Release of GnuTLS 3.6.12
Release of GnuTLS 3.6.12 incorporating TLS1.3 related fixes and stability fixes. This is a stable release, and any potential new features must not be enabled by default to create a stable ABI (i.e., they can still be added but must be explicitly enabled by the application if applicable).
- Dummy getrandom() definition can cause have_getrandom() = 1, causing TLS failure
- gnutls accepts certificates including two instance of a particular extension
- Trusted CA certificates with keys that should have been rejected by the verification profile are accepted for TLS
- OCSP: server does not request client OCSP staples
- Should a certificate with two SAN instances be rejected?
- Gnutls3.6.7 accepts a certificate whose notbefore field is a non-digits string while openssl rejects such certificates
- Impossible to test post handshake authentication with tlsfuzzer
- Missing src/libopts/save-flags.[ch] in 3.6.11 release tarball
- It is not possible for server to check whether client requested OCSP stapling
- do not tolerate DER encoded certificates with invalid time format
- optional: provide support for x448