Merge branch 'tmp-pkcs11-lax-search' into 'master'

Provide a less restrictive PKCS#11 search of certificates Closes #569 See merge request gnutls/gnutls!757
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-09-24 10:44:39 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2018-09-24 10:44:39 +0000
commit: c64fc97523570a72abc3a58a0b85cbb3da231067 (patch)
tree: b169c97a8154e2d6688a1c81c8b598eb3a4ec77e /NEWS
parent: 727a7f70684a3df439f05a57f97d737e79b287fb (diff)
parent: 39a6de929c1a6baa2b7914bfa89275b3ee4db0e2 (diff)
download: gnutls-c64fc97523570a72abc3a58a0b85cbb3da231067.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 8034a4ea09..b6539fd9f7 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,10 @@ See the end for copying conditions.
 ** libgnutls: The 'record size limit' extension is added and preferred to the
    'max record size' extension when possible.
 
+** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
+   This addresses the problem where the CA certificate doesn't have a subject key
+   identifier whereas the end certificates have an authority key identifier (#569)
+
 ** Added support for seperately negotiating client and server certificate types as
    defined in RFC7250. This mechanism must be explicitly enabled via the
    GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-09-24 10:44:39 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-09-24 10:44:39 +0000
commit	c64fc97523570a72abc3a58a0b85cbb3da231067 (patch)
tree	b169c97a8154e2d6688a1c81c8b598eb3a4ec77e /NEWS
parent	727a7f70684a3df439f05a57f97d737e79b287fb (diff)
parent	39a6de929c1a6baa2b7914bfa89275b3ee4db0e2 (diff)
download	gnutls-c64fc97523570a72abc3a58a0b85cbb3da231067.tar.gz