diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-09-20 16:44:51 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-09-21 13:09:40 +0200 |
commit | 39a6de929c1a6baa2b7914bfa89275b3ee4db0e2 (patch) | |
tree | 71e1700c0e74282dec4e6cb6eda439a48890da6e /NEWS | |
parent | cc54c334f8a1f77a03d4e26ed6ac9a3f132a463f (diff) | |
download | gnutls-39a6de929c1a6baa2b7914bfa89275b3ee4db0e2.tar.gz |
Provide a more flexible PKCS#11 search of trust store certificatestmp-pkcs11-lax-search
This addresses the problem where the CA certificate doesn't
have a subject key identifier whereas the end certificates
have an authority key identifier.
Resolves #569
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -20,6 +20,10 @@ See the end for copying conditions. ** libgnutls: The 'record size limit' extension is added and preferred to the 'max record size' extension when possible. +** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. + This addresses the problem where the CA certificate doesn't have a subject key + identifier whereas the end certificates have an authority key identifier (#569) + ** Added support for seperately negotiating client and server certificate types as defined in RFC7250. This mechanism must be explicitly enabled via the GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). |