gnutls-3.3.5

[Fernando de Oliveira]

​ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.5.tar.xz

​https://gitorious.org/gnutls/gnutls/raw/1f16c84edc4e71ccf3dd36ba626ad0b776e083fe:NEWS

* Version 3.3.5 (released 2014-06-26)

** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit().
These functions provide a variant of gnutls_record_recv() that avoids
the final memcpy of data.

** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a
faster variant of gnutls_x509_crl_get_crt_serial() when coping with
very large structures.

** libgnutls: When the decoding of a printable DN element fails, then treat
it as unknown and print its hex value rather than failing. That works around
an issue in a TURKTRST root certificate which improperly encodes the
X520countryName element.

** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number
of certificates present in a PKCS #11 token when loading it.

** libgnutls: Allow the post client hello callback to put the handshake on
hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.

** certtool: option --to-p12 will now consider --load-ca-certificate

** certtol: Added option to specify the PKCS #12 friendly name on command
line.

** p11tool: Allow marking a certificate copied to a token as a CA.

** API and ABI modifications:
GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added
gnutls_x509_crl_iter_deinit: Added
gnutls_x509_crl_iter_crt_serial: Added
gnutls_record_recv_packet: Added
gnutls_packet_deinit: Added
gnutls_packet_get: Added

[Fernando de Oliveira]

Fixed at r13320.