Now
MAIN commitmail json YAML
Updated gnutls to 3.5.15.
* Version 3.5.15 (released 2017-08-21)
** libgnutls: Disable hardware acceleration on aarch64/ilp32 mode. There is
no assembler code included for this CPU mode.
** certtool: Keys with provable RSA and DSA parameters are now only exported
in PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt.
This removes the need for a non-standard key format.
** API and ABI modifications:
No changes since last version.
* Version 3.5.14 (released 2017-07-04)
** libgnutls: Handle specially HSMs which request explicit authentication.
There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key
operation. Detect that state and try to login.
** libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs.
That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
a login will be forced. This improves operation on certain Safenet HSMs.
** libgnutls: do not set leading zeros when copying integers on HSMs.
PKCS#11 defines integers as unsigned having most significant byte
first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by
some HSMs which do not accept an integer with a leading zero. This
improves operation with certain Atos HSMs.
** libgnutls: Fixed issue discovering certain OCSP signers, and improved the
discovery of OCSP signer in the case where the Subject Public Key
identifier field matches. Resolves gitlab issue #223.
** gnutls-cli: ensure OCSP responses are saved with --save-ocsp even if
certificate verification fails.
** API and ABI modifications:
No changes since last version.
* Version 3.5.15 (released 2017-08-21)
** libgnutls: Disable hardware acceleration on aarch64/ilp32 mode. There is
no assembler code included for this CPU mode.
** certtool: Keys with provable RSA and DSA parameters are now only exported
in PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt.
This removes the need for a non-standard key format.
** API and ABI modifications:
No changes since last version.
* Version 3.5.14 (released 2017-07-04)
** libgnutls: Handle specially HSMs which request explicit authentication.
There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key
operation. Detect that state and try to login.
** libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs.
That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag
a login will be forced. This improves operation on certain Safenet HSMs.
** libgnutls: do not set leading zeros when copying integers on HSMs.
PKCS#11 defines integers as unsigned having most significant byte
first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by
some HSMs which do not accept an integer with a leading zero. This
improves operation with certain Atos HSMs.
** libgnutls: Fixed issue discovering certain OCSP signers, and improved the
discovery of OCSP signer in the case where the Subject Public Key
identifier field matches. Resolves gitlab issue #223.
** gnutls-cli: ensure OCSP responses are saved with --save-ocsp even if
certificate verification fails.
** API and ABI modifications:
No changes since last version.