Updated: {gnutls/libgnutls26/libgnutls-devel}-2.8.6-1: Library implementing TLS 1.0 and SSL 3.0 protocols

Dr. Volker Zell dr.volker.zell@oracle.com
Tue May 18 15:10:00 GMT 2010


New versions of 'gnutls/libgnutls26/libgnutls-devel' have been uploaded to a server near you.

 o Update to latest upstream version

gnutls NEWS:
* Version 2.8.6 (released 2010-03-15)

** libgnutls: For CSRs, don't null pad integers for RSA/DSA value.
VeriSign rejected CSRs with this padding.  Reported by Wilankar Trupti
<trupti.wilankar@hp.com> and Boyan Kasarov <bkasarov@gmail.com>.

Note: As a side effect of this change, the "public key identifier"
value computed for a certificate using this version of GnuTLS will be
different from values computed using earlier versions of GnuTLS.

** libgnutls: For CSRs on DSA keys, don't add DSA parameters to the
** optional SignatureAlgorithm parameter field.
VeriSign rejected these CSRs.  They are stricly speaking not needed
since you need the signer's certificate to verify the certificate
signature anyway.  Reported by Wilankar Trupti
<trupti.wilankar@hp.com> and Boyan Kasarov <bkasarov@gmail.com>.

** libgnutls: When checking openpgp self signature also check the signatures
** of all subkeys.
Ilari Liusvaara noticed and reported the issue and provided test
vectors as well.

** libgnutls: Cleanups and several bug fixes.
Found by Steve Grubb and Tomas Mraz.

** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv.

** Fix --disable-valgrind-tests.
Reported by Ingmar Vanhassel in

** examples: Use the new APIs for printing X.509 certificate information.

** Fix build failures on Solaris.
Thanks to Dagobert Michelsen <dam@opencsw.org>.

** i18n: Updated Czech, Dutch, French, Polish, Swedish and Vietnamese
** translations.  Added Simplified Chinese translation.

** API and ABI modifications:
No changes since last version.

* Version 2.8.5 (released 2009-11-02)

** libgnutls: In server side when resuming a session do not overwrite the 
** initial session data with the resumed session data.

** libgnutls: Fix PKCS#12 encoding.
The error you would get was "The OID is not supported.".  Problem
introduced for the v2.8.x branch in 2.7.6.

** guile: Compatibility with guile 2.x.
By Ludovic Courtes <ludovic.courtes@laas.fr>.

** tests: Fix expired cert in chainverify self-test.

** tests: Fix time bomb in chainverify self-test.
Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in

** API and ABI modifications:
No changes since last version.

* Version 2.8.4 (released 2009-09-18)

** libgnutls: Enable Camellia ciphers by default.

** libgnutls: Make OpenPGP hostname checking work again.
The patch to resolve the X.509 CN/SAN issue accidentally broken
OpenPGP hostname comparison.

** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
Reported by Howard Chu <hyc@symas.com> in

** API and ABI modifications:
No changes since last version.


If you want to unsubscribe from the cygwin-announce mailing list, please
use the automated form at:


If this does not work, then look at the "List-Unsubscribe: " tag in the
email header of this message.  Send email to the address specified
there.  It will be in the format:


If you need more information on unsubscribing, start reading here:


Please read *all* of the information on unsubscribing that is available
starting at this URL.

More information about the Cygwin-announce mailing list