| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* Version 1.3.2 (released 2005-12-15)
** GnuTLS now support TLS Inner application (TLS/IA).
This is per draft-funk-tls-inner-application-extension-01. This
functionality is added to libgnutls-extra, so it is licensed under the
GNU General Public License.
** New APIs to access the TLS Pseudo-Random-Function (PRF).
The PRF is used by some protocols building on TLS, such as EAP-PEAP
and EAP-TTLS. One function to access the raw PRF and one to access
the PRF seeded with the client/server random fields are provided.
Suggested by Jouni Malinen <jkmaline@cc.hut.fi>.
** New APIs to acceess the client and server random fields in a session.
These fields can be useful by protocols using TLS. Note that these
fields are typically used as input to the TLS PRF, and if this is your
intended use, you should use the TLS PRF API that use the
client/server random field directly. Suggested by Jouni Malinen
<jkmaline@cc.hut.fi>.
** Internal type cleanups.
The uint8, uint16, uint32 types have been replaced by uint8_t,
uint16_t, uint32_t. Gnulib is used to guarantee the presence of
correct types on platforms that lack them. The uint type have been
replaced by unsigned.
** API and ABI modifications:
New functions to invoke the TLS Pseudo-Random-Function (PRF):
gnutls_prf
gnutls_prf_raw
New functions to retrieve the session's client and server random values:
gnutls_session_get_server_random
gnutls_session_get_client_random
New function, to perform TLS/IA handshake:
gnutls_ia_handshake
New function to decide whether to do a TLS/IA handshake:
gnutls_ia_handshake_p
New functions to allocate a TLS/IA credential:
gnutls_ia_allocate_client_credentials
gnutls_ia_free_client_credentials
gnutls_ia_allocate_server_credentials
gnutls_ia_free_server_credentials
New functions to handle the AVP callback:
gnutls_ia_set_client_avp_function
gnutls_ia_set_client_avp_ptr
gnutls_ia_get_client_avp_ptr
gnutls_ia_set_server_avp_function
gnutls_ia_set_server_avp_ptr
gnutls_ia_get_server_avp_ptr
New functions, to toggle TLS/IA application phases:
gnutls_ia_require_inner_phase
New function to mix session keys with inner secret:
gnutls_ia_permute_inner_secret
Low-level API (used internally by gnutls_ia_handshake):
gnutls_ia_endphase_send
gnutls_ia_send
gnutls_ia_recv
New functions that can be used after successful TLS/IA negotiation:
gnutls_ia_generate_challenge
gnutls_ia_extract_inner_secret
Enum type with TLS/IA modes:
gnutls_ia_mode_t
Enum type with TLS/IA packet types:
gnutls_ia_apptype_t
Enum values for TLS/IA alerts:
GNUTLS_A_INNER_APPLICATION_FAILURE
GNUTLS_A_INNER_APPLICATION_VERIFICATION
New error codes, to signal when an application phase has finished:
GNUTLS_E_WARNING_IA_IPHF_RECEIVED
GNUTLS_E_WARNING_IA_FPHF_RECEIVED
New error code to signal TLS/IA verify failure:
GNUTLS_E_IA_VERIFY_FAILED
* Version 1.3.1 (released 2005-12-08)
** Support for DHE-PSK cipher suites has been added.
This method offers perfect forward secrecy.
** Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to
Otto Maddox <ottomaddox@fastmail.fm> and Nozomu Ando <nand@mac.com>.
** Corrected a bug in certtool for 64 bit machines. Reported
by Max Kellermann <max@duempel.org>.
** New function to set a X.509 private key and certificate pairs, and/or
CRLs, from an PKCS#12 file, suggested by Emile van Bergen
<emile@e-advies.nl>.
The integrity of the PKCS#12 file is protected through a password
based MAC; public-key based signatures for integrity protection are
not supported. PKCS#12 bags may be encrypted using password derived
symmetric keys, public-key based encryption is not supported. The
PKCS#8 keys may be encrypted using passwords. The API use the same
password for all operations. We believe that any more flexibility
create too much complexity that would hurt overall security, but may
add more PKCS#12 related APIs if real-world experience indicate
otherwise.
** gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys,
reported by Emile van Bergen <emile@e-advies.nl>.
This will enable "certtool -k -8" to parse those keys.
** Certtool now generate keys in unencrypted PKCS#8 format for empty passwords.
Use "certtool -p -8" and press press enter at the prompt. Earlier,
certtool would have encrypted the key using an empty password.
