3 * Fixed one kind of handshake failure to return the correct error
4 code under gnutls 3.x (allowing libsoup to recognize the error and
5 do fallback to SSL 3.0). (#694812)
7 * Updated translations:
8 Chinese (traditional), French, German, Punjabi, Uyghur,
13 * proxy/gnome: ported to new GSimpleProxyResolver, and added more
16 * gnutls: Fixed a small per-connection leak (#693718)
18 * tls/tests: Fixed several race conditions that caused spurious
21 * Updated translations:
26 * proxy/gnome: Fixed several bugs:
28 * Multithreaded usage could result in crashes
30 * In "automatic" mode, synchronous lookups would obey
31 ignore-hosts, but asynchronous lookups would not. (Now they
34 * lookup_async() would never notice if the proxy settings
35 switched from "automatic" to "manual" or "none" (and would
36 make a synchronous D-Bus call when switching in the other
39 * If given an invalid URI, lookup_async() would return a
40 successful result (and leak the GError that it was supposed
41 to have returned), and lookup() would return both the error
42 and the proxy (leaking one or the other, depending on how
45 * Updated translations:
46 Italian, Malayalam, Norwegian bokmål, Serbian, Uyghur
50 * proxy/gnome: The tests should now work correctly even if
51 run from a non-GNOME environment. (Robert Ancell)
53 * Updated translations:
54 Brazilian Portuguese, Bulgarian, Estonian, Galician, Greek,
59 * build: The TLS tests are now not built if you are building without
60 gnutls support. (Saleem Abdulrasool)
62 * gnutls: Several handshaking fixes:
64 * Fix a hang when doing a synchronous close() immediately
65 after cancelling an asynchronous handshake() (which would
66 happen in libsoup if you cancelled a message at the right
69 * Avoid an assertion when an implicit handshake fails
72 * Fixed GTlsServerConnection:authentication-mode to work
73 again, and added a regression test for this. (#689259, Stef)
75 * Return the appropriate error
76 (G_TLS_ERROR_CERTIFICATE_REQUIRED) when a handshake fails
77 because the server required a certificate but none was
78 provided, and added a test for this. (#689260, Stef)
80 * Make g_io_stream_close() finish successfully after a failed
81 handshake (#689260, Stef)
83 * Make g_io_stream_close() finish successfully before a
84 handshake (#689271, Stef)
86 * gnutls: Updated to be aware of G_IO_ERROR_BROKEN_PIPE in glib
87 2.35.3, which needs to be converted to G_TLS_ERROR_NOT_TLS in some
88 cases. (Previously this error showed up as just G_IO_ERROR_FAILED.)
91 * proxy/gnome: This is now only used in GNOME login sessions (as,
92 essentially, a more efficient version of the libproxy GNOME
93 backend); in non-GNOME sessions, gio will now fall back to the
94 libproxy plugin, allowing environment variables or other libproxy
95 settings backends to be used.
97 * New/Updated translations:
98 Czech, Hebrew, Lithuanian, Polish, Slovak, Spanish
102 * Update for glib 2.35.1; remove g_type_init() calls and port to
105 * Updated translations:
110 * Updated translations:
111 Arabic, Bulgarian, Catalan (Valencian), Catalan, Chinese
112 (Simplified), Hindi, Japanese, Thai
116 * Updated translations:
117 Brazilian Portuguese, British English, Czech, Danish, Finnish,
118 French, German, Korean, Punjabi
122 * gnutls: Revert the addition of the certificate-bytes and
123 private-key-bytes properties to GTlsCertificateGnutls, since they
124 were reverted in glib. (#682081, Stef)
126 * Updated translations:
127 Belarusian, Hungarian, Indonesian, Italian, Latvian, Polish,
132 * gnutls: Improved the certificate verifying code to deal with the
133 case of a CA being reissued with the same key but a different
134 signature algorithm. (#681299, Stef)
136 * gnutls: Fixed an uninitialized variable in
137 g_tls_connection_gnutls_close(). (#681636)
139 * Updated translations:
140 Assamese, Portuguese, Telugu
144 * gnutls: If a GTlsConnection gets an error when handshaking, it
145 will now continue to return that error message on future I/O
146 attempts, rather than behaving in an undefined manner.
