinitialization of PKCS #11 modules. This is required on the child process after a fork (if PKCS #11 functionality is desirable). ** libgnutls: Depend on p11-kit 0.11. ** API and ABI modifications: gnutls_dtls_get_timeout: Added gnutls_verify_stored_pubkey: Added gnutls_store_pubkey: Added gnutls_store_commitment: Added gnutls_x509_crt_get_authority_key_gn_serial: Added gnutls_x509_crl_get_authority_key_gn_serial: Added gnutls_pkcs11_reinit: Added gnutls_ecc_curve_list: Added gnutls_priority_certificate_type_list: Added gnutls_priority_sign_list: Added gnutls_priority_protocol_list: Added gnutls_priority_compression_list: Added gnutls_priority_ecc_curve_list: Added gnutls_tdb_init: Added gnutls_tdb_set_store_func: Added gnutls_tdb_set_store_commitment_func: Added gnutls_tdb_set_verify_func: Added gnutls_tdb_deinit: Added Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From <ftp://ftp.gnu.org/gnu/gnutls/>. The list of GNU mirrors can be found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors can be found at <http://www.gnu.org/software/gnutls/download.html>. Here are the XZ compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.13.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.0.13.tar.xz.sig ftp://ftp.gnutls.org/pub/gnutls/gnutls-3.0.13.tar.xz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org> uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos _______________________________________________ GNU Announcement mailing list <info-gnu@gnu.org> https://lists.gnu.org/mailman/listinfo/info-gnu
