./security/gnutls, Transport Layer Security library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.6.14, Package name: gnutls-3.6.14, Maintainer: pkgsrc-users

GnuTLS is a portable ANSI C based library which implements the TLS 1.0 and SSL
3.0 protocols. The library does not include any patented algorithms and is
available under the GNU Lesser GPL license.

Important features of the GnuTLS library include:
- Thread safety
- Support for both TLS 1.0 and SSL 3.0 protocols
- Support for both X.509 and OpenPGP certificates
- Support for basic parsing and verification of certificates
- Support for SRP for TLS authentication
- Support for TLS Extension mechanism
- Support for TLS Compression Methods

Additionally GnuTLS provides an emulation API for the widely used OpenSSL
library, to ease integration with existing applications.


Required to run:
[archivers/lzo] [security/libtasn1] [devel/gmp] [devel/libcfg+] [security/mozilla-rootcerts] [security/nettle] [security/p11-kit] [textproc/libunistring]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: bea1b5abcb691acf014e592f41d0a9580a41216a
RMD160: 89c4f89e4453c2d08ad0918fbf099d9fbcfe9cba
Filesize: 5926.844 KB

Version history: (Expand)


CVS history: (Expand)


   2020-06-09 11:53:11 by Nia Alarie | Files touched by this commit (2)
Log message:
gnutls: fix detection of build options
   2020-06-08 21:48:14 by Leonardo Taccari | Files touched by this commit (3) | Package updated
Log message:
gnutls: Update to 3.6.14

Changes:
3.6.14
------
 * libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
   The TLS server would not bind the session ticket encryption key with a
   value supplied by the application until the initial key rotation, allowing
   attacker to bypass authentication in TLS 1.3 and recover previous
   conversations in TLS 1.2 (#1011).
   [GNUTLS-SA-2020-06-03, CVSS: high]

 * libgnutls: Fixed handling of certificate chain with cross-signed
   intermediate CA certificates (#1008).

 * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).

 * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
   (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
   Key Identifier (AKI) properly (#989, #991).

 * certtool: PKCS #7 attributes are now printed with symbolic names (!1246).

 * libgnutls: Added several improvements on Windows Vista and later releases
   (!1257, !1254, !1256). Most notably the system random number generator now
   uses Windows BCrypt* API if available (!1255).

 * libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
   Also both accelerated and non-accelerated implementations check key block
   according to FIPS-140-2 IG A.9 (!1233).

 * libgnutls: Added support for AES-SIV ciphers (#463).

 * libgnutls: Added support for 192-bit AES-GCM cipher (!1267).

 * libgnutls: No longer use internal symbols exported from Nettle (!1235)

 * API and ABI modifications:
     GNUTLS_CIPHER_AES_128_SIV: Added
     GNUTLS_CIPHER_AES_256_SIV: Added
     GNUTLS_CIPHER_AES_192_GCM: Added
     gnutls_pkcs7_print_signature_info: Added
   2020-05-22 12:56:49 by Adam Ciarcinski | Files touched by this commit (624)
Log message:
revbump after updating security/nettle
   2020-05-14 16:30:02 by Nikita | Files touched by this commit (4)
Log message:
security/gnutls: revbump, add support for building guile bindings
   2020-04-01 10:24:07 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
gnutls: updated to 3.6.13

Version 3.6.13:

** libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support), since 3.6.3.
   The DTLS client would not contribute any randomness to the DTLS negotiation,
   breaking the security guarantees of the DTLS protocol
   [GNUTLS-SA-2020-03-31, CVSS: high]

** libgnutls: Added new APIs to access KDF algorithms.

** libgnutls: Added new callback gnutls_keylog_func that enables a custom
   logging functionality.

** libgnutls: Added support for non-null terminated usernames in PSK
   negotiation.

** gnutls-cli-debug: Improved support for old servers that only support
   SSL 3.0.

** API and ABI modifications:
gnutls_hkdf_extract: Added
gnutls_hkdf_expand: Added
gnutls_pbkdf2: Added
gnutls_session_get_keylog_function: Added
gnutls_session_set_keylog_function: Added
gnutls_prf_hash_get: Added
gnutls_psk_server_get_username2: Added
gnutls_psk_set_client_credentials2: Added
gnutls_psk_set_client_credentials_function2: Added
gnutls_psk_set_server_credentials_function2: Added
   2020-03-22 13:21:59 by Roland Illig | Files touched by this commit (1)
Log message:
security/gnutls: remove unnecessary comment from Makefile
   2020-03-22 13:21:13 by Roland Illig | Files touched by this commit (1)
Log message:
security/gnutls: remove nonexistent files from REPLACE_BASH
   2020-03-08 17:51:54 by Thomas Klausner | Files touched by this commit (2833)
Log message:
*: recursive bump for libffi