Version 1.0.4 (04/01/2004)
- Changed handshake behaviour to send the lowest TLS version
when an unsupported version was advertized. The current behaviour
is to send the maximum version we support.
- certtool no longer asks the password in unencrypted private
keys.
- The source is now compiled to use the reentrant libc functions.
- Corrected bug in gnutls_bye() which made it return an error code
of INVALID_REQUEST instead of success.
- Corrected a bug in the GNUTLS_KEY key usage definitions.
Changes since 1.0.0:
- Some minor fixes in the makefiles. They now include CFLAGS
from libgcrypt or opencdk if installed in a non standard directory.
- Fixed the SRP detection test in gnutls-cli-debug.
- Added gnutls_rsa_params_export_pkcs1() and
gnutls_rsa_params_import_pkcs1().
Changes:
- Exported the static SRP group parameters.
- Some fixes in the certificate authenticated SRP ciphersuites.
- Improved the support for draft-ietf-tls-srp-05. The two-phase
handshake is now fully supported without any interaction with
the application layer (except for a callback).
- Some fixes in the openpgp authentication.
- Removed the Twofish cipher.
- The openssl compatibility layer was moved to gnutls-openssl
library instead of being included in the gnutls-extra library.
- Added the RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04.
- Building with openpgp support is now mandatory.
- gnutls4 compatibility header is no longer included by default in
gnutls.h.
- gnutls8 function usage yelds a deprecation warning in gcc3.
- gnutls_x509_*_set_dn_by_oid() and gnutls_x509_*_get_*_dn_by_oid()
functions have a raw_flag parameter added.
- The certtool utility can now generate PKCS #12 structures
without specifying a certificate.
- Added capability to read CRLs to certtool.
- Corrected some functions which return GNUTLS_E_SHORT_MEMORY_BUFFER
to properly set the required buffer size.
- Corrected a bug in libgcrypt detection.
And more...
own security/libtasn1 package, which is too new to work fine with gnutls.
While here, add missing dependency on devel/zlib.
Fixes PR pkg/23172; reviewed by wiz@. Bump PKGREVISION to 1.
GnuTLS is a portable ANSI C based library which implements the TLS 1.0 and SSL
3.0 protocols. The library does not include any patented algorithms and is
available under the GNU Lesser GPL license.
Important features of the GnuTLS library include:
- Thread safety
- Support for both TLS 1.0 and SSL 3.0 protocols
- Support for both X.509 and OpenPGP certificates
- Support for basic parsing and verification of certificates
- Support for SRP for TLS authentication
- Support for TLS Extension mechanism
- Support for TLS Compression Methods
Additionaly GnuTLS provides an emulation API for the widely used OpenSSL
library, to ease integration with existing applications.
Package provided by Juan RP via pkgsrc-wip with modifications by me.
