doc updatetmp-idna-hostname-backports

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-04-30 13:01:06 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-04-30 13:10:00 +0200
commit: d304bf83bdc865fb2833af03cdb3c062c51c4218 (patch)
tree: 924fbc1ed8248cedde4890210279863738119384
parent: f96ea78f7634de2e00c4aafadce0ede48c055956 (diff)
download: gnutls-tmp-idna-hostname-backports.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b669d8453c..49a41fa87e 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,15 @@ See the end for copying conditions.
 
 ** libgnutls: enabled TCP Fast open for MacOSX. Patch by Tim Ruehsen.
 
+** libgnutls: gnutls_x509_crt_check_hostname2() no longer matches IP addresses
+   against DNS fields of certificate (CN or DNSname). The previous behavior
+   was to tolerate some misconfigured servers, but that was non-standard
+   and skipped any IP constraints present in higher level certificates.
+
+** libgnutls: when converting to IDNA2008, fallback to IDNA2003 (i.e., transitional
+   encoding) if the domain cannot be converted. That provides maximum compatibility
+   with browsers like firefox that perform the same conversion.
+
 ** certtool: made printing of key ID and key PIN consistent between certificates,
    public keys, and private keys. That is the private key printing now uses the
    same format as the rest.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-04-30 13:01:06 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-04-30 13:10:00 +0200
commit	d304bf83bdc865fb2833af03cdb3c062c51c4218 (patch)
tree	924fbc1ed8248cedde4890210279863738119384
parent	f96ea78f7634de2e00c4aafadce0ede48c055956 (diff)
download	gnutls-tmp-idna-hostname-backports.tar.gz