5d7286f0dc
Version 3.6.6: * libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits on the public key. * libgnutls: Added support for raw public-key authentication as defined in RFC7250. Raw public-keys can be negotiated by enabling the corresponding certificate types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag. * libgnutls: When on server or client side we are sending no extensions we do not set an empty extensions field but we rather remove that field competely. This solves a regression since 3.5.x and improves compatibility of the server side with certain clients. * libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if the CKA_SIGN is not set. * libgnutls: The priority string option %NO_EXTENSIONS was improved to completely disable extensions at all cases, while providing a functional session. This also implies that when specified, TLS1.3 is disabled. * libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous definition was non-functional. * API and ABI modifications: GNUTLS_ENABLE_RAWPK: Added GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK) GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated GNUTLS_PCERT_NO_CERT: Deprecated |
||
|---|---|---|
| .. | ||
| patches | ||
| buildlink3.mk | ||
| DESCR | ||
| distinfo | ||
| libgnutls-config.mk | ||
| Makefile | ||
| PLIST | ||