- Version update to 3.6.4:
** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
gnutls_certificate_set_retrieve_function() which could not handle the case where
no certificates were returned, or the callbacks were set to NULL (see #528).
** libgnutls: gnutls_handshake() on server returns early on handshake when no
certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
is specified.
** libgnutls: Added session ticket key rotation on server side with TOTP.
The key set with gnutls_session_ticket_enable_server() is used as a
master key to generate time-based keys for tickets. The rotation
relates to the gnutls_db_set_cache_expiration() period.
** libgnutls: The 'record size limit' extension is added and preferred to the
'max record size' extension when possible.
** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
This addresses the problem where the CA certificate doesn't have a subject key
identifier whereas the end certificates have an authority key identifier (#569)
** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
and export GOST parameters in the "native" little endian format used for these
curves. This is an intentional incompatible change with 3.6.3.
** libgnutls: Added support for seperately negotiating client and server certificate types
as defined in RFC7250. This mechanism must be explicitly enabled via the
GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
OBS-URL: https://build.opensuse.org/package/show/security:tls/gnutls?expand=0&rev=10
This commit is contained in:
Tomáš Chvátal
Git OBS Bridge
parent
65aedfc27d
commit
60b4dea541
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ed642b66a4ecf4851ab2d809cd1475c297b6201d8e8bd14b4d1c08b53ffca993
|
||||
size 8010284
|
||||
Binary file not shown.
3
gnutls-3.6.4.tar.xz
Normal file
3
gnutls-3.6.4.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c663a792fbc84349c27c36059181f2ca86c9442e75ee8b0ad72f5f9b35deab3a
|
||||
size 8076364
|
||||
BIN
gnutls-3.6.4.tar.xz.sig
Normal file
BIN
gnutls-3.6.4.tar.xz.sig
Normal file
Binary file not shown.
@ -1,3 +1,31 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 15 08:26:48 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Version update to 3.6.4:
|
||||
** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
|
||||
** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
|
||||
gnutls_certificate_set_retrieve_function() which could not handle the case where
|
||||
no certificates were returned, or the callbacks were set to NULL (see #528).
|
||||
** libgnutls: gnutls_handshake() on server returns early on handshake when no
|
||||
certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
|
||||
is specified.
|
||||
** libgnutls: Added session ticket key rotation on server side with TOTP.
|
||||
The key set with gnutls_session_ticket_enable_server() is used as a
|
||||
master key to generate time-based keys for tickets. The rotation
|
||||
relates to the gnutls_db_set_cache_expiration() period.
|
||||
** libgnutls: The 'record size limit' extension is added and preferred to the
|
||||
'max record size' extension when possible.
|
||||
** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
|
||||
This addresses the problem where the CA certificate doesn't have a subject key
|
||||
identifier whereas the end certificates have an authority key identifier (#569)
|
||||
** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
|
||||
gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
|
||||
and export GOST parameters in the "native" little endian format used for these
|
||||
curves. This is an intentional incompatible change with 3.6.3.
|
||||
** libgnutls: Added support for seperately negotiating client and server certificate types
|
||||
as defined in RFC7250. This mechanism must be explicitly enabled via the
|
||||
GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 18 08:39:56 UTC 2018 - schwab@suse.de
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@ -20,8 +20,8 @@
|
||||
%define gnutlsxx_sover 28
|
||||
%define gnutls_dane_sover 0
|
||||
|
||||
# unbound isn't in SLE (bsc#1086428)
|
||||
%if 0%{?is_opensuse}
|
||||
# unbound isn't in SLE12 (bsc#1086428)
|
||||
%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500
|
||||
%bcond_without dane
|
||||
%else
|
||||
%bcond_with dane
|
||||
@ -29,7 +29,7 @@
|
||||
%bcond_with tpm
|
||||
%bcond_without guile
|
||||
Name: gnutls
|
||||
Version: 3.6.3
|
||||
Version: 3.6.4
|
||||
Release: 0
|
||||
Summary: The GNU Transport Layer Security Library
|
||||
License: LGPL-2.1-or-later AND GPL-3.0-or-later
|
||||
|
||||
Loading…
Reference in New Issue
Block a user