tls13: do not send OCSP responses as client without server requesting

In client side ensure we see a request for OCSP from servers before sending one. Relates: #876 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2020-01-15 09:46:38 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2020-01-15 12:48:49 +0100
commit: 6ab20d77120f818522863bd43cab20541e0afa57 (patch)
tree: c808afd5347e36c7ad2fbf4d5974531c3117b315 /NEWS
parent: 0ddd79afb47149cd49690b3a89b9a8ca79acd29b (diff)
download: gnutls-6ab20d77120f818522863bd43cab20541e0afa57.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 68a36e7ec1..23b4859682 100644
--- a/NEWS
+++ b/NEWS
@@ -41,6 +41,9 @@ See the end for copying conditions.
    to accepting it. This addresses the problem of accepting CAs which would
    have been marked as insecure otherwise (#877).
 
+** libgnutls: On client side only send OCSP staples if they have been requested
+   by the server (#876).
+
 ** libgnutls: The default-priority-string added to system configuration
    to allow overriding compiled-in default-priority-string.
 
@@ -56,6 +59,7 @@ See the end for copying conditions.
 
 ** API and ABI modifications:
 GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Added
+GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Added
 gnutls_ocsp_req_const_t: Added
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-01-15 09:46:38 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-01-15 12:48:49 +0100
commit	6ab20d77120f818522863bd43cab20541e0afa57 (patch)
tree	c808afd5347e36c7ad2fbf4d5974531c3117b315 /NEWS
parent	0ddd79afb47149cd49690b3a89b9a8ca79acd29b (diff)
download	gnutls-6ab20d77120f818522863bd43cab20541e0afa57.tar.gz