doc update

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Wed, 1 Mar 2017 11:51:47 +0000 (12:51 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 2 Mar 2017 15:03:27 +0000 (16:03 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 1 Mar 2017 11:51:47 +0000 (12:51 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 2 Mar 2017 15:03:27 +0000 (16:03 +0100)
diff --git a/NEWS b/NEWS

index 5630900e52cf84726e7cdb2c8020587d0193eaf1..b4a9aa408908bedf5ea785d3af63811829725818 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -23,12 +23,19 @@ See the end for copying conditions.
     list. It has to be explicitly enabled, e.g., with a string like
     "NORMAL:+3DES-CBC".
  
+** libgnutls: PKIX certificates with unknown critical extensions are rejected
+   on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS. This
+   behavior can be overriden by providing the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS
+   to verification functions. Resolves gitlab issue #177.
+
  ** certtool: the option '--load-ca-certificate' can now accept PKCS#11
     URLs in addition to files.
  
  ** API and ABI modifications:
  gnutls_x509_crt_set_flags: Added
  GNUTLS_X509_CRT_FLAG_IGNORE_SANITY: Added
+GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: Added
+GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS: Added
  
  
  * Version 3.5.7 (released 2016-12-8)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Wed, 1 Mar 2017 11:51:47 +0000 (12:51 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 2 Mar 2017 15:03:27 +0000 (16:03 +0100)