** libgnutls: Depend on p11-kit 0.19.1 or later.
+** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
+configure option --with-default-trust-store-pkcs11), then the PKCS #11
+token is used on demand to obtain the trusted anchors, rather than
+preloading all trusted certificates. That allows CA certificate management
+to occur outside the process boundaries.
+
** API and ABI modifications:
gnutls_privkey_generate: Added
gnutls_fips140_mode_enabled: Added