Merge branch 'tmp-key-usage' into 'master'

When negotiating TLS1.3 enforce certificate key usage Closes #690 See merge request gnutls/gnutls!902
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2019-02-08 17:42:10 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2019-02-08 17:42:10 +0000
commit: 810758516a79ce42e9d8ed3ec6dcdb1696a58bb3 (patch)
tree: 5077c72452fd438daf3f24a13b331fbfc1c35d2b /NEWS
parent: aa33d738ec96f86671c2d4bb254d8e30a57213cc (diff)
parent: 3ccc01f8383e28ac9819fec5530926f7484400e7 (diff)
download: gnutls-810758516a79ce42e9d8ed3ec6dcdb1696a58bb3.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index bfc895f0f3..af6aee6872 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,18 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc.
 Copyright (C) 2013-2017 Nikos Mavrogiannopoulos
 See the end for copying conditions.
 
+* Version 3.6.7 (unreleased)
+
+** libgnutls: enforce key usage limitations on certificates more actively.
+   Previously we would enforce it for TLS1.2 protocol, now we enforce it
+   even when TLS1.3 is negotiated, or on client certificates as well. When
+   an inappropriate for TLS1.3 certificate is seen on the credentials structure
+   GnuTLS will disable TLS1.3 support for that session (#690).
+
+** API and ABI modifications:
+No changes since last version.
+
+
 * Version 3.6.6 (released 2019-01-25)
 
 ** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-02-08 17:42:10 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-02-08 17:42:10 +0000
commit	810758516a79ce42e9d8ed3ec6dcdb1696a58bb3 (patch)
tree	5077c72452fd438daf3f24a13b331fbfc1c35d2b /NEWS
parent	aa33d738ec96f86671c2d4bb254d8e30a57213cc (diff)
parent	3ccc01f8383e28ac9819fec5530926f7484400e7 (diff)
download	gnutls-810758516a79ce42e9d8ed3ec6dcdb1696a58bb3.tar.gz