diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2020-01-15 09:46:38 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2020-01-15 12:48:49 +0100 |
commit | 6ab20d77120f818522863bd43cab20541e0afa57 (patch) | |
tree | c808afd5347e36c7ad2fbf4d5974531c3117b315 /NEWS | |
parent | 0ddd79afb47149cd49690b3a89b9a8ca79acd29b (diff) | |
download | gnutls-6ab20d77120f818522863bd43cab20541e0afa57.tar.gz |
tls13: do not send OCSP responses as client without server requesting
In client side ensure we see a request for OCSP from servers before
sending one.
Relates: #876
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -41,6 +41,9 @@ See the end for copying conditions. to accepting it. This addresses the problem of accepting CAs which would have been marked as insecure otherwise (#877). +** libgnutls: On client side only send OCSP staples if they have been requested + by the server (#876). + ** libgnutls: The default-priority-string added to system configuration to allow overriding compiled-in default-priority-string. @@ -56,6 +59,7 @@ See the end for copying conditions. ** API and ABI modifications: GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Added +GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Added gnutls_ocsp_req_const_t: Added |