Provide a more flexible PKCS#11 search of trust store certificatestmp-pkcs11-lax-search

This addresses the problem where the CA certificate doesn't have a subject key identifier whereas the end certificates have an authority key identifier. Resolves #569 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-09-20 16:44:51 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-09-21 13:09:40 +0200
commit: 39a6de929c1a6baa2b7914bfa89275b3ee4db0e2 (patch)
tree: 71e1700c0e74282dec4e6cb6eda439a48890da6e /NEWS
parent: cc54c334f8a1f77a03d4e26ed6ac9a3f132a463f (diff)
download: gnutls-39a6de929c1a6baa2b7914bfa89275b3ee4db0e2.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 96fac0299d..d1b52f7db8 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,10 @@ See the end for copying conditions.
 ** libgnutls: The 'record size limit' extension is added and preferred to the
    'max record size' extension when possible.
 
+** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
+   This addresses the problem where the CA certificate doesn't have a subject key
+   identifier whereas the end certificates have an authority key identifier (#569)
+
 ** Added support for seperately negotiating client and server certificate types as
    defined in RFC7250. This mechanism must be explicitly enabled via the
    GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-09-20 16:44:51 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-09-21 13:09:40 +0200
commit	39a6de929c1a6baa2b7914bfa89275b3ee4db0e2 (patch)
tree	71e1700c0e74282dec4e6cb6eda439a48890da6e /NEWS
parent	cc54c334f8a1f77a03d4e26ed6ac9a3f132a463f (diff)
download	gnutls-39a6de929c1a6baa2b7914bfa89275b3ee4db0e2.tar.gz