Hello, I've just released gnutls 3.1.4. This release includes initial support for the DTLS-SRTP protocol contributed by martin Storsjo updated on the new DANE library, and several simplifications on the existing API.
* Version 3.1.4 (released 2012-11-10) ** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on the available revocation data validity. ** libgnutls: Added gnutls_certificate_verification_status_print(), a function to print the verification status code in human readable text. ** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS. ** libgnutls: Simplified certificate verification by adding gnutls_certificate_verify_peers3(). ** libgnutls: Added support for extension to establish keys for SRTP. Contributed by Martin Storsjo. ** libgnutls: The X.509 verification functions check the key usage bits and pathlen constraints and on failure output GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. ** libgnutls: gnutls_x509_crl_verify() includes the time checks. ** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default. ** libgnutls: Always tolerate key usage violation errors from the side of the peer, but also notify via an audit message. ** gnutls-cli: Added --local-dns option. ** danetool: Corrected bug that prevented loading PEM files. ** danetool: Added --check option to allow querying and verifying a site's DANE data. ** libgnutls-dane: Added pkg-config file for the library. ** API and ABI modifications: gnutls_session_get_id2: Added gnutls_sign_is_secure: Added gnutls_certificate_verify_peers3: Added gnutls_ocsp_status_request_is_checked: Added gnutls_certificate_verification_status_print: Added gnutls_srtp_set_profile: Added gnutls_srtp_set_profile_direct: Added gnutls_srtp_get_selected_profile: Added gnutls_srtp_get_profile_name: Added gnutls_srtp_get_profile_id: Added gnutls_srtp_get_keys: Added gnutls_srtp_get_mki: Added gnutls_srtp_set_mki: Added gnutls_srtp_profile_t: Added dane_cert_type_name: Added dane_match_type_name: Added dane_cert_usage_name: Added dane_verification_status_print: Added GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added GNUTLS_CERT_UNEXPECTED_OWNER: Added GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added Getting the Software ==================== GnuTLS may be downloaded from one of the GNU mirror sites or directly >From <ftp://ftp.gnu.org/gnu/gnutls/>. The list of GNU mirrors can be found at <http://www.gnu.org/prep/ftp.html> and a list of GnuTLS mirrors can be found at <http://www.gnu.org/software/gnutls/download.html>. Here are the XZ compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.xz http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.xz Here are the LZIP compressed sources: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.lz http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.lz Here are OpenPGP detached signatures signed using key 0x96865171: ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.xz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.xz.sig ftp://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.lz.sig http://ftp.gnu.org/gnu/gnutls/gnutls-3.1.4.tar.lz.sig Note that it has been signed with my openpgp key: pub 3104R/96865171 2008-05-04 [expires: 2028-04-29] uid Nikos Mavrogiannopoulos <nmav <at> gnutls.org> uid Nikos Mavrogiannopoulos <n.mavrogiannopoulos <at> gmail.com> sub 2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub 2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos _______________________________________________ GNU Announcement mailing list <info-gnu@gnu.org> https://lists.gnu.org/mailman/listinfo/info-gnu
