Release Notes: Libgcrypt 1.2.2 is required to fix a bug for forking GnuTLS servers. If you pass a X.509 CA or PGP trust database to the command line tool, it will now abort the connection if the server certificate validation fails. Use the parameter --insecure to continue even after certificate validation failures. The PKCS #12 API handles null passwords. Several build fixes and portability fixes.
Release Notes: The GNUTLS and GNUTLS-EXTRA libraries are now built with versioned symbols. Certtool now complains when reading out-of-range X.509 serial numbers, and it also uses the readline library (when available). Build problems are fixed on uClibc and Mingw32 platforms. Examples in doc/examples/ are fixed. Gnulib is now used for the core library, enabling future code cleanups. The gnutls-cli tool now use gnutls_certificate_verify_peers2. There are doc fixes for gnutls_transport_set_*. The included libtasn1 is now 0.2.17. zlib support is disabled if zlib.h is not present. There are several internal cleanups.
Release Notes: MiniLZO was updated to version 2.01 and moved to a separate directory. Collision between system LZO header files and MiniLZO the header file were fixed. liblzo functionality will now be tested in liblzo2 too. Minilibtasn1 is now 0.2.14 (no code changes were made). Some code changes were made to avoid GTK-DOC warnings.
Release Notes: An off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn was fixed. Some aspects of MiniLZO detection were fixed, and MiniLZO was updated to version 2.00. gnutls_x509_crt_list_import now accepts a DER-formatted CRL.
Release Notes: A bug in certificate chain verification was fixed. A new --fix-key parameter was added to certtool to regenerate the optional parameters in a private key. Fixes were made for 64-bit platforms. Gnulib portability files were updated.
Release Notes: This release fixes a bug in record packet parsing that could lead to a denial of service attack and a bug in RSA key exportation.
Release Notes: This release fixes a bug in record packet parsing that could lead to a denial of service attack. It fixes a bug in RSA key export. Previously exported keys can be fixed using certtool.
Release Notes: This release fixes an error in session resuming that could cause a crash in a session. It fixes the pkcs12-friendly name and local key identifier decoding. There were internal cleanups, duplicate typedef/struct definitions were removed, and makes source code include an external include file to check function prototypes during compile time. gnutls_error_to_alert() now considers GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET.
Release Notes: gnutls_bye() will no longer fail when RDWR is used and application data are available for reading. More strict checks for the SRP parameters. A warning to certtool when MD5 is being used for digital signatures. Optimizations ("-O2 -finline-functions") are not enabled by default. The option --get-dh-params has been added to certtool in order to get the parameters included in the library primes and generators. Improved semantics of X.509 certificate verification. Nettle self tests now build properly. Some memory leaks in DHE and RSA-EXPORT cipher suites have been eliminated. Some X.509 attribute functions have been added.
Release Notes: The API was cleaned up, so data types now use the "_t" suffix. SRP password authentication has been moved to the LGPL'ed part of the library. Fixes were made to handle denial of service problems when verifying long certificate chains. The manual was converted to Texinfo, and an API reference manual was added. Many bugfixes and improvements were made since the previous stable 1.0.x branch.