Release Notes: X.509 RSA signing has been fixed to use NULL instead of absent parameters, which solves failure in some external programs (e.g. GnuPG 2.x) when verifying GnuTLS-generated RSA X.509 certificates. The PKIX ASN.1 syntax tree was regenerated to fix a mistake made in the last release.
Release Notes: Servers will no longer negotiate SRP RSA/DSS cipher suites if no SRP credential is set. The default behavior of the gnutls-cli and gnutls-serv tools has improved. The --list output for gnutls-cli and gnutls-serv has been fixed to mention TLS1.2, SHA512, etc. The manual contains a new section on setting up a test HTTP server.
Release Notes: This release adds support for RSA signing using SHA-256/384/512. The gnutls-serv tool now uses static DH parameters if none are supplied. The manual now discusses proxy certificates and has improved bibliographical citations. certtool template handling of pathLenConstraints has been fixed.
Release Notes: Support for Proxy Certificates as per RFC 3820 were added. The --generate-proxy option was added to certtool. certtool --certificate-info now prints information for Proxy Certificates. New APIs were added to set proxy subject names and get or set a proxy cert extension. Parsing of pathLenConstraints in BasicConstraints with missing CA was fixed. A self-test was added to test for regressions of pathLenConstraint. Certtool now prints times in UTC when printing certificate/CRL info. Importing of ASCII armored OpenPGP keys was fixed.
Release Notes: Certtool now prints the value of the pathLenConstraints field for certs and queries for the value when generating CA certs. A new API to get and set pathLenConstraints was added. A new API was added in OpenCDK to extract public/secret OpenPGP keys to S-expr. Certtool --to-p12 can now store more than one certificate in the blob. The separation of gnutls and gnutls-extra was cleaned up for OpenPGP. The URL is printed to gaa when missing, and srcdir not being the same as builddir was fixed for GAA files. GnuTLS no longer uses -mms-bitfields --enable-runtime-pseudo-reloc. A minor fix was done to the C++ library to make it build. The gnulib files were updated.
Release Notes: A TLS 1.2 server side fix was made. TLS 1.2 DSA signature verification was fixed. The list of trusted CAs that servers send to clients was fixed. gnutls_certificate_set_x509_crl was fixed to initialize the CRL before using it. UID fields in DNs are encoded as DirectoryString. Out-of-sourcedir builds from CVS were improved. Bootstrap tools were changed. A syntax error in lib/gnutls.asn was fixed. A German translation of GnuTLS messages was added. The gnulib files were updated.
Release Notes: The list of trusted CAs that servers send to clients was fixed. gnutls_certificate_set_x509_crl was fixed to initialize the CRL before using it. UID fields in DNs are now encoded as DirectoryString rather than as IA5String. A ./configure failure with non-GCC compilers was fixed.
Release Notes: This is the first release on a new development branch. Preliminary support for TLS 1.2 was added. The default protocol priority tries both TLS 1.1 and TLS 1.2. The anonself test now prints a lot of debugging information, including TLS version. Documentation fixes were made in OpenCDK to avoid some gtk-doc warnings. The gnulib files were updated.
Release Notes: The first stable release of the development branch. Compared to the 1.4.x branch, this release adds a GnuTLS C++ library and new APIs for custom push/pull function error reporting. Windows is a supported platform. Self tests are run under Valgrind, if available.
Release Notes: The shared library version has been correctly bumped after adding new APIs. An unsigned vs signed problem in the ex-x509-info.c example has been fixed. The rsa-md5-collision self test has been fixed to work for MinGW+Wine. gnulib files have been updated. This is the second release candidate of the next release on a new stable branch, 1.6.0.