Various fixes, see below. Remember, the GnuTLS 1.7.x branch is NOT
what you want for your stable system. It is intended for developers
and experienced users.
* Version 1.7.6 (released 2007-02-12)
** Support for 'otherName' Subject Alternative Names.
The existing API gnutls_x509_crt_get_subject_alt_name may now return
the new type GNUTLS_SAN_OTHERNAME together with the otherName value.
To find out the otherName OID (necessary for proper parsing of the
value), use the new API gnutls_x509_crt_get_subject_alt_othername_oid.
For known OIDs, gnutls_x509_crt_get_subject_alt_othername_oid will
return "virtual" SAN values, e.g., GNUTLS_SAN_OTHERNAME_XMPP to
simplify OID matching. Suggested by Matthias Wimmer .
** Certtool can print otherName SAN values for certificates.
For known otherName OIDs (currently only id-on-xmppAddr as defined by
RFC 3920), it will also print the name.
** Fix TLS 1.2 RSA signing in servers.
Before it used the old-style MD5+SHA1 signature, but the TLS
signatures should be normal PKCS#1 signatures. FYI, we use and
require that DigestInfo parameters are present and NULL for TLS 1.2.
** Add APIs to access X.509 extensions sequentially.
The existing APIs gnutls_x509_crt_get_extension_oid() and
gnutls_x509_crt_get_extension_by_oid() does not permit callers to
inspect the extensions in the order defined by the certificate.
** Add API to extract signature value from X.509 certificates.
The function is gnutls_x509_crt_get_signature.
** Fix crash when generating proxy certificates in batch mode.
If you don't specify a proxy policy in batch mode, it will use
** Add API to print information about X.509 certificates.
The function is gnutls_x509_crt_print.
** Certtool uses the new API gnutls_x509_crt_print to print certificate
One consequence of this is that the output syntax has changed
slightly. Some more fields are printed.
** Doc fixes.
** API and ABI modifications:
gnutls_certificate_print_formats_t: ADD, new enum.
GNUTLS_SAN_OTHERNAME: ADD, new gnutls_x509_subject_alt_name_t element.
GNUTLS_SAN_OTHERNAME_XMPP: ADD, new gnutls_x509_subject_alt_name_t element.
Here are the compressed sources (4.2MB):
Here are GPG detached signatures signed using key 0xB565716F:
Here are the SHA-1 and SHA-224 checksums:
Improving GnuTLS is costly, but you can help! We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.
Commercial support contracts for GnuTLS are available, and they help
finance continued maintenance. Simon Josefsson Datakonsult, a
Stockholm based privately held company, is currently funding GnuTLS
maintenance. We are always looking for interesting development
projects. See http://josefsson.org/ for more details.