148 * gnutls: You can now read from a GTlsConnection's input stream and
149 write to its output stream at the same time (either in different
150 threads, or asynchronously in a single thread). (#660252)
152 * Updated translations:
153 Chinese (traditional), Galician, Greek, Hebrew, Lithuanian,
154 Norwegian bokmål, Russian, Serbian, Slovenian, Spanish
158 * Updated autogen.sh (in particular to support automake 1.12)
161 * gnutls: fix the use-system-certdb property on GTlsConnectionGnutls
162 (previously, setting it to FALSE was a no-op).
164 * Updated translations:
165 Dutch, Greek, Indonesian
169 * gnutls: simplify using new glib pollable stream methods
171 * proxy/gnome: fix a bug that made it impossible to use SOCKS
172 without also having a separate http proxy.
176 * gnutls: added /etc/ssl/ca-bundle.pem to the list of files to check
177 for to use as the default CA list. (This is what openSUSE uses.)
178 (#673944, Federico Mena Quintero)
180 * Updated translations:
181 Catalan (Valencian), Marathi, Odia, Persian
185 * New/updated translations:
186 Hindi, Japanese, Khmer, Latvian, Malayalam
190 * Updated translations:
191 British English, Catalan, Finnish, Lithuanian, Portuguese,
196 * gnutls: Fixed a linking problem on some platforms when PKCS#11 is
197 enabled. (#670956, Kalev Lember)
199 * Updated translations:
200 Assamese, Basque, Belarusian, Brazilian Portuguese, Danish,
201 Estonian, French, German, Hungarian, Italian, Korean, Polish,
206 * gnutls: Fixed a TLS handshaking bug that in particular caused lots
207 of crashes in epiphany. (#658771)
209 * tls/tests: Fixed a bug in the pkcs11-pin test that could cause it
212 * Updated translations:
213 Bulgarian, Chinese (traditional), Czech, Japanese,
214 Norwegian bokmål, Turkish, Vietnamese
219 * Support gnutls built against nettle instead of gcrypt
222 * Implement TLS session caching for GTlsServerConnection
225 * tls/tests: Explicitly request the memory GSettings backend, to
226 avoid warnings in partial jhbuild environments
228 * proxy/gnome: Update to use GInetAddressMask
230 * Updated translations:
231 Chinese (simplified), Hebrew, Norwegian bokmål, Slovenian,
237 * Added gnutls-pkcs11 backend, which uses gnutls 2.12.8 and
238 p11-kit (a new optional dependency) to provide access to
239 PKCS#11 tokens. At the moment, this is only enabled if you
240 set GIO_USE_TLS=gnutls-pkcs11 in the environment. (Stef,
243 * GTlsCertificateGnutls can now read unencrypted PKCS#8 keys
244 (which show "BEGIN PRIVATE KEY" in PEM form) in addition to
245 the previously-supported PKCS#1 keys ("BEGIN RSA PRIVATE
248 * Updated translations:
249 Galician, German, Lithuanian, Norwegian bokmål, Spanish,
255 * Bumped required GNUTLS version to 2.11.0 and updated
256 code for that (Stef, #656903)
258 * Fixed a crash when passing a NULL GCancellable to
259 g_tls_connection_close_async() (Dan, #659786) or a NULL
260 GError to g_tls_file_database_new().
262 * Fixed handling of self-signed CA certificates in
263 GTlsDatabaseGnutls (Dan, #660508)
265 * Added another G_TLS_ERROR_NOT_TLS (aka "dumb server, try
266 falling back from TLS to SSLv3") case, when the handshake
267 completes but then packets after that don't decrypt
268 correctly. (Dan, #662104)
270 * Made sure that GTlsConnection:peer-certificate and
271 :peer-certificate-errors get set even when the peer
272 certificate is rejected. (Dan)
275 * Fixed ignore_hosts handling (Dan, #655581)
277 * Fixed configure check so that "--without-gnome-proxy" works.
