Version 1.10.2, 2012-06-17 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Several TLS bugs were fixed in this release, including a major omission that the renegotiation extension was not being used. As the 1.10 implementation of TLS does not properly support renegotiation, the approach in this release is simply to send the renegotiation extension SCSV, which should protect the client against any handshake splicing. In addition renegotiation attempts are handled properly instead of causing handshake failures - all hello requests, and all client hellos after the initial negotiation, are ignored. Some bugs affecting DSA server authentication were also fixed. By popular request, ``Pipe::reset`` no longer requires that message processing be completed, a requirement that caused problems when a Filter's end_msg call threw an exception, after which point the Pipe object was no longer usable. Support for getting entropy using the rdrand instruction introduced in Intel's Ivy Bridge processors has been added. In previous releases, the ``CPUID::has_rdrand`` function was checking the wrong cpuid bit, and would false positive on AMD Bulldozer processors. An implementation of SRP-6a compatible with the specification in RFC 5054 is now available in ``srp6.h``. In 1.11, this is being used for TLS-SRP, but may be useful in other environments as well. An implementation of the Camellia block cipher was added, again largely for use in TLS. If ``clock_gettime`` is available on the system, hres_timer will poll all the available clock types. AltiVec is now detected on IBM POWER7 processors and on OpenBSD systems. The OpenBSD support was contributed by Brad Smith. The Qt mutex wrapper was broken and would not compile with any recent version of Qt. Taking this as a clear indication that it is not in use, it has been removed. Avoid setting the soname on OpenBSD, as it doesn't support it (PR 158) A compilation problem in the dynamic loader that prevented using dyn_load under MinGW GCC has been fixed. A common error for people using MinGW is to target GCC on Windows, however the 'Windows' target assumes the existence of Visual C++ runtime functions which do not exist in MinGW. Now, configuring for GCC on Windows will cause the configure.py to warn that likely you wanted to configure for either MinGW or Cygwin, not the generic Windows target. A bug in configure.py would cause it to interpret `--cpu=s390x` as `s390`. This may have affected other CPUs as well. Now configure.py searches for an exact match, and only if no exact match is found will it search for substring matches. An incompatability in configure.py with the subprocess module included in Python 3.1 has been fixed (PR 157). The exception catching syntax of configure.py has been changed to the Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but not with any earlier Python 2 release. A simple search and replace will allow running it under Python 2.5:: perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py Note that Python 2.4 is not supported at all.