Release of GnuTLS 3.6.8
Release of GnuTLS 3.6.8 incorporating TLS1.3 related fixes and stability fixes. This is a stable release, and any potential new features must not be enabled by default to create a stable ABI (i.e., they can still be added but must be explicitly enabled by the application if applicable).
- GNUTLS_PROFILE_FUTURE missing
- Certtool doesn't allow keyusage Digital signature in CA certificates
- _gnutls_srp_entry_free safety feature bug
- gnutls_pubkey_verify_data2 calls fail erroneously with GNUTLS_E_INVALID_REQUEST when GNUTLS_VERIFY_DISABLE_CA_SIGN flag is set
- Regression in 3.6 when built with mingw
- [3.6.7] Impossible to override install location of Guile bindings
- Service Desk (from firstname.lastname@example.org): potential null pointer de-reference bugs.
- gnutls_prf_rfc5705() API not exposed by command line utilities
- Unwanted -lunistring leak to global LIBS in configure
- gnutls client should not negotiate TLS 1.3 if the private key from PKCS#11 does not support RSA-PSS nor raw-RSA
- Consistent header guards
- gnutls_idna_map() hostname conversion vulnerability
- multiple issues in handling KeyUpdate messages
- add support for AES-XTS mode