Opened 5 years ago
Closed 5 years ago
#11588 closed enhancement (fixed)
gnutls-3.6.6
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | normal | Milestone: | 8.4 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (3)
comment:1 by , 5 years ago
- Version 3.6.6 (released 2019-01-25)
- libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits on the public key
- libgnutls: Added support for raw public-key authentication as defined in RFC7250. Raw public-keys can be negotiated by enabling the corresponding certificate types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag
- libgnutls: When on server or client side we are sending no extensions we do not set an empty extensions field but we rather remove that field competely. This solves a regression since 3.5.x and improves compatibility of the server side with certain clients.
- libgnutls: We no longer mark RSA keys in PKCS11 tokens as RSA-PSS capable if the CKA_SIGN is not set
- libgnutls: The priority string option %NO_EXTENSIONS was improved to completely disable extensions at all cases, while providing a functional session. This also implies that when specified, TLS1.3 is disabled.
- libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous definition was non-functional
- API and ABI modifications:
- GNUTLS_ENABLE_RAWPK: Added
- GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK)
- GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated
- GNUTLS_PCERT_NO_CERT: Deprecated
comment:2 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
