handshake: enhance same certificate checks to apply to PSK/SRP username

That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake clients will not be allowed to present another certificate than the original, or change their username for PSK or SRP ciphersuites.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-04-29 10:23:45 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-04-29 10:30:03 +0200
commit: 9466b800f03a91ef1538dc6f562d58b4607b88e6 (patch)
tree: 88385ec566a43015cd9598feb7b2d4ad3022e815 /NEWS
parent: 96cca97371237e31e6c98d705cd31f6b3b268d25 (diff)
download: gnutls-9466b800f03a91ef1538dc6f562d58b4607b88e6.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 08e183f866..fe9e94c7b9 100644
--- a/NEWS
+++ b/NEWS
@@ -22,7 +22,7 @@ See the end for copying conditions.
    available) is the same as in previous handshakes. That is to protect
    applications which do not check user credentials on rehandshakes from
    attacks related to unsafe renegotiation. This can be overriden using
-   the %GNUTLS_ALLOW_CERT_CHANGE flag in gnutls_init().
+   the %GNUTLS_ALLOW_ID_CHANGE flag in gnutls_init().
 
 ** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate
    parsing errors in the extensions field and treat it as a typical Hello
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-04-29 10:23:45 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-04-29 10:30:03 +0200
commit	9466b800f03a91ef1538dc6f562d58b4607b88e6 (patch)
tree	88385ec566a43015cd9598feb7b2d4ad3022e815 /NEWS
parent	96cca97371237e31e6c98d705cd31f6b3b268d25 (diff)
download	gnutls-9466b800f03a91ef1538dc6f562d58b4607b88e6.tar.gz