doc updategnutls_3_5_x-tolerate-invalid-time

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-06-05 13:42:39 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-06-05 13:43:10 +0200
commit: 3f319435f54e4d1c1f5ffc3dbc88518048b61f51 (patch)
tree: 195b69dfa30b6d55179af81eedb3c70a36bd6942
parent: 1d69e9bf52815072460118d53800e81a65dc1f19 (diff)
download: gnutls_3_5_x-tolerate-invalid-time.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 78d77f23f1..e7194f0ee9 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,13 @@ See the end for copying conditions.
    side caused by packets containing the ResponseID field. Reported
    by Hubert Kario.
 
+** libgnutls: tolerate certificates which do not have strict DER time encoding.
+   It is possible using 3rd party tools to generate certificates with the time fields
+   that do not conform to DER requirements. Since 3.4.x these certificates are rejected
+   and cannot be used with GnuTLS, however that caused problems with existing private
+   certificate infrastructures, which were relying on such certificates (see gitlab
+   issue #196). Tolerate reading and using these certificates.
+
 ** minitasn1: updated to libtasn1 4.11.
 
 ** certtool: allow multiple certificates to be used in --p7-sign with
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-06-05 13:42:39 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-06-05 13:43:10 +0200
commit	3f319435f54e4d1c1f5ffc3dbc88518048b61f51 (patch)
tree	195b69dfa30b6d55179af81eedb3c70a36bd6942
parent	1d69e9bf52815072460118d53800e81a65dc1f19 (diff)
download	gnutls_3_5_x-tolerate-invalid-time.tar.gz