doc update

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2016-06-14 16:35:55 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2016-06-14 16:35:55 +0200
commit: 08bb75574630dc9908850c45e49771f5244f10cf (patch)
tree: 761949f0fa25e0b8975a441e81594c54d8b61e64 /NEWS
parent: 93ec0d176dedac1afa3bcf398f5f638717cf0a56 (diff)
download: gnutls-08bb75574630dc9908850c45e49771f5244f10cf.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 4cc2b5fb36..0f28cfda5e 100644
--- a/NEWS
+++ b/NEWS
@@ -16,7 +16,10 @@ See the end for copying conditions.
    Feature implemented by Tim Kosse.
 
 ** libgnutls: More strict OCSP staple verification. That is, no longer
-   ignore invalid or too old OCSP staples.
+   ignore invalid or too old OCSP staples. The previous behavior was
+   to rely on application use gnutls_ocsp_status_request_is_checked(),
+   while the new behavior is to include OCSP verification by default
+   and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error.
 
 ** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key
    purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2016-06-14 16:35:55 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2016-06-14 16:35:55 +0200
commit	08bb75574630dc9908850c45e49771f5244f10cf (patch)
tree	761949f0fa25e0b8975a441e81594c54d8b61e64 /NEWS
parent	93ec0d176dedac1afa3bcf398f5f638717cf0a56 (diff)
download	gnutls-08bb75574630dc9908850c45e49771f5244f10cf.tar.gz