** Certtool now accept --password for --key-info and encrypted PKCS#8 keys.
Earlier it would have prompted the user for it, even if --password was
supplied.
** Added self test of PKCS#8 parsing.
Unencrypted and encrypted (pbeWithSHAAnd3-KeyTripleDES-CBC and
pbeWithSHAAnd40BitRC2-CBC) formats are tested. The test is in
tests/pkcs8.
** API and ABI modifications:
New function to set X.509 credentials from a PKCS#12 file:
gnutls_certificate_set_x509_simple_pkcs12_file
New gnutls_kx_algorithm_t enum type:
GNUTLS_KX_DHE_PSK
New API to return session data (better data types than
gnutls_session_get_data):
gnutls_session_get_data2
New API to set PSK Diffie-Hellman parameters:
gnutls_psk_set_server_dh_params
* Version 1.3.0 (2005-11-15)
** Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added.
This add several new APIs, see below. Read the updated manual for
more information. A new self test "pskself" has been added, that will
test this functionality.
** The session resumption data are now system independent.
** The code has been re-indented to conform to the GNU coding style.
** Removed the RIPEMD ciphersuites.
** Added a discussion of the internals of gnutls in manual.
** Fixes for Tru64 UNIX 4.0D that lack MAP_FAILED, from Albert Chin.
** Remove trailing comma in enums, for IBM C v6, from Albert Chin.
** Make sure config.h is included first in a few files, from Albert Chin.
** Don't use C++ comments ("//") as they are invalid, from Albert Chin.
** Don't install SRP programs and man pages if --disable-srp-authentication,
from Albert Chin.
** API and ABI modifications:
New gnutls_kx_algorithm_t key exchange type: GNUTLS_KX_PSK
New gnutls_credentials_type_t credential type:
GNUTLS_CRD_PSK
New credential types:
gnutls_psk_server_credentials_t
gnutls_psk_client_credentials_t
New functions to allocate PSK credentials:
gnutls_psk_allocate_client_credentials
gnutls_psk_free_client_credentials
gnutls_psk_free_server_credentials
gnutls_psk_allocate_server_credentials
New enum type for PSK key flags:
gnutls_psk_key_flags
New function prototypes for credential callback:
gnutls_psk_client_credentials_function
gnutls_psk_server_credentials_function
New function to set PSK username and key:
gnutls_psk_set_client_credentials
New function to set PSK passwd file:
gnutls_psk_set_server_credentials_file
New function to extract PSK user in server:
gnutls_psk_server_get_username
New functions to set PSK callback:
gnutls_psk_set_server_credentials_function
gnutls_psk_set_client_credentials_function
Use size_t instead of int for output size parameter:
gnutls_srp_base64_encode
gnutls_srp_base64_decode
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
* Version 1.2.9 (2005-11-07)
- Documentation was updated and improved.
- RSA-MD2 is now supported for verifying digital signatures.
- Due to cryptographic advances, verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ALGORITHM verification output. For
applications that must remain interoperable, you can use the
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5
flags when verifying certificates. Naturally, this is not
recommended default behaviour for applications. To enable the
broken algorithms, call gnutls_certificate_set_verify_flags with the
proper flag, to change the verification mode used by
gnutls_certificate_verify_peers2.
- Make it possible to send empty data through gnutls_record_send,
to align with the send(2) API.
- Some changes in the certificate receiving part of handshake to prevent
some possible errors with non-blocking servers.
- Added numeric version symbols to permit simple CPP-based feature
tests, suggested by Daniel Stenberg <daniel@haxx.se>.
- The (experimental) low-level crypto alternative to libgcrypt used
earlier (Nettle) has been replaced with crypto code from gnulib.
This leads to easier re-use of these components in other projects,
leading to more review and simpler maintenance. The new configure
parameter --with-builtin-crypto replace the old --with-nettle, and
must be used if you wish to enable this functionality. See README
under "Experimental" for more information. Internally, GnuTLS has
been updated to use the new "Generic Crypto" API in gl/gc.h. The
API is similar to the old crypto/gc.h, because the gnulib code were
based on GnuTLS's gc.h.
- Fix compiler warning in the "anonself" self test.
- API and ABI modifications:
gnutls_x509_crt_list_verify: Added 'const' to prototype in <gnutls/x509.h>.
This doesn't reflect a change in behaviour,
so we don't break backwards compatibility.
GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value.
GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value.
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values.
Use when calling
gnutls_x509_crt_list_verify,
gnutls_x509_crt_verify, or
gnutls_certificate_set_verify_flags.
GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value,
used when broken signature algorithms
is used (currently RSA-MD2/MD5).
LIBGNUTLS_VERSION_MAJOR,
LIBGNUTLS_VERSION_MINOR,
LIBGNUTLS_VERSION_PATCH,
LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS
version number, can be used for feature existence
tests.
|
|
* Version 1.2.8 (2005-10-07)
- Libgcrypt 1.2.2 is required to fix a bug for forking GnuTLS servers.
- Don't install the auxilliary libexamples library used by the
examples in doc/examples/ on "make install", report and tiny patch
from Thomas Klausner
- If you pass a X.509 CA or PGP trust database to the command line
tool, it will now abort the connection if the server certificate
validation fails. Use the parameter --insecure to continue even
after certificate validation failures. Inspired from discussion
with Alexander Kotelnikov
- The test for socklen_t has been moved to gnulib.
- Link failures for duplicate or missing "program_name" symbol has been fixed,
patch from Martin Lambers
- The command line tool and the examples no longer uses mmap or bzero,
to make them more portable, patch from Martin Lambers
- Made the PKCS #12 API handle null passwords. Based on patch by
Anton Altaparmakov
- The GTK-DOC manual should build with current released tools.
(But a copy of the output is included, so the tools are not required.)
- API and ABI modifications:
No changes since last version.
|
|
* Version 1.2.7 (2005-09-09)
- The GNUTLS and GNUTLS-EXTRA libraries are now built with versioned symbols.
- Certtool now complains when reading out-of-range X.509 serial
numbers, suggested by Fran
- Certtool now uses the readline library (when available) when reading
X.509 serial numbers.
- Fixed build problems in getpass on uClibc and Mingw32 platforms.
- Fixed compile warning regarding socklen_t on Mingw32, reported by
Martin Lambers
- Fixed examples in doc/examples/, suggested by Fran
- Gnulib is now used for the core library, enabling future code cleanups.
- The gnutls-cli tool now use gnutls_certificate_verify_peers2,
suggested by Daniel Stenberg
- Doc fixes for gnutls_transport_set_push and gnutls_transport_set_pull.
- Minilibtasn1 is now 0.2.17 (removed optional use of C99 macros).
- Disable zlib support if zlib.h is not present.
- A number of internal cleanups.
- API and ABI modifications:
No changes since last version.
pkgsrc change: do not install libexamples (looks like a bug)
|
|
|
|
- MiniLZO updated to version 2.01 and moved to separate directory.
- Collision between system LZO header files and MiniLZO header file fixed.
- Will now test for liblzo functionality in liblzo2 too.
- Minilibtasn1 is now 0.2.14 (no code changes).
- Some code changes to avoid GTK-DOC warnings.
- API and ABI modifications:
No changes since last version.
|
|
|
|
* Version 1.2.5 (2005-07-03)
- More builddir != srcdir fixes, reported by Mike Castle
- Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn,
reported by Adam Langley
- Corrected some stuff in minilzo detection. Pointed out by
Sergey Lipnevich.
- MiniLZO updated to version 2.00.
- gnutls_x509_crt_list_import now accept a DER formatted CRL.
- API and ABI modifications:
No changes since last version.
|
|
* Version 1.2.4 (2005-05-28)
- Corrected some bugs that could affect 64 bit systems.
- Some corrections in the header files to include the prototype
of memmem properly (affected 64 bit systems). Report and patch
by Yoann Vandoorselaere <yoann@prelude-ids.org>.
- Introduced the --fix-key option to certtool, which can be used to
regenerate the (optional) parameters in a private key. It should
be used together with --key-info.
- Corrected a bug in certificate chain verification that could lead
to marking a trusted chain as non trusted, if the last certificate in
the chain was a self signed one.
- Gnulib portability files were updated.
- License were updated to reflect new FSF address.
|
|
|
|
* Version 1.2.3
- Corrected bug in record packet parsing that could lead
to a denial of service attack.
- Corrected bug in RSA key export. Previously exported keys
can be fixed using certtool. Use certtool -k <infile >outfile
- API and ABI modifications:
gnutls_x509_privkey_fix(): Add.
* Version 1.2.2 (2005-04-25)
- gnutls_error_to_alert() now considers
GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET.
- Fixed error in session resuming that could cause a crash in a session.
- Fixed pkcs12 friendly name and local key identifier decoding.
- Internal cleanups, removed duplicate typedef/struct definitions,
and made source code include external include file, to check
function prototypes during compile time.
