Release of GnuTLS 3.6.6
Release of GnuTLS 3.6.6 incorporating TLS1.3 related fixes and stability fixes. This is a stable release, and any potential new features must not be enabled by default to create a stable ABI (i.e., they can still be added but must be explicitly enabled by the application if applicable).
Will mainly include fixes from:
See this issue for a description of the process followed.
- Two integer overflows in priority.c
- Non TLS-compliant behviour
- Check for Signed-off-by in CI
- PKCS#11: RSA-PSS should be enabled only when the private key can be used for signing
- ex-client-x509 3.6.5 cannot connect to gnutls-serv
- Incorrect alert for malformed Client Hello
- tests/suite/testrandom.sh occasionally never returns
- Service Desk (from firstname.lastname@example.org): [8-5416000025036] GnuTLS open source library causes apps to crash
- Service Desk (from email@example.com): failed CRL test w/ gnutls 3.6.5
- CertificateVerify msg with rsae private_key and rsa-pss signature scheme.
- Importing есс public keys and calculating bits
- Listening DTLS server responds with HELLO_VERIFY_REQUEST to most messages
- GNUTLS_PCERT_NO_CERT is unused
- Issue with GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION
- optional: add support for raw public keys under TLS1.3
- Add support for TLS handshake with raw public keys