278 (Alexandre Rostovtsev, #662203)
280 * Fixed tests to only build the gnome proxy test if we're
281 building the gnome proxy. (Kalev Lember, #662085)
288 * Updated translation:
293 * New/updated translations:
294 Belarusian, Tamil, Japanese
296 * gnutls: Fixed a problem when linking against GNUTLS 3.0, where
297 connections would sometimes return the error "The TLS connection
298 was non-properly terminated". (Dan Winship, #659233)
300 * gnutls: Plugged a few memory leaks (Dan Winship)
304 * gnutls: fixed two rehandshaking bugs; one in which a client
305 would erroneously report an error after successfully rehandshaking
306 (Igor Makarov, #653645), and one where initiating an asynchronous
307 rehandshake on the server side would send illegal packets and
308 cause the client to disconnect (Dan Winship).
310 * gnutls: made GTlsDatabaseGnutls and GTlsFileDatabaseGnutls
311 properly cancellable (Stef Walter)
313 * gnutls: fixed the client-side session cache to not share session
314 IDs between different virtual hosts on the same IP address, which
315 caused problems with some servers. (Dan Winship, #581342)
317 * tls: Fixed up the tls test program so it can be run from "make
325 * gnutls: implement GTlsDatabase (Stef Walter, #636572)
327 * gnutls: override minimum key length, to allow connecting to HTTP
328 servers with very small keys (eg, on some embedded devices). (Dan
331 * gnutls: use %COMPAT mode, which makes GNUTLS behave more like
332 OpenSSL/NSS/Windows in a few ways, making it work with certain
333 broken HTTP servers. (Dan Winship, part of #581342)
335 * gnutls: fixed a crash when passed a NULL GError (Dan Winship)
339 * Optimized GDBus usage in PACRunner (davidz)
341 * Fixed a race condition in GProxyResolverGnome (davidz)
343 * Changed configure to --enable-maintainer-mode by default,
347 Belarusian, Catalan (Valencian), Esperanto, Finnish,
352 * Fixed some leaks in the gnutls backend
359 * New/updated translations:
360 Basque, Brazilian Portuguese, Chinese (Traditional), Danish,
361 Hindi, Kannada, Marathi, Uyghur
365 * Added a new proxy backend, GProxyResolverGnome, that uses
366 GSettings and the network proxy schemas from
367 gsettings-desktop-schemas to provide proxy information (and using
368 a new D-Bus service provided by the libproxy backend to provide
371 If you are building glib-networking in a GNOME 3.0 environment,
372 you should make sure that gsettings-desktop-schemas.pc is
373 available when building, so that this backend gets built.
376 Assamese, Latvian, Oriya, Serbian
380 * Fixed broken libtool check in autogen.sh that failed for libtool
383 * New/updated translations:
384 Bengali (India), Catalan, Chinese (Simplified), Chinese
385 (Traditional), Czech, Dutch, Estonian, Galician, German,
386 Greek, Gujarati, Hebrew, Indonesian, Italian, Korean,
387 Norwegian (Bokmål), Polish, Punjabi, Slovenian, Spanish,
388 Swedish, Uyghur, Ukranian
392 * Fixed configure script to actually error out if installed glib
393 version is too old (Emilio Pozuelo Monfort)
395 * gnutls: updated GTlsClientConnectionGnutls for :accepted-cas type
397 * gnutls: fixed an uninitialized variable (Dan Winship)
401 * gnutls: finish implementing GTlsRehandshakeMode, which was present
402 but non-functional in 2.27.4
403 * gnutls: updates for glib TLS API changes
404 * gnutls: fix some async bugs that caused the main loop to spin
405 * gnutls: implement a client-side session cache, to speed up
408 * Compile with gcc warnings by default
412 * GNUTLS-based implementation of GTlsBackend
417 * No changes, just a version bump
422 * Initial release, with libproxy-based GProxyResolver