Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 520784

Summary: =net-libs/gnutls-3.2.17 and -3.3.7 version bump
Product: Gentoo Linux Reporter: Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c>
Component: [OLD] LibraryAssignee: Crypto team [DISABLED] <crypto+disabled>
Status: RESOLVED FIXED    
Severity: enhancement CC: alonbl
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2014-08-24 17:55:17 UTC 
* Version 3.2.17 (released 2014-08-24)

** libgnutls: initialize parameters variable on PKCS #8 decryption.

** libgnutls: Explicitly set the exponent in PKCS #11 key generation.
That improves compatibility with certain PKCS #11 modules. Contributed by
Wolfgang Meyer zu Bergsten.

** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1
algorithms.

** libgnutls: when checking the hostname of a certificate with multiple CNs
ensure that the "most specific" CN is being used.

** libgnutls: In DTLS ignore only errors that relate to unexpected packets
and decryption failures.

** API and ABI modifications:
No changes since last version.



* Version 3.3.7 (released 2014-08-24)

** libgnutls: Added function to export the public key of a PKCS #11
private key. Contributed by Wolfgang Meyer zu Bergsten.

** libgnutls: Explicitly set the exponent in PKCS #11 key generation.
That improves compatibility with certain PKCS #11 modules. Contributed by
Wolfgang Meyer zu Bergsten.

** libgnutls: When generating a PKCS #11 private key allow setting
the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten.

** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session
to the key.

** libgnutls: bundle replacements of inet_pton and inet_aton if not
available.

** libgnutls: initialize parameters variable on PKCS #8 decryption.

** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1
algorithms.

** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125
requirement of checking the Common Name (CN) part of DN only if there is
a single CN present in the certificate.

** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used
to force the FIPS mode, when set to 1.

** libgnutls: In DTLS ignore only errors that relate to unexpected packets
and decryption failures.

** p11tool: Added --info parameter.

** certtool: Added --mark-wrap parameter.

** danetool: --check will attempt to retrieve the server's certificate
chain and verify against it.

** danetool/gnutls-cli-debug: Added --app-proto parameters which can
be used to enforce starttls (currently only SMTP and IMAP) on the connection.

** danetool: Added openssl linking exception, to allow linking
with libunbound.

** API and ABI modifications:
GNUTLS_PKCS11_OBJ_ATTR_MATCH: Added
gnutls_pkcs11_privkey_export_pubkey: Added
gnutls_pkcs11_obj_flags_get_str: Added
gnutls_pkcs11_obj_get_flags: Added
Comment 1 Alon Bar-Lev (RETIRED) gentoo-dev 2014-08-24 19:09:27 UTC 
Added, thanks!