- gnutls.keyring: Nikos key refreshed to be unexpired
- GnuTLS 3.6.2:
* libgnutls: When verifying against a self signed certificate ignore issuer.
That is, ignore issuer when checking the issuer's parameters strength,
resolving issue #347 which caused self signed certificates to be
additionally marked as of insufficient security level.
* libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
MTU calculation now, it correctly accounts for the fixed overhead due to
padding (as 1 byte), while at the same time considers the rest of the
padding as part of data MTU.
* libgnutls: Address issue of loading of all PKCS#11 modules on startup
on systems with a PKCS#11 trust store (as opposed to a file trust store).
Introduced a multi-stage initialization which loads the trust modules, and
other modules are deferred for the first pure PKCS#11 request.
* libgnutls: The SRP authentication will reject any parameters outside
RFC5054. This protects any client from potential MitM due to insecure
parameters. That also brings SRP in par with the RFC7919 changes to
Diffie-Hellman.
* libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
for SRP authentication.
* libgnutls: Addressed issue in the accelerated code affecting
interoperability with versions of nettle >= 3.4.
* libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
* libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
Vitezslav Cizek).
* srptool: the --create-conf option no longer includes 1024-bit parameters.
* p11tool: Fixed the deletion of objects in batch mode.
- Dropped gnutls-check_aes_keysize.patch as it is included upstream now.
OBS-URL: https://build.opensuse.org/request/show/587401
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=108
- Disable all ECC algorithms.
- gnutls-32bit.patch: upstream patch to make test
work with 32bit time_t.
- gnutls-implement-trust-store-dir.diff
currently not yet forward ported.
- Updated to GnuTLS 3.2.1
** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
openssl versions.
** libgnutls: Fixes in interrupted function resumption. Report
and patch by Tim Kosse.
** libgnutls: Corrected issue when receiving client hello verify
requests in DTLS.
** libgnutls: Fixes in DTLS record overhead size calculations.
** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by
Mann Ern Kang.
- Updated to GnuTLS 3.2.0
** libgnutls: Use nettle's elliptic curve implementation.
** libgnutls: Added Salsa20 cipher
** libgnutls: Added UMAC-96 and UMAC-128
** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
As they are not standardized they are defined using private ciphersuite numbers.
** libgnutls: Added support for DTLS 1.2.
** libgnutls: Added support for the Application Layer Protocol
Negotiation (ALPN) extension.
** libgnutls: Removed support for the RSA-EXPORT ciphersuites.
** libgnutls: Avoid linking to librt (that also avoids unnecessary
linking to pthreads if p11-kit isn't used).
- Updated to GnuTLS 3.1.10 (released 2013-03-22)
** certtool: When generating PKCS #12 files use by default the
ARCFOUR (RC4) cipher to be compatible with devices that don't
OBS-URL: https://build.opensuse.org/request/show/181378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=58
