CVS commit: pkgsrc/security/gnutls

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sat Jan 25 10:59:22 UTC 2014

Modified Files:
        pkgsrc/security/gnutls: Makefile distinfo

Log Message:
Update to 3.2.9 based on patch from Richard Palo.
Assembler issues still seem to be there at least on SunOS.

* Version 3.2.9 (released 2014-01-24)

** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.

** libgnutls: %COMPAT implies %DUMBFW.

** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.

* libgnutls: In PKCS #11 allow deleting multiple non-certificate data.

** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
configure option --with-default-trust-store-pkcs11), then the PKCS #11
token is used on demand to obtain the trusted anchors, rather than
preloading all trusted certificates. That delegates CA certificate management
and blacklist checking to the PKCS #11 module.

** libgnutls: When a PKCS #11 trust store is specified in configure option
or in gnutls_x509_trust_list_add_trust_file(), then the module is used
to obtain the verification anchors and any required blacklists as in
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html

** libgnutls: Fix in OCSP certificate status extension handling
in non-blocking servers. Patch by Nils Maier.

** p11tool: Added --so-login option to force login as security
officer (admin).

** API and ABI modifications:
No changes since last version.


To generate a diff of this commit:
cvs rdiff -u -r1.139 -r1.140 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.101 -r1.102 pkgsrc/security/gnutls/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.