2014-01-26 10:38:33 by Matthias Scheler | Files touched by this commit (1) |
Log message:
Update comment:
Assembler support is still broken under Mac OS X in version 3.2.9.
Somebody should re-check Solaris as well.
|
2014-01-25 11:59:22 by Thomas Klausner | Files touched by this commit (2) |
Log message:
Update to 3.2.9 based on patch from Richard Palo.
Assembler issues still seem to be there at least on SunOS.
* Version 3.2.9 (released 2014-01-24)
** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.
** libgnutls: %COMPAT implies %DUMBFW.
** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.
* libgnutls: In PKCS #11 allow deleting multiple non-certificate data.
** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
configure option --with-default-trust-store-pkcs11), then the PKCS #11
token is used on demand to obtain the trusted anchors, rather than
preloading all trusted certificates. That delegates CA certificate management
and blacklist checking to the PKCS #11 module.
** libgnutls: When a PKCS #11 trust store is specified in configure option
or in gnutls_x509_trust_list_add_trust_file(), then the module is used
to obtain the verification anchors and any required blacklists as in
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html
** libgnutls: Fix in OCSP certificate status extension handling
in non-blocking servers. Patch by Nils Maier.
** p11tool: Added --so-login option to force login as security
officer (admin).
** API and ABI modifications:
No changes since last version.
|
2014-01-21 13:13:16 by Jonathan Perkin | Files touched by this commit (1) |
Log message:
Disable inline assembly on SunOS for now too.
|
2014-01-17 20:13:37 by Matthias Scheler | Files touched by this commit (1) |
Log message:
Disable assembler code under Mac OS X which is broken in this release.
|
2014-01-16 11:14:09 by Thomas Klausner | Files touched by this commit (8) |
Log message:
Update to 3.2.8.1.
Changes in 3.2.8.1:
Note, that I've realized that this release has issues with the
assembly files in win32 and macosx systems. In these systems
use gnutls 3.2.8.1.
3.2.8:
* Version 3.2.8 (released 2013-12-20)
** libgnutls: Updated code for AES-NI. That prevents an uninitialized
variable complaint from valgrind.
** libgnutls: Enforce a maximum size for DH primes.
** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy Polyakov's
code.
** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code.
** libgnutls: It only links to librt if the required functions are
not present in libc. This also prevents an indirect linking to libpthread.
** libgnutls: Fixed issue with gnulib strerror replacement by adding
the strerror gnulib module.
** libgnutls: The time provided in the TLS random values is only precise
on its first 3 bytes. That prevents leakage of the precise system
time (at least on the client side when only few connections are
done on a single server).
** certtool: The --verify option will use the system CAs if the
load-ca-certificate option is not provided.
** configure: Added option --with-default-blacklist-file to allow
specifying a certificate blacklist file.
** configure: Added --disable-non-suiteb-curves option. This option
restricts the supported curves to SuiteB curves.
** API and ABI modifications:
gnutls_record_check_corked: Added
|
2014-01-15 15:38:48 by Thomas Klausner | Files touched by this commit (1) |
Log message:
Disable autogen detection.
Addresses PR 48523 by Kai-Uwe Eckhardt.
|
2013-11-29 23:55:29 by Thomas Klausner | Files touched by this commit (7) |
Log message:
Update to 3.2.7:
* Version 3.2.7 (released 2013-11-23)
** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in
GCM ciphers (previously it returned the implicit IV used in TLS).
** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided
with a PKCS #11 URL pointing to a certificate, will attempt to load the whole
chain.
** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid
looking in unrelated to the object tokens.
** libgnutls: Added an experimental %DUMBFW option in priority strings. This
avoids a black hole behavior in some firewalls by sending a large client hello.
See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html
** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number
will force output of debug messages to stderr.
** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set()
is used with another protocol than the GNUTLS_DTLS0_9 protocol.
** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined
expiration date when (time_t)-1 is specified as date.
** libgnutls: Session tickets are encrypted using AES-GCM.
** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.
** libgnutls: Forbid all compression methods in DTLS.
** gnutls-serv: Fixed issue with IPv6 address in UDP mode.
** certtool: When exporting an encrypted PEM private key do not output the key
parameters.
** certtool: Expiration days template option allows for a -1 value which
will set to the no well defined expiration date (RFC5280), and no longer
chokes on integer overflows. Suggested by Stefan Buehler.
** certtool: Added new template options: 'activation_date', and
'expiration_date'.
** tools: The environment variable GNUTLS_PIN can be used to read any PIN
requested from tokens.
** tools: The installed version of libopts is used if the autogen tool is
present.
** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported
|
2013-11-04 09:22:54 by Thomas Klausner | Files touched by this commit (1) |
Log message:
Add --without-tpm to configure arguments to have consistency across
platforms.
Reported by Richard PALO.
|
2013-10-31 15:41:48 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
Update to 3.2.6:
* Version 3.2.6 (released 2013-10-31)
** libgnutls: Support for TPM via trousers is now enabled by default.
** libgnutls: Camellia in GCM mode has been added in default priorities, and
GCM mode is prioritized over CBC in all of the default priority strings.
** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.
** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.
Reported by Stefan Buehler.
** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.
** libgnutls: Minimum acceptable DH group parameters were increased to 767
bits from 727.
** libgnutls: Added function to obtain random data from PKCS #11 tokens.
Contributed by Wolfgang Meyer zu Bergsten.
** gnulib: updated.
** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
previous fix. Reported by Tomas Mraz.
** p11tool: Added option generate-random.
** API and ABI modifications:
gnutls_pkcs11_token_get_random: Added
|
2013-10-28 00:13:09 by Thomas Klausner | Files touched by this commit (3) |
Log message:
Update to 3.2.5:
* Version 3.2.5 (released 2013-10-23)
** libgnutls: Documentation and build-time fixes.
** libgnutls: Allow the generation of DH groups of less than 700 bits.
** libgnutls: Added several combinations of ciphersuites with SHA256 and SHA384 \
as MAC,
as well as Camellia with GCM.
** libdane: Added interfaces to allow initialization of dane_query_t from
external DNS resolutions, and to allow direct verification of a certificate
chain against a dane_query_t. Contributed by Christian Grothoff.
** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be
triggered by a DNS server supplying more than 4 DANE records. Report and fix
by Christian Grothoff.
** srptool: Fixed index command line option. Patch by Attila Molnar.
** gnutls-cli: Added support for inline commands, using the
--inline-commands-prefix and --inline-commands options. Patch by Raj Raman.
** certtool: pathlen constraint is now read correctly. Reported by
Christoph Seitz.
** API and ABI modifications:
gnutls_certificate_get_crt_raw: Added
dane_verify_crt_raw: Added
dane_raw_tlsa: Added
* Version 3.2.4 (released 2013-08-31)
** libgnutls: Fixes when session tickets and session DB are used.
Report and initial patch by Stefan Buehler.
** libgnutls: Added the RSA-PSK key exchange. Patch by by Frank Morgner,
based on previous patch by Bardenheuer GmbH and Bundesdruckerei GmbH.
** libgnutls: Added ciphersuites that use ARCFOUR with ECDHE. Patch
by Stefan Buehler.
** libgnutls: Added the PFS priority string option.
** libgnutls: Gnulib included files are strictly LGPLv2.
** libgnutls: Corrected gnutls_certificate_server_set_request().
Reported by Petr Pisar.
** API and ABI modifications:
gnutls_record_set_timeout: Exported
|