- API and ABI modifications:
No changes since last version. At least not intentional, but due
to the include header changes, there may be inadvertant changes,
please let us know if you find any.
|
|
|
|
* Version 1.2.1 (2005-04-04)
- gnutls_bye() will no longer fail when RDWR is used and application
data are available for reading.
- Added more strict checks for the SRP parameters (g,n), when they
are not in the included list.
- Added warning to certtool when MD5 is being used for digital
signatures.
- Optimizations ("-O2 -finline-functions") are not enabled by default,
instead the standard autoconf defaults are used. Use `./configure
CFLAGS="-O2 -finline-functions"' to get the old optimizations.
- Added the option --get-dh-params to certtool, in order to get the
included in the library primes and generators.
- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to
allow only trusted Version 1 CAs and introduced
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics.
- Nettle self tests now build properly, reported by Pierre
- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites.
Reported by Yoann Vandoorselaere
- Added the functions:
gnutls_x509_crt_list_import(),
gnutls_x509_crq_get_attribute_by_oid(),
gnutls_x509_crq_set_attribute_by_oid() and
gnutls_x509_crt_set_extension_by_oid().
- If the library has been compiled with features disabled, a warning is
issued during the compilation of any program.
|
|
files. This makes the package build on platforms without makeinfo.
Patch provided by Darrin B. Jewell in PR pkg/29869.
|
|
to UTC. Fixes PR 29530.
|
|
|
|
We are pleased to announce the availability of GnuTLS 1.2.0!
This release is the result of the 23 development releases made on the
development branch (1.1.x).
Major changes compared to the 1.0 branch include:
* Moved SRP password authentication from the GnuTLS-extra library
(licensed under GPL) to the core library (licensed under LGPL).
* The API has been cleaned up, and data types now use a '_t' suffix.
* Fixes to handle denial of service problem when verifying long
certificate chains.
* The manual has been converted to Texinfo and is consequently
available in many formats, see:
<http://josefsson.org/gnutls/manual/>
* A reference API manual has been added, and is available in HTML and
DevHelp formats, thanks to GTK-DOC, see:
<http://josefsson.org/gnutls/reference/gnutls-gnutls.html>
The 1.2.0 version is intended to be stable, and to be a drop-in
replacement of the stable 1.0.x branch.
We encourage developers to move to the 1.2 branch as soon as possible,
since we will now spend less time improving version 1.0.x.
We are not planning to open a 1.3 development branch soon, because
there are no plans to start work on any major new feature today.
Instead, we will continue to carefully improve the quality of this
release over time.
Improving GnuTLS is costly, but you can help! We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.
|
|
Noteworthy changes since the last release:
- Replace GNU LD version script with Libtool -export-symbols-regex,
from Joe Orton <joe at manyfish.co.uk>.
- Copy libtasn1 has been updated to version 0.2.11.
- Corrected the write of CRL distribution points.
- It is now possible to generate PKCS#12 structures without private
keys using "certtool --to-p12", suggested by Fabian Fagerholm
<fabbe at paniq.net>.
|
|
Version 1.0.22 (28/10/2004)
- Print DN of certificates with unknown characters in them, but in hexform
only.
- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the actual OID.
- Added second precision to the X.509 parsing functions.
- Add parameter --la-file to libgnutls-config and libgnutls-extra-config,
tiny patch contributed by Joe Orton <joe@manyfish.co.uk>.
- Add pkg-config meta files, suggested by Stéphane LOEUILLET
<stephane.loeuillet@tiscali.fr>.
- Fix memory initializaion bug in gnutls_certificate_set_x509_trust,
tiny patch by Aleix Conchillo Flaque <aleix@member.fsf.org>.
- Fix certtool --password for PKCS #12, back ported from 1.1.x branch.
- Fix library order in libgnutls*-config --libs output, to permit
static linking, reported by Yoann Vandoorselaere
<yoann@prelude-ids.org>.
Version 1.0.21 (07/10/2004)
- Fix memory leak in gnutls_certificate_verify_peers and
gnutls_certificate_free_credentials, report and patch by Simon
Posnjak <simon.posnjak@cetrtapot.si>.
- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting
a key and no certificate to PKCS#12.
- Fix objdir != srcdir builds, reported by "Gerrit P. Haase"
<gp@familiehaase.de>.
- Avoid redefining getpass if system already has it, reported by
Yoann Vandoorselaere <yoann@prelude-ids.org>.
- Add new example "ex-rfc2818" for certificate verification, from Nikos.
- Known bug: the library require snprintf.
|
|
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
|
|
|
|
changes:
-bugfixes
-adds some limits to the verification functions to avoid denial of
service attacks
-selftests added
|
|
RM=${RM} in MAKE_ENV.
|
|
|
|
- Some complilation fixes.
- Added the --xml parameter to the certtool utility.
Changes 1.0.12:
- Corrected bug in OpenPGP key loading using a callback.
- Renamed gnutls-srpcrypt to srptool
- Allow handshake requests by the client.
* Things backported from the development branch:
- Added support for authority key identifier and the extended key usage
X.509 extension fields. The certtoool was updated to support them.
- Added batch support to certtool. Now it can use templates.
- The RC2 cipher is no more included. The one in libgcrypt is now used.
Changes 1.0.11:
- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name()
- Corrected bug in TLS renegotiation.
Changes 1.0.10:
- Corrected bug in RSA parameters handling which could cause
unexpected crashes.
- Corrected bug in SSL 3.0 authentication.
|
|
worked before (maybe the joys of make replace did not expose the problem)...
Fixes PR pkg/25304.
|
|
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
|
|
|
|
buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
|
|
Version 1.0.8 (28/02/2004)
- Corrected bug in mutual certificate authentication in SSL 3.0.
- Several other minor bugfixes.
Version 1.0.7 (25/02/2004)
- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection hack).
- Some updates in the documentation.
|
|
|
|
|
|
|
|
relative to ${WRKSRC}. Remove redundant LIBTOOL_OVERRIDE settings that
are automatically handled by the default setting in bsd.pkg.mk.
|
|
|
|
|
|
Version 1.0.4 (04/01/2004)
- Changed handshake behaviour to send the lowest TLS version
when an unsupported version was advertized. The current behaviour
is to send the maximum version we support.
- certtool no longer asks the password in unencrypted private
keys.
- The source is now compiled to use the reentrant libc functions.
|
|
- Corrected bug in gnutls_bye() which made it return an error code
of INVALID_REQUEST instead of success.
- Corrected a bug in the GNUTLS_KEY key usage definitions.
|
|
|
|
Changes:
o Corrected a bug in the RSA key generation. This was
generating unusable RSA keys.
|
|
Changes since 1.0.0:
- Some minor fixes in the makefiles. They now include CFLAGS
from libgcrypt or opencdk if installed in a non standard directory.
- Fixed the SRP detection test in gnutls-cli-debug.
- Added gnutls_rsa_params_export_pkcs1() and
gnutls_rsa_params_import_pkcs1().
|
|
Changes:
- Exported the static SRP group parameters.
- Some fixes in the certificate authenticated SRP ciphersuites.
- Improved the support for draft-ietf-tls-srp-05. The two-phase
handshake is now fully supported without any interaction with
the application layer (except for a callback).
- Some fixes in the openpgp authentication.
- Removed the Twofish cipher.
- The openssl compatibility layer was moved to gnutls-openssl
library instead of being included in the gnutls-extra library.
- Added the RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04.
- Building with openpgp support is now mandatory.
- gnutls4 compatibility header is no longer included by default in
gnutls.h.
- gnutls8 function usage yelds a deprecation warning in gcc3.
- gnutls_x509_*_set_dn_by_oid() and gnutls_x509_*_get_*_dn_by_oid()
functions have a raw_flag parameter added.
- The certtool utility can now generate PKCS #12 structures
without specifying a certificate.
- Added capability to read CRLs to certtool.
- Corrected some functions which return GNUTLS_E_SHORT_MEMORY_BUFFER
to properly set the required buffer size.
- Corrected a bug in libgcrypt detection.
And more...
|
|
own security/libtasn1 package, which is too new to work fine with gnutls.
While here, add missing dependency on devel/zlib.
Fixes PR pkg/23172; reviewed by wiz@. Bump PKGREVISION to 1.
|
|
|
|
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.
|
|
GnuTLS is a portable ANSI C based library which implements the TLS 1.0 and SSL
3.0 protocols. The library does not include any patented algorithms and is
available under the GNU Lesser GPL license.
Important features of the GnuTLS library include:
- Thread safety
- Support for both TLS 1.0 and SSL 3.0 protocols
- Support for both X.509 and OpenPGP certificates
- Support for basic parsing and verification of certificates
- Support for SRP for TLS authentication
- Support for TLS Extension mechanism
- Support for TLS Compression Methods
Additionaly GnuTLS provides an emulation API for the widely used OpenSSL
library, to ease integration with existing applications.
Package provided by Juan RP via pkgsrc-wip with modifications by me.
|
