x509: do not tolerate invalid DER time

This effectively reverts !400 and ensures that we no longer tolerate invalid DER time. This complements the previous commit by Lili Quan and ensures we provide the --disable-strict-der-time backwards compatibility option. Resolves: #207 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2019-12-23 20:20:58 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2019-12-26 07:46:43 +0100
commit: 49d27a55031e72ade52984f5cd94e82e97b46228 (patch)
tree: 373f1d010011a93d7f246e79ce3de996d45d256a /NEWS
parent: 58a45b8c2fbf2f0ff22e1c7c7762d0cb00855df9 (diff)
download: gnutls-49d27a55031e72ade52984f5cd94e82e97b46228.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 67051289ab..51f1f05779 100644
--- a/NEWS
+++ b/NEWS
@@ -10,7 +10,10 @@ See the end for copying conditions.
 ** libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
    with gnutls_ocsp_req_t but const.
 
-** libgnutls: Reject certificates with invalid characters in Time fields (#870).
+** libgnutls: Reject certificates with invalid time fields. That is we reject
+   certificates with invalid characters in Time fields, or invalid time formatting
+   To continue accepting the invalid form compile with --disable-strict-der-time
+   (#207, #870).
 
 ** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
    draft-smyshlyaev-tls12-gost-suites-06).
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-12-23 20:20:58 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2019-12-26 07:46:43 +0100
commit	49d27a55031e72ade52984f5cd94e82e97b46228 (patch)
tree	373f1d010011a93d7f246e79ce3de996d45d256a /NEWS
parent	58a45b8c2fbf2f0ff22e1c7c7762d0cb00855df9 (diff)
download	gnutls-49d27a55031e72ade52984f5cd94e82e97b46228.tar.gz