doc update

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-12-08 10:59:02 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-12-08 10:59:02 +0100
commit: 6ab2480eeef00a20648df13e2597f8e976c670f4 (patch)
tree: e0133f69af105ca997b317385c196de847acacbe /NEWS
parent: 52fc6ac3242415a5dbd87370720e4f978a5c30ad (diff)
download: gnutls-6ab2480eeef00a20648df13e2597f8e976c670f4.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index c9acdfdf25..d507481da1 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,11 @@ See the end for copying conditions.
    parsing errors in the extensions field and treat it as a typical Hello
    message structure. Reported by Hubert Kario (#40)
 
+** libgnutls: On a rehandshake ensure that the certificate of the peer (if
+   available) is the same as in previous handshakes. That is to protect
+   applications which do not check user credentials on rehandshakes from
+   attacks related to unsafe renegotiation.
+
 ** certtool: Added the --provable option.
 
 ** API and ABI modifications:
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-12-08 10:59:02 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-12-08 10:59:02 +0100
commit	6ab2480eeef00a20648df13e2597f8e976c670f4 (patch)
tree	e0133f69af105ca997b317385c196de847acacbe /NEWS
parent	52fc6ac3242415a5dbd87370720e4f978a5c30ad (diff)
download	gnutls-6ab2480eeef00a20648df13e2597f8e976c670f4.tar.gz