- Updated to 3.4.11
* Version 3.4.11 (released 2016-04-11)
** libgnutls: Fixes in gnutls_record_get/set_state() with DTLS.
Reported by Fridolin Pokorny.
** libgnutls: Fixes in DSA key generation under PKCS #11. Report and
patches by Jan Vcelak.
** libgnutls: Corrected behavior of ALPN extension parsing during
session resumption. Report and patches by Yuriy M. Kaminskiy.
** libgnutls: Corrected regression (since 3.4.0) in
gnutls_server_name_set() which caused it not to accept non-null-
terminated hostnames. Reported by Tim Ruehsen.
** libgnutls: Corrected printing of the IP Adress name constraints.
** ocsptool: use HTTP/1.0 for requests. This avoids issue with servers
serving chunk encoding which ocsptool doesn't support. Reported by
Thomas Klute.
** certtool: do not require a CA for OCSP signing tag. This follows the
recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate
OCSP signing to another certificate without requiring it to be a CA.
Reported by Thomas Klute.
* Version 3.4.10 (released 2016-03-03)
** libgnutls: Eliminated issues preventing buffers more than 2^32 bytes
to be used with hashing functions.
** libgnutls: Corrected leaks and other issues in
gnutls_x509_crt_list_import().
** libgnutls: Fixes in DSA key handling for PKCS #11. Report and
patches by Jan Vcelak.
** libgnutls: Several fixes to prevent relying on undefined behavior
of C (found with libubsan).
* Version 3.4.9 (released 2016-02-03)
** libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would
OBS-URL: https://build.opensuse.org/request/show/387555
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=90
