doc update

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2016-06-14 14:37:12 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2016-06-14 14:37:12 +0200
commit: f005744d9445a60b9539df4c17b827ec8073639f (patch)
tree: 83fc4509215fe9ad36f24f3d2a68fdbaf6a8a183 /NEWS
parent: 059a6cd87bf3331be55288f1ca4877b4d7b77809 (diff)
download: gnutls-f005744d9445a60b9539df4c17b827ec8073639f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index bbbbaffc68..76fe58b006 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,9 @@ See the end for copying conditions.
    implemented the RFC7633 TLSFeature for OCSP status request extension.
    Feature implemented by Tim Kosse.
 
+** libgnutls: More strict OCSP staple verification. That is, no longer
+   ignore invalid or too old OCSP staples.
+
 ** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key
    purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This
    improves interoperability with several old intermediate CA certificates
@@ -29,6 +32,7 @@ See the end for copying conditions.
    wireshark.
 
 ** API and ABI modifications:
+GNUTLS_CERT_INVALID_OCSP_STATUS: Added
 gnutls_x509_crt_set_crq_extension_by_oid: Added
 gnutls_x509_ext_import_tlsfeatures: Added
 gnutls_x509_ext_export_tlsfeatures: Added
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2016-06-14 14:37:12 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2016-06-14 14:37:12 +0200
commit	f005744d9445a60b9539df4c17b827ec8073639f (patch)
tree	83fc4509215fe9ad36f24f3d2a68fdbaf6a8a183 /NEWS
parent	059a6cd87bf3331be55288f1ca4877b4d7b77809 (diff)
download	gnutls-f005744d9445a60b9539df4c17b827ec8073639f.tar.gz