diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-12-19 09:37:34 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-12-19 20:13:47 +0100 |
commit | 1abb4298398ec6a942dc77384a19b3e3a2392341 (patch) | |
tree | 535697628d8d8745d51ab70cbfbb56ee9bbb2112 /NEWS | |
parent | 88b3fb2978558eb319eebdf776ac60884359a573 (diff) | |
download | gnutls-1abb4298398ec6a942dc77384a19b3e3a2392341.tar.gz |
_gnutls_verify_crt_status: apply algorithm checks to trusted CAs
If a CA is found in the trusted list, check in addition to
time validity, whether the algorithms comply to the expected
level. This addresses the problem of accepting CAs which would
have been marked as insecure otherwise.
Resolves: #877
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -27,6 +27,11 @@ See the end for copying conditions. verification profile. Use '--verify-profile low' for certificate verification to apply the 'NORMAL' verification profile. +** libgnutls: If a CA is found in the trusted list, check in addition to + time validity, whether the algorithms comply to the expected level prior + to accepting it. This addresses the problem of accepting CAs which would + have been marked as insecure otherwise (#877). + ** API and ABI modifications: gnutls_ocsp_req_const_t